WO2006124191A1 - Computer security system and method - Google Patents
Computer security system and method Download PDFInfo
- Publication number
- WO2006124191A1 WO2006124191A1 PCT/US2006/014999 US2006014999W WO2006124191A1 WO 2006124191 A1 WO2006124191 A1 WO 2006124191A1 US 2006014999 W US2006014999 W US 2006014999W WO 2006124191 A1 WO2006124191 A1 WO 2006124191A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- tpm
- agent
- authentication
- data
- storage key
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- Various types of sensitive information are generally stored on a computer system such as, but not limited to, passwords, personal information, authentication mechanisms and data, and various types of computer system access credentials.
- the sensitive information may be user-generated, software-generated, stored on the computer system at the factory, or otherwise generated and stored on the computer system.
- the sensitive information and/or security information used to protect such information or authenticate a user and/or agent requesting access to the sensitive information generally remains susceptible to hacking and/or discovery by unapproved or unauthenticated entities.
- FIGURE 1 is a diagram illustrating an embodiment of a computer security system in accordance with the present invention
- FIGURES 2A and 2B are diagrams illustrating example authentication and registration operations performed using the embodiment of the computer security system illustrated in FIGURE 1 ;
- FIGURE 3 is a diagram illustrating an example of a secure information access operation performed using the embodiment of the computer security system illustrated in FIGURE l;
- FIGURE 4 is a flow diagram illustrating an embodiment of a computer security method in accordance with the present invention.
- FIGURE 5 is a flow diagram illustrating another embodiment of a computer security method in accordance with the present invention.
- FIGURES 1-5 of the drawings like numerals being used for like and corresponding parts of the various drawings.
- FIGURE 1 is a diagram illustrating an embodiment of a computer security system 10 in accordance with the present invention.
- system 10 comprises a processor 12 communicatively coupled to a secure platform 13.
- secure platform 13 comprises a basic input/output system (BIOS) 14.
- BIOS basic input/output system
- processor 12 and secure platform 13 are also communicatively coupled to a trusted platform module (TPM) 16.
- TPM trusted platform module
- BIOS 14 comprises a security module 20 and a memory 22.
- Security module 20 may comprise software, hardware, a combination of software and hardware.
- security module 20 cooperates with TPM 16 to provide secure storage of sensitive information such as, but not limited to, platform and/or device-specific sensitive information (e.g., passwords, codes, and/or other types of sensitive information of which security is desired).
- security module 20 comprises a registration module 30, an authentication module 32 and an access module 34. Registration module 30 is used to receive sensitive information or data, cooperate with TPM 16 to encrypt the sensitive information, and store the encrypted sensitive information, identified as encrypted sensitive data 40, in memory 22.
- Authentication module 32 is used to authenticate or otherwise verify the identity of a source providing sensitive information to be protected or requesting access to the sensitive information.
- Access module 34 is used to cooperate with TPM 16 to decrypt the encrypted sensitive data 40 and provide or otherwise enable access to the decrypted sensitive information by a requesting entity.
- the sensitive information to be protected may comprise any type of information such as, but not limited to, information associated with initiating and/or accessing secure computer resources, a hard drive lock password, network access authorization information, and/or software application initiation or access passwords.
- memory 22 also comprises agent identification data 42 and. a TPM storage key 44.
- Agent identification data 42 comprises information associated with authenticating an identity of a trusted agent 50.
- Trusted agent 50 may comprise a user accessing system 10, a software application, such as a hard drive or disc encryption software application, or any other type of entity adapted to generate and/or provide sensitive information of which protection is desired and/or request access to secure or protected sensitive information.
- sensitive information may be generated or otherwise provided by another entity (e.g., a password or code generated by BIOS 14).
- authentication of trusted agent 50 may be performed using any type of secure authentication method such as, but not limited to, a series of handshake signals, query/response exchanges, or password verification.
- TPM storage key 44 is used by TPM 16 to encrypt the sensitive information for which security protection is desired.
- TPM storage key 44 comprises information generated and/or interpretable by TPM 16, such as an opaque binary large object (BLOB).
- BLOB opaque binary large object
- TPM storage key 44 is associated with trusted agent 50.
