Patent application number | Description | Published |
20080263672 | Protecting sensitive data intended for a remote application - A method and apparatus is provided of protecting sensitive data input via an input device of a processing platform from a data logger, the sensitive data being user account data intended for a remote application. To protect the sensitive data, the data is used as a password in a secure, password-authenticated key agreement protocol executed between a security entity and the remote application, the security entity being installed in the input device or in secure communication therewith. In one preferred embodiment the input device is a keyboard and the security entity is a unit installed in the keyboard and selectively operable in a pass-through mode and a security mode. | 10-23-2008 |
20090019285 | Establishing a Trust Relationship Between Computing Entities - A first computing entity provides evidence to a second computing entity to demonstrate that the first computing entity has a trusted configuration specification that is one of a set of such specifications agreed between the computing entities. This evidence comprises a computed commitment, made using (but not revealing) the configuration specification of the first computing entity, and a ring signature generated using a plurality of keys where each such key is generated using the commitment and one of the trusted configuration specifications. The second computing entity verifies the ring signature in order to convince itself that the configuration specification of the first computing entity is in the set. | 01-15-2009 |
20090208018 | DATA TRANSFER DEVICE - A data transfer device for transferring data to a removable data storage item. The data transfer device receives content data to be stored to the removable data storage item, encrypts the content data using an encryption key, and transforms at least one of predetermined reference data and the encryption key. The data transfer device also encrypts the transformed predetermined reference data using the encryption key or encrypts the predetermined reference data using the transformed encryption key, and then stores the encrypted content data and the encrypted transformed/predetermined reference data to the removable data storage item. | 08-20-2009 |
20090210705 | Revocation for direct anonymous attestation - Direct Anonymous Attestation involves a Signer using a credential supplied by an Issuer to anonymously prove to a Verifier, on the basis of a public key of the Issuer, the Issuer's attestation to the Signer's membership of a particular group. To facilitate membership revocation, the Issuer updates the public key at intervals, and also effects a complementary updating to the Signer's credential unless the Signer has ceased to be a legitimate group member. A non-updated credential is inadequate to enable the Signer to prove its Issuer attested group membership to a Verifier on the basis of the updated Issuer public key. | 08-20-2009 |
20090210716 | Direct anonymous attestation using bilinear maps - Direct Anonymous Attestation, DAA, involves a Signer entity using a credential supplied by an Issuer to attest its possession of a particular characteristic to a Verifier without the identity of the Signer being revealed. Security and performance improvements are disclosed where DAA is performed using a non-degenerate, computable, bilinear map with the credential being a CL-LRSW signature on a secret known only to the Signer. | 08-20-2009 |
20100161998 | Associating a Signing key with a Software Component of a Computing Platform - A method and system is provided for operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set. | 06-24-2010 |
20100287315 | Shared Secret Used Between Keyboard And Application - A system comprises a processor which executes an operating system and an application. The system also comprises a keyboard coupled to the processor. The keyboard and application share a shared secret that is used to encode keyboard data provided from the keyboard to the application. The shared secret is not known or accessible to the operating system. | 11-11-2010 |
20110280402 | METHODS AND SYSTEMS FOR UTILIZING CRYPTOGRAPHIC FUNCTIONS OF A CRYPTOGRAPHIC CO-PROCESSOR - A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor. | 11-17-2011 |
20110302421 | Authentication Method And Apparatus Using One Time Pads - An authentication method is provided between entities ( | 12-08-2011 |
20120239714 | DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system includes a document. One or more of a plurality of map-files of the document correspond(s) with a step of a multi-step workflow associated with the document. A random nonce is generated for each of the steps of the multi-step workflow except for an initial step of the multi-step workflow. Each of the random nonces i) is incorporated as a map-file entry into a respective one of the plurality of map-files corresponding with a step of the multi-step workflow that directly precedes the step of the multi-step workflow for which the random nonce is generated and ii) is used to perform a nonce-based initiating operation a respective one of the plurality of map-files corresponding with the step of the multi-step workflow for which the random nonce is generated. | 09-20-2012 |
20120278628 | Digital Signature Method and System - A digital signature method, a method for initialising a digital signature scheme, a system for digitally signing a message and a computer program product are described. At least the digital signature method involves a signer having a weak security parameter. The signer retrieves a cryptographic element from each of a plurality of computing entities. Each cryptographic element is a function of a commitment supplied by the signer and the commitment includes a cryptographic function of a weak security parameter provided by the signer. A strong cryptographic security parameter is generated using a plurality of said elements. A message is then signed according to the digital signature scheme using the strong cryptographic security parameter to generate a digital signature. | 11-01-2012 |
