Binding secure keys of secure guests to a hardware security module

    公开(公告)号:IL285112A

    公开(公告)日:2021-09-30

    申请号:IL28511221

    申请日:2021-07-25

    Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

    SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING
    2.
    发明申请
    SYSTEM FOR ENABLING DIGITAL SIGNATURE AUDITING 审中-公开
    启用数字签名审核系统

    公开(公告)号:WO2012123833A1

    公开(公告)日:2012-09-20

    申请号:PCT/IB2012/050798

    申请日:2012-02-22

    CPC classification number: H04L9/3247 H04L2209/38

    Abstract: The invention is notably directed to methods and systems for enabling digital signature auditing (S41). The methods are implemented in a computerized system (1) comprising a server (10) communicating with applications (A, B, C), and comprising, at the server, steps of: - receiving (S13) one or more signature requests (a i, b i, c i ) issued by one or more of the applications; - forwarding (S14) first data corresponding to the received signature requests to one or more signing entities (Sig – 4 ) for subsequent signature of the first data; - storing (S16) an updated system state (s n+ ), computed (S15) using a function of: - a reference system state (s n ); and - second data (a i, b i, c i, A i, B i, C i ) corresponding to the received signature requests, whereby the reference system state and the updated system state attest to 1 the signature requests; and - repeating the above steps (S12 – S16), using the updated system state (s n+ ) as a new reference system state.

    Abstract translation: 本发明特别涉及用于启用数字签名审核的方法和系统(S41)。 该方法在包括与应用(A,B,C)通信的服务器(10)的计算机系统(1)中实现,并且在服务器处包括以下步骤: - 接收(S13)一个或多个签名请求(ai ,bi,ci)由一个或多个申请发出; - 将与所接收的签名请求对应的第一数据转发(S14)给一个或多个签名实体(Sig-4),用于随后的第一数据签名; - 使用以下功能存储(S16)更新的系统状态(s n +),计算(S15): - 参考系统状态(s n); 对应于接收到的签名请求的第二数据(a i,b i,c i,A i,B i,C i),由此参考系统状态和更新的系统状态证明签名请求; 以及 - 使用更新的系统状态(s n +)作为新的参考系统状态来重复上述步骤(S12-S16)。

    Binding secure keys of secure guests to a hardware security module

    公开(公告)号:IL285112B2

    公开(公告)日:2024-04-01

    申请号:IL28511221

    申请日:2021-07-25

    Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

    Binding secure keys of secure guests to a hardware security module

    公开(公告)号:IL285112B1

    公开(公告)日:2023-12-01

    申请号:IL28511221

    申请日:2021-07-25

    Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

    Binding secure keys of secure guests to a hardware security module

    公开(公告)号:IL285112D0

    公开(公告)日:2021-09-30

    申请号:IL28511221

    申请日:2021-07-25

    Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

    Scalable, highly available, dynamically reconfigurable cryptographic provider with quality-of-service control built from commodity backend providers
    7.
    发明授权
    Scalable, highly available, dynamically reconfigurable cryptographic provider with quality-of-service control built from commodity backend providers 有权
    可扩展的,高可用性的动态可重配置加密提供商,具有从商品后端提供商构建的服务质量控制

    公开(公告)号:US09251337B2

    公开(公告)日:2016-02-02

    申请号:US13095471

    申请日:2011-04-27

    CPC classification number: G06F21/53

    Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.

    Abstract translation: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器,用手柄嵌入商品服务提供商对象,将该句柄转换成硬件安全性可读的串行化对象 模块,从变换的句柄生成虚拟化句柄,根据序列化对象的特征选择目标硬件安全模块,并将虚拟化句柄映射到目标硬件安全模块。

    Enhanced-density barcode
    8.
    发明授权
    Enhanced-density barcode 失效
    增强密度条形码

    公开(公告)号:US08763906B2

    公开(公告)日:2014-07-01

    申请号:US13570829

    申请日:2012-08-09

    CPC classification number: G06K19/06028

    Abstract: A method of decoding a two-dimensional enhanced-density barcode. A first and a second barcode are encoded in the enhanced-density barcode. The enhanced-density barcode includes a set of blocks. Each block includes a predefined number of sub-pixels. The blocks of the enhanced-density barcode being arranged relatively to each other in a geometrical lattice having a first and a second lattice direction. The method includes the steps of distorting of the enhanced-density barcode in the first lattice direction, resulting in a first distorted barcode, distorting of the enhanced-density barcode in the second lattice direction, resulting in a second distorted barcode, reconstructing the first barcode by low-pass filtering the first distorted barcode, reconstructing the second barcode by low-pass filtering the second distorted barcode.

    Abstract translation: 一种解码二维增强密度条形码的方法。 在增强密度条形码中编码第一和第二条形码。 增强密度条形码包括一组块。 每个块包括预定数量的子像素。 增强密度条形码的块在具有第一和第二格子方向的几何格子中彼此相对地布置。 该方法包括以下步骤:使加强密度条形码在第一格子方向上失真,导致第一失真条形码,第二格子方向上增强密度条形码的失真,导致第二失真条形码,重建第一条形码 通过对第一失真条形码进行低通滤波,通过对第二失真条形码进行低通滤波来重构第二条形码。

    System and method of performing electronic transactions with encrypted data transmission
    9.
    发明授权
    System and method of performing electronic transactions with encrypted data transmission 有权
    使用加密数据传输执行电子交易的系统和方法

    公开(公告)号:US08601256B2

    公开(公告)日:2013-12-03

    申请号:US12402772

    申请日:2009-03-12

    Abstract: A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received.

    Abstract translation: 在服务器计算机和客户端计算机之间执行电子交易的系统和方法。 该方法通过网络实现具有加密数据传输和服务器与硬件设备之间的相互认证的通信协议,执行加密服务器响应的解密,将解密的服务器响应从硬件设备转发到客户端计算机,显示解密的服务器 在客户端显示器上的响应,接收从客户端计算机发送到服务器的请求,通过硬件设备解析客户端对预定义交易信息的请求,对客户端请求进行加密和转发,检测到显示预定义的事务信息,转发和加密 如果接收到用户确认,则将包含预定义交易信息的客户端请求发送到服务器,如果没有接收到用户确认,则取消该交易。

    SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS
    10.
    发明申请
    SCALABLE, HIGHLY AVAILABLE, DYNAMICALLY RECONFIGURABLE CRYPTOGRAPHIC PROVIDER WITH QUALITY-OF-SERVICE CONTROL BUILT FROM COMMODITY BACKEND PROVIDERS 有权
    可扩展的,高可用性的可重构的可重新制造的提供商,具有从商品后端供应商提供的服务质量控制

    公开(公告)号:US20120278820A1

    公开(公告)日:2012-11-01

    申请号:US13095471

    申请日:2011-04-27

    CPC classification number: G06F21/53

    Abstract: A system for remapping subsets of host-centric application programming interfaces to commodity service providers includes a processor configured to receive a commodity service providers object, embed the commodity service providers object with a handle, transform the handle into a serialized object readable by a hardware security module, generate a virtualized handle from the transformed handle, select a target hardware security module based on characteristics of the serialized object and map the virtualized handle to the target hardware security module.

    Abstract translation: 用于将以主机为中心的应用编程接口的子集重新映射到商品服务提供商的系统包括被配置为接收商品服务提供商对象的处理器,用手柄嵌入商品服务提供商对象,将该句柄转换成硬件安全性可读的串行化对象 模块,从变换的句柄生成虚拟化句柄,根据序列化对象的特征选择目标硬件安全模块,并将虚拟化句柄映射到目标硬件安全模块。

Patent Agency Ranking