- TPM storage key 44 is generated by TPM 16 based on authentication of a particular user (e.g., based on a TPM 16 password or access credential provided by the particular user).
- TPM storage key 44 is associated with a particular software application or computer-based system such that TPM storage key 44 is generated by TPM 16 based on authentication of a particular software application or computer-cased system.
- TPM storage key 44 is associated with secure platform 13 (e.g., BIOS 14). In such an embodiment of the present invention, TPM storage key 44 is generated by TPM 16 based on authentication of secure platform 13 (e.g., via a TPM 16 password or credential provided by BIOS 14).
- FIGURES 2A and 2B are diagrams illustrating an embodiment of authentication and registration operations using system 10 in accordance with the present invention.
- the authentication and registration operations are performed for trusted agent 50 (e.g., a user of system 10 or a software application).
- the authentication and registration operations may be performed for other types of computer resource applications or systems (e.g., authentication and registration of BIOS-generated sensitive information).
- authentication module 32 performs an authentication operation by requesting or otherwise acquiring agent identification data 42 and authentication data 60 from trusted agent 50.
- agent identification data 42 comprises information corresponding to an identity of trusted agent 50 such as, but not limited to, a username or device serial number.
- Authentication data 60 comprises information associated with at least accessing and/or utilizing TPM 16 and/or otherwise verifying an identity of the agent 50 attempting to access or otherwise utilize TPM 16, such as, but not limited to, a TPM password or biometric.
- the authentication process may be performed for a single agent 50 or multiple agents 50 (i.e., such as multiple users in a shared computing environment and/or multiple software applications or systems).
- authentication module 32 verifies or otherwise authenticates the identity of agent 50 by verifying and/or otherwise authenticating agent identification data 42 and/or authentication data 60 associated with the trusted agent 50 (e.g., by comparing and/or correlating received agent identification data 42 and/or authentication data 60 with known or stored data and/or values).
- Authentication module 32 also performs at least a first stage of the registration operation. For example, in operation, authentication module 32 transmits authentication data 60 associated with agent 50 to TPM 16, and requests generation by TPM 16 of TPM storage key 44 based on authentication data 60.
- Registration module 30 receives and stores TPM storage key 44 (e.g., in memory 22 of BIOS 14).
- control of the registration operation may be passed from authentication module 32 to registration module 30 to request generation by TPM 16 of TPM storage key 44
- registration module 30 receives authentication data 60 associated with agent 50 from agent 50 and/or authentication module 32 and transmits authentication data 60 associated with agent 50 to TPM 16, and requests generation by TPM 16 of TPM storage key 44 based on authentication data 60.
- Sensitive data 70 comprises any type of information in which security is of a concern or which security is to be maintained such as, but not limited to, equipment or device passwords (e.g., a hard drive lock password) and access credentials (e.g., network and/or software application access credentials). However, it should also be understood that sensitive data 70 may be acquired from agent 50 during an earlier stage of the registration operation.
- equipment or device passwords e.g., a hard drive lock password
- access credentials e.g., network and/or software application access credentials
- registration module 30 transmits TPM storage key 44 and sensitive data 70 to TPM 16 and requests TPM 16 to encrypt sensitive data 70 using TPM storage key 44.
- TPM storage key(s) 44 are not stored by TPM 16 to further prevent access to TPM storage key(s) 44 by hostile sources.
- TPM 16 encrypts sensitive data 70 using TPM storage key 44, thereby forming encrypted sensitive data 40, and transmits encrypted sensitive data 40 to registration module 30.
- registration model 30 then stores, or causes to be stored, in memory 22 encrypted sensitive data 40.
- encrypted sensitive data 40 may be transmitted to another entity for storage (e.g., agent 50).
- agent 50 another entity for storage
- the registration operation is described in terms of multiple stages; however, it should be understood that the registration operation of FIGURES 2A and 2B may also be considered to be performed in a single stage.
- FIGURE 3 is a diagram illustrating a sensitive information access operation using system 10.
- security module 20 requests or otherwise receives from agent 50 information for authenticating an identity of agent 50 requesting access to the sensitive information (e.g., at least when access to sensitive information is not temporal with a process in which the identity of agent has been previously authenticated or as otherwise designated by security policies).
