公开(公告)号：KR20180052695A

公开(公告)日：2018-05-18

申请号：KR20187010029

申请日：2016-08-30

Applicant: QUALCOMM INC

Inventor： HARTLEY DAVID ,  AVANZI ROBERTO ,  CAMMAROTA ROSARIO

IPC: G06F21/12 ,  G06F21/60 ,  G06F21/62

CPC classification number: G06F12/1408 ,  G06F21/121 ,  G06F21/125 ,  G06F21/14 ,  G06F21/62 ,  G06F21/74 ,  G06F2212/1052 ,  G06F2221/0755

Abstract: 컴퓨팅디바이스에서소프트웨어를보호하기위한기술들이제공된다. 이기술들에따른방법은, 비-보안소프트웨어모듈로부터암호화된프로그램코드를포함하는보안소프트웨어모듈의명령을실행하라는요청을수신하는단계, 명령이보안소프트웨어모듈외부에서액세스가능한보안소프트웨어모듈로의제어된엔트리지점(controlled point of entry)과연관된명령을포함하는지를결정하는단계, 명령이보안소프트웨어모듈로의제어된엔트리지점과연관된명령을포함한다는것에응답하여보안소프트웨어모듈의하나또는그 초과의명령들을실행하는단계, 및비-보안소프트웨어모듈로실행을리턴하기위해보안소프트웨어모듈로부터의탈출(exit)을제어하는단계를포함한다.

公开(公告)号：KR20180017028A

公开(公告)日：2018-02-20

申请号：KR20177035387

申请日：2016-04-13

Applicant: QUALCOMM INC

Inventor： CHAN MICHAEL J T ,  XIAO LU ,  CAMMAROTA ROSARIO ,  BENOIT OLIVIER JEAN ,  SABNIS SAURABH ,  LIONG YIN LING ,  MOHAN MANISH

IPC: G06F21/60 ,  G06F21/62 ,  G06F21/64 ,  H04L29/06

CPC classification number: G06F21/604 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/64 ,  G06F2221/2101 ,  H04L63/0823 ,  H04L63/105

Abstract: 보안자산관리자를사용하여이행데이터문제를완화하기위한기술들이제공된다. 이러한기술들은애플리케이션에대한소스코드와연관된데이터엘리먼트가민감데이터엘리먼트임을표시하기위한데이터태그로소스코드를태깅하고, 민감데이터엘리먼트와연관된이행규칙들을포함하는정책파일에액세스하고, 그리고소스코드로부터애플리케이션에대한하나또는그보다많은객체파일들을생성함으로써보안자산관리자호환애플리케이션을생성하는것을포함한다. 이러한기술들은또한, 보안자산관리자에의해관리되는보안메모리영역에민감데이터엘리먼트를저장하는것, 그리고민감데이터엘리먼트가발생하는애플리케이션에의해민감데이터엘리먼트와연관된정책에따라민감데이터엘리먼트를관리하는것을포함하며, 정책은민감데이터엘리먼트와연관된이행규칙들을정의한다.

Abstract translation: 提供了使用安全资产管理器来缓解合规性数据问题的技术。 这些技术包括用数据标签标记源代码以指示与应用程序的源代码相关联的数据元素是敏感数据元素，访问包含与敏感数据元素相关联的迁移规则的策略文件， 并且/或者可以使用任何其他方法。 这些技术还包括将敏感数据元素存储在由安全资产管理器管理的安全存储器区域中，并且根据敏感数据元素出现的应用根据与敏感数据元素相关联的策略管理敏感数据元素 该策略定义了与敏感数据元素相关的转换规则。