20120278631 | DOCUMENT MANAGEMENT SYSTEM AND METHOD - A document management system and method are disclosed herein. An example of the document management system includes a composite document generation module that generates a composite document and a secret seed that is associated with an owner or initiator of the composite document, and a key derivation module that derives, from the secret seed and using a key derivation function, at least one of a key for encryption, a key for decryption, a key for signature, or a key for verification for a participant of a workflow associated with the composite document. | 11-01-2012 |
20130061056 | EXTENDING AN INTEGRITY MEASUREMENT - A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement. | 03-07-2013 |
20130159713 | AUTHENTICATION METHOD - An authentication method of a first module by a second module includes the steps of generating a first random datum by the second module to be sent to the first module, generating a first number by the first module starting from the first datum and by way of a private key, and generating a second number by the second module to be compared with the first number, so as to authenticate the first module. The step of generating the second number is performed starting from public parameters and is independent of the step of generating the first number. | 06-20-2013 |
20130198255 | WORKFLOW TERMINATION DETECTION AND WORKFLOW RECOVERY - Detecting a workflow termination. An object with embedded access control is sent to a next participant in a workflow, wherein the embedded access control is provided and enforced by placing a subset of access keys for individual content-parts into a unique key-map entry for each participant, wherein the object is a Publicly Posted Composite Document. A workflow termination is detected after failure to receive a confirmation token from the next participant after a specified condition is not met. | 08-01-2013 |
20130198524 | OBJECT WITH IDENTITY BASED ENCRYPTION - A workflow order is created for the object. Public parameters are received from a key generation center at a computer associated with an object master. A public key is generated at the computer system based on a user identifier and the public parameters, wherein the user identifier is comprised of user related information. The object is encrypted using the public key such that the object cannot be opened without the a private key, wherein the object is a composite document comprising multiple elements of documents of different formats, and wherein the private key is generated in response to a request from an authenticated user using the user identifier at the key generation center. Access to the multiple elements of the object is controlled based on workflow order. | 08-01-2013 |
20130212391 | ELLIPTIC CURVE CRYPTOGRAPHIC SIGNATURE - A method includes generating a randomized base point and causing the randomized base point and a private key to be loaded into a signature engine device. The method also includes signing a message using the randomized base point and the private key as a base point as well as the private key in an elliptic curve cryptographic (ECC) signature. | 08-15-2013 |
20130227281 | MANAGING DATA - One example discloses a data manager of a data collector (DCDM) | 08-29-2013 |
20130326602 | Digital Signatures - Apparatus and methods of creating digital signatures include storing a credential received from an external issuing entity at a host device associated with a signature engine. After agreeing on a message with a verifying entity, the host device may transmit a version of the credential with a signature from the associated signature engine for the message to the verifying entity. The verifying entity may determine from the version of the credential and the digital signature whether the credential originated from a trusted issuing entity. | 12-05-2013 |
20140119540 | POLICY-BASED DATA MANAGEMENT - Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided. | 05-01-2014 |
20140173274 | CREDENTIAL VALIDATION - A message to be signed and a base name point derived from a direct anonymous attestation (DAA) credential may be provided to a device. A signed version of the message and a public key value associated with the base name point may be received in response. Thereafter, the DAA credential may be determined to be valid based on the signed version of the message. | 06-19-2014 |
20140366140 | ESTIMATING A QUANTITY OF EXPLOITABLE SECURITY VULNERABILITIES IN A RELEASE OF AN APPLICATION - Examples disclosed herein relate to estimating a quantity of exploitable security vulnerabilities in a release of an application. Examples include acquiring a source code analysis result representing a number of source code issues identified by source code analysis in a target release of an application. Examples further include estimating a quantity of exploitable security vulnerabilities contained in the target release of the application based on the source code analysis result and metrics for a plurality of historic releases of the application. | 12-11-2014 |
20160078239 | DATA MANAGEMENT - An example method for managing data in accordance with aspects of the present disclosure includes receiving from a user in the computer network environment a policy about how a piece of data should be treated, an encryption of the piece of data, a signature of a cryptographic hash of the policy and a cryptographic key, requesting from a trust authority the cryptographic key to access the piece of data, transmitting an encryption of at least one share to the trust authority, wherein the at least one share is created by and received from the trust authority, receiving from the trust authority the cryptographic key, wherein the cryptographic key is recreated by a combiner using a subset of the at least one share, shares associated with the trust authority and shares associated with the combiner, and decrypting the encryption of the piece of data using the recreated cryptographic key. | 03-17-2016 |
20160112456 | POLICY-BASED DATA MANAGEMENT - Compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided. | 04-21-2016 |