- authentication module 32 receives or otherwise acquires from agent 50 authentication data 60 and agent identification data 42.
- agent 50 comprises a user of system 10 (e.g., a person)
- system 10 may be configured to request identification data 42 from the user or access stored identification data 42 and display available identification data 42 to the user to enable selection by the user (e.g., via an input/output device) of particular identification data 42.
- security module 20 After authentication of agent 50, security module 20 performs or otherwise requests decryption of encrypted sensitive data 40.
- access module 34 identifies and/or otherwise retrieves TPM storage key 44 and encrypted sensitive data 40 corresponding to the agent 50 based on the agent identification data 42.
- agent 50 may provide the encrypted sensitive data 40 to access module 34 during the access operation.
- Access module 34 transmits TPM storage key 44, authentication data 60 and encrypted sensitive data 40 to TPM 16 and requests verification or authentication of authentication data 60 and decryption of encrypted sensitive data 40.
- TPM 16 is instructed or requested to verify authentication data 60 using TPM storage key 44.
- TPM 16 decrypts encrypted sensitive data 40 using TPM storage key 44 and transmits the decrypted sensitive data 70 to access module 34.
- Access module 34 may then transmit sensitive data 70 to particular devices or applications (e.g., agent 50 or another device, system or application) or otherwise use sensitive data 70 to perform or authorize a particular computer security function.
- system 10 is configured to protect sensitive data 70 provided or otherwise generated by agent 50 (e.g., a user, such as a person, a software application, or another type of computer system or application).
- agent 50 e.g., a user, such as a person, a software application, or another type of computer system or application.
- sensitive data 70 may be provided or otherwise generated by secure platform 13 (e.g., by BIOS 14).
- BIOS 14 may be configured to generate sensitive data 70 (e.g., in response to a request from agent 50 or another computer or software application/system).
- secure platform 13 is configured or otherwise performs operations as agent 50 (e.g., secure platform 13 obtaining a TPM storage key 44 associated therewith and/or otherwise requesting encryption of sensitive information and/or access to encrypted sensitive information via TPM storage key 44).
- BIOS 14 for example, is configured to generate sensitive data 70 (e.g., based on a request by agent 50 or another computer or software application/system).
- BIOS 14 also communicates with and otherwise authenticates its identity with TPM 16 based on identification data and/or authentication data associated with BIOS 14.
- BIOS 14 authenticates its identity with TPM 16 (e.g., via handshake signals, query/response exchange(s), or another type of authentication method) and obtains from TPM 16 its own TPM storage key 44.
- the TPM storage key 44 associated with BIOS 14 is used to encrypt the sensitive data 70 generated or otherwise provided by BIOS 14 via TPM 16 and is also used to decrypt the resulting encrypted sensitive data 40.
- the encrypted sensitive data 40 may be stored in memory 22 of BIOS 14 or transmitted to a requesting entity (e.g., agent 50 or another computer software application or system).
- FIGURE 4 is a flow diagram illustrating an embodiment of a computer security authentication and registration method using system 10 in accordance with the present invention.
- the method begins at block 300, where authentication module 32 and registration module 30 are initiated.
- authentication module 32 requests agent identification data 42.
- authentication module 32 receives agent identification data 42.
- authentication module 32 requests authentication data 60 from agent 50.
- authentication module 32 receives authentication data 60 from agent 50.
- authentication module 32 transmits authentication data 60 to TPM 16.
- authentication module 32 requests generation of TPM storage key 44 based on authentication data 60 associated with agent 50.
- TPM 16 generates TPM storage key 44.
- registration module 30 receives TPM storage key 44 from TPM 16.
- TPM storage key 44 and agent identification data 42 are stored in memory 22.
- registration module 30 requests sensitive data 70 from agent 50. However, it should be understood that in some embodiments or applications of the present invention, a request for sensitive data 70 may be unnecessary.
- registration module 30 receives sensitive data 70 from agent 50.
- registration module 30 transmits sensitive data 70 and TPM storage key 44 to TPM 16.