公开(公告)号：ES2886539T3

公开(公告)日：2021-12-20

申请号：ES17764716

申请日：2017-08-25

Applicant: QUALCOMM INC

Inventor： CAMMAROTA ROSARIO ,  MALINEN JOUNI KALEVI ,  TINNAKORNSRISUPHAP PEERAPOL

IPC: H04W12/04 ,  H04L9/08 ,  H04W12/041 ,  H04W12/0471

Abstract: Un método realizado por un primer dispositivo (110) configurador de una red, que comprende: generar (310) un paquete de claves del configurador que incluye al menos una clave de firma privada del configurador asociada con el primer dispositivo (110) configurador; encriptar (320) al menos una porción del paquete de claves del configurador; y almacenar (330) el paquete de claves del configurador en una ubicación de almacenamiento como un respaldo para su posterior restauración por un segundo dispositivo (120) configurador, en donde se deriva una clave de verificación pública del configurador de la clave de firma privada del configurador o se obtiene del paquete de claves del configurador; en donde la clave de firma privada del configurador y la clave de verificación pública del configurador se comparten entre una pluralidad de configuradores (110, 120) de una primera red, y en donde cada uno de la pluralidad de configuradores (110; 120) puede usar la clave de firma privada del configurador y la clave de verificación pública del configurador de acuerdo con un protocolo de aprovisionamiento de dispositivo para configurar un dispositivo (150A, 150B) inscrito para la primera red.

公开(公告)号：CA3036803C

公开(公告)日：2021-11-16

申请号：CA3036803

申请日：2017-08-25

Applicant: QUALCOMM INC

Inventor： CAMMAROTA ROSARIO ,  MALINEN JOUNI KALEVI ,  TINNAKORNSRISUPHAP PEERAPOL

IPC: H04W4/50 ,  H04L9/30 ,  H04W12/041 ,  H04W12/0431

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) to support multiple configurators. In one aspect, a first configurator device can export a configurator key package. In one aspect, the configurator key package may be used for backup and restore of the configurator keys. The configurator key package may include a configurator private signing key and, optionally, a configurator public verification key. A second configurator device may obtain the configurator key package and also may obtain decryption information which can be used to decrypt the configurator key package. Thus, in another aspect, both the first configurator device and the second configurator device can use the same configurator keys with the device provisioning protocol to configure enrollees to a network.

公开(公告)号：CA3036803A1

公开(公告)日：2018-04-26

申请号：CA3036803

申请日：2017-08-25

Applicant: QUALCOMM INC

Inventor： CAMMAROTA ROSARIO ,  MALINEN JOUNI KALEVI ,  TINNAKORNSRISUPHAP PEERAPOL

IPC: H04W12/04 ,  H04L9/08

Abstract: This disclosure provides systems, methods, and apparatus, including computer programs encoded on computer storage media, for enhancing a device provisioning protocol (DPP) to support multiple configurators. In one aspect, a first configurator device can export a configurator key package. In one aspect, the configurator key package may be used for backup and restore of the configurator keys. The configurator key package may include a configurator private signing key and, optionally, a configurator public verification key. A second configurator device may obtain the configurator key package and also may obtain decryption information which can be used to decrypt the configurator key package. Thus, in another aspect, both the first configurator device and the second configurator device can use the same configurator keys with the device provisioning protocol to configure enrollees to a network.

公开(公告)号：WO2016190924A3

公开(公告)日：2017-01-05

申请号：PCT/US2016016959

申请日：2016-02-08

Applicant: QUALCOMM INC

Inventor： BENOIT OLIVIER JEAN ,  CAMMAROTA ROSARIO

IPC: H04L9/00 ,  G06F7/72

CPC classification number: H04L9/003 ,  H04L2209/08 ,  H04L2209/12

Abstract: A distributed technique for implementing a cryptographic process performs operations in parallel on both valid and irrelevant data to prevent differentiation of the operations based on an encryption key content. A control entity switches or points valid data to appropriate CPU(s) that are responsible for operations such as squaring or multiplying. Irrelevant data is also switched or pointed to appropriate CPU(s) that execute operations in parallel with the CPU(s) operating on the valid data. The distributed technique contributes to obscuring side channel analysis phenomena from observation, such that cryptographic operations cannot easily be tied to the content of the encryption key.

Abstract translation: 用于实现加密处理的分布式技术在有效和不相关的数据上并行地执行操作，以防止基于加密密钥内容的操作的区分。 控制实体将有效数据切换或指向适用于负责诸如平方或乘法运算的CPU。 不相关的数据也被切换或指向与在有效数据上运行的CPU并行执行操作的适当的CPU。 分布式技术有助于模糊观察到的侧信道分析现象，使得密码操作不能容易地与加密密钥的内容相关联。