- registration module 30 requests encryption by TPM 16 of sensitive data 70 using TPM storage key 44.
- TPM 16 encrypts sensitive data 70 using TPM storage key 44, thereby generating encrypted sensitive data 40.
- registration module 30 receives encrypted sensitive data 40 from TPM 16 and transmits and/or stores the encrypted sensitive data 40. For example, in some embodiments of the present invention, registration module 30 stores encrypted sensitive data 40 in memory 22. In other embodiments of the present invention, registration module 30 transmits encrypted sensitive data 40 to agent 50 or another designated system or application.
- FIGURE 5 is a flow diagram illustrating an embodiment of a computer security method for accessing protected information using system 10 in accordance with the present invention.
- the method begins at block 400, where access module 34 requests or retrieves agent identification data 42.
- agent identification data 42 may be provided by agent 50 or retrieved from memory 22 for selection by agent 50 (e.g. a user of system 10).
- access module 34 requests authentication data 60 from agent 50.
- access module 34 receives authentication data 60 from agent 50.
- access module 34 retrieves TPM storage key 44 associated with agent 50 based on agent identification data 46.
- access module 34 transmits TPM storage key 44 and authentication data 60 to TPM 16.
- access module 34 requests verification or authentication of authentication data 60 by TPM 16 using TPM storage key 44.
- authentication module 32 may be used to perform an authentication operation to verify or otherwise authenticate the identity of agent 50.
- access module 34 requests decryption of encrypted sensitive data 40 by TPM 16 using TPM storage key 44.
- TPM 16 decrypts encrypted sensitive data 40 using TPM storage key 44.
- TPM 16 transmits, or access module 34 otherwise receives, decrypted sensitive data 70.
- Access module 34 may then use decrypted sensitive data 70 to perform or otherwise access a secure computer application or operation or provide the decrypted sensitive data 70 to agent 50.
- sensitive data 70 is generated or otherwise provided by agent 50.
- secure platform 13 e.g., BIOS 14 or another type of trusted platform or system
- BIOS 14 may be used to generate a drive-lock password as the sensitive data 70.
- BIOS 14 may be used to cooperate with TPM 16 to encrypt the drive-lock password using a TPM storage key 44 associated with BIOS 14. The encrypted password may then be forwarded to the drive-lock mechanism for storage.
- the drive-lock mechanism requests access to the drive-lock password by forwarding the encrypted drive-lock password to access module 34, which, after authentication of the drive-lock mechanism, forwards the encrypted drive-lock password to TPM 16 with the TPM storage key 44 for decryption.
- access module 34 forwards the decrypted drive-lock password to the drive-lock mechanism for unlocking the drive device.
- the decrypted drive-lock password is not stored on the system (e.g., only transiently available).
- embodiments of the present invention enable secure storage of sensitive information using cryptographic properties of a trusted platform module (i.e., TPM 16).
- the sensitive information is provided or otherwise generated by a user of the system (e.g., a person), a computer or software application system, or by a secure platform also used to store an encrypted form of the sensitive information (e.g., BIOS 14).
- FIGURES 4 and 5 It should be understood that in the methods described in FIGURES 4 and 5, certain functions may be omitted, combined, or accomplished in a sequence different than depicted in FIGURES 4 and 5. Also, it should be understood that the methods depicted in FIGURES 4 and 5 may be altered to encompass any of the other features or aspects described elsewhere in the specification.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200680017008.2A CN101176103B (en) | 2005-05-16 | 2006-04-21 | Computer security system |
DE112006001151T DE112006001151T5 (en) | 2005-05-16 | 2006-04-21 | Computer security system and method |
JP2008511135A JP4615601B2 (en) | 2005-05-16 | 2006-04-21 | Computer security system and computer security method |
GB0722051A GB2440697B (en) | 2005-05-16 | 2006-04-21 | Computer security system and method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/130,057 | 2005-05-16 | ||
US11/130,057 US8972743B2 (en) | 2005-05-16 | 2005-05-16 | Computer security system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006124191A1 true WO2006124191A1 (en) | 2006-11-23 |
Family
ID=36950347
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/014999 WO2006124191A1 (en) | 2005-05-16 | 2006-04-21 | Computer security system and method |
Country Status (6)
Country | Link |
---|---|
US (1) | US8972743B2 (en) |
JP (1) | JP4615601B2 (en) |
CN (1) | CN101176103B (en) |
DE (1) | DE112006001151T5 (en) |
GB (1) | GB2440697B (en) |
WO (1) | WO2006124191A1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008198186A (en) * | 2007-02-09 | 2008-08-28 | Lenovo Singapore Pte Ltd | Generalized authentication system and generalized authentication method |
JP2011501269A (en) * | 2007-10-11 | 2011-01-06 | マイクロソフト コーポレーション | Multi-factor content protection |
Families Citing this family (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7908483B2 (en) * | 2005-06-30 | 2011-03-15 | Intel Corporation | Method and apparatus for binding TPM keys to execution entities |
US7603707B2 (en) * | 2005-06-30 | 2009-10-13 | Intel Corporation | Tamper-aware virtual TPM |
JP4843325B2 (en) * | 2006-02-06 | 2011-12-21 | 株式会社リコー | Document access control system |
US8290164B2 (en) * | 2006-07-31 | 2012-10-16 | Lenovo (Singapore) Pte. Ltd. | Automatic recovery of TPM keys |
US20080148387A1 (en) * | 2006-10-18 | 2008-06-19 | Madina Shab H | Trusted platform module management system and method |
US7986786B2 (en) * | 2006-11-30 | 2011-07-26 | Hewlett-Packard Development Company, L.P. | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor |
US8385551B2 (en) * | 2006-12-22 | 2013-02-26 | Telefonaktiebolaget L M Ericsson (Publ) | Highly available cryptographic key storage (HACKS) |
TWI402715B (en) * | 2007-03-23 | 2013-07-21 | Via Tech Inc | Application protection systems and methods |
GB2454869A (en) * | 2007-11-13 | 2009-05-27 | Vodafone Plc | Telecommunications device security |
US8261320B1 (en) * | 2008-06-30 | 2012-09-04 | Symantec Corporation | Systems and methods for securely managing access to data |
KR20110051181A (en) * | 2008-07-07 | 2011-05-17 | 휴렛-팩커드 디벨롭먼트 컴퍼니, 엘.피. | Systems and method for data security |
CN101430747B (en) * | 2008-09-26 | 2011-09-07 | 武汉大学 | Movable equipment based on credible embedded platform and its security storage method |
US9147189B2 (en) * | 2009-08-20 | 2015-09-29 | Gilbarco Inc. | Secure reports for electronic payment systems |
US20110153473A1 (en) * | 2009-12-17 | 2011-06-23 | American Express Travel Related Services Company, Inc. | System and method for managing royalty payments |
US20110154023A1 (en) * | 2009-12-21 | 2011-06-23 | Smith Ned M | Protected device management |
US10482254B2 (en) | 2010-07-14 | 2019-11-19 | Intel Corporation | Domain-authenticated control of platform resources |
CN102355351B (en) * | 2011-07-21 | 2014-11-05 | 华为技术有限公司 | Key generation, backup and migration method and system based on trusted computing |
KR101874081B1 (en) * | 2012-06-07 | 2018-07-03 | 에스케이테크엑스 주식회사 | Cloud Service Supporting Method And System based on a Enhanced Security |
AU2013302743B2 (en) * | 2012-08-15 | 2018-07-05 | Visa International Service Association | Searchable encrypted data |
US9336357B2 (en) | 2012-09-28 | 2016-05-10 | Intel Corporation | Secure access management of devices |
CN105247528B (en) | 2013-06-27 | 2018-05-18 | 英特尔公司 | Continuous dual factor anthentication |
US9071581B2 (en) * | 2013-09-23 | 2015-06-30 | Nvidia Corporation | Secure storage with SCSI storage devices |
US10212598B2 (en) | 2013-12-04 | 2019-02-19 | Nokia Technologies Oy | Access point information for wireless access |
CN103853943B (en) * | 2014-02-18 | 2017-01-18 | 广州爱九游信息技术有限公司 | program protection method and device |
EP3123689B1 (en) * | 2014-03-26 | 2022-05-11 | Continental Teves AG & Co. OHG | Method and system for improving the data security during a communication process |
US9411975B2 (en) | 2014-03-31 | 2016-08-09 | Intel Corporation | Methods and apparatus to securely share data |
US9690943B2 (en) * | 2014-06-04 | 2017-06-27 | Dell Products L.P. | BIOS secure data management system |
CN104008342B (en) * | 2014-06-06 | 2017-12-15 | 山东超越数控电子股份有限公司 | A kind of method that secure and trusted certification is realized by BIOS and kernel |
CN104573548A (en) * | 2014-12-22 | 2015-04-29 | 宇龙计算机通信科技(深圳)有限公司 | Information encryption and decryption methods and devices and terminal |
KR102028197B1 (en) * | 2015-02-11 | 2019-10-04 | 한국전자통신연구원 | Hardware secure module, method for updating integrity check value stored in the hardware secure module and program stored in terminal by the hardware secure module |
US10073964B2 (en) | 2015-09-25 | 2018-09-11 | Intel Corporation | Secure authentication protocol systems and methods |
WO2017208618A1 (en) * | 2016-06-02 | 2017-12-07 | パナソニックIpマネジメント株式会社 | Information processing device and information processing system |
US10877806B2 (en) * | 2017-06-14 | 2020-12-29 | Intel Corporation | Method and apparatus for securely binding a first processor to a second processor |
US11379593B2 (en) * | 2017-08-16 | 2022-07-05 | Hewlett-Packard Development Company, L.P. | Storage monitoring |
US11500978B2 (en) * | 2018-07-31 | 2022-11-15 | Hewlett-Packard Development Company, L.P. | Password updates |
CA3058012C (en) | 2019-03-29 | 2021-05-11 | Alibaba Group Holding Limited | Cryptography chip with identity verification |
KR102234825B1 (en) | 2019-03-29 | 2021-04-02 | 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. | Secure execution of cryptographic operations |
EP3610607B1 (en) | 2019-03-29 | 2021-08-25 | Advanced New Technologies Co., Ltd. | Cryptographic key management based on identity information |
JP2020521341A (en) | 2019-03-29 | 2020-07-16 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | Cryptographic key management based on identification information |
CN110750799A (en) * | 2019-09-30 | 2020-02-04 | 北京智明星通科技股份有限公司 | Information encryption method and device, electronic equipment and computer readable storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1107627A1 (en) * | 1999-12-03 | 2001-06-13 | Siemens Aktiengesellschaft | A method for protecting user data stored in memory of a mobile communication device, particularly a mobile phone |
US20030133575A1 (en) * | 2002-01-14 | 2003-07-17 | Challener David Carroll | Super secure migratable keys in TCPA |
EP1469692A2 (en) * | 2003-04-16 | 2004-10-20 | Nec Corporation | A mobile terminal, management method of information in the same, and a computer program for the information management |
Family Cites Families (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE441897T1 (en) * | 1995-02-13 | 2009-09-15 | Intertrust Tech Corp | SYSTEMS AND METHODS FOR MANAGING SECURED TRANSACTIONS AND PROTECTING ELECTRONIC RIGHTS |
US5841869A (en) | 1996-08-23 | 1998-11-24 | Cheyenne Property Trust | Method and apparatus for trusted processing |
US6092147A (en) * | 1997-04-15 | 2000-07-18 | Sun Microsystems, Inc. | Virtual machine with securely distributed bytecode verification |
US6557104B2 (en) * | 1997-05-02 | 2003-04-29 | Phoenix Technologies Ltd. | Method and apparatus for secure processing of cryptographic keys |
US6505300B2 (en) * | 1998-06-12 | 2003-01-07 | Microsoft Corporation | Method and system for secure running of untrusted content |
US6401208B2 (en) * | 1998-07-17 | 2002-06-04 | Intel Corporation | Method for BIOS authentication prior to BIOS execution |
US6636973B1 (en) * | 1998-09-08 | 2003-10-21 | Hewlett-Packard Development Company, L.P. | Secure and dynamic biometrics-based token generation for access control and authentication |
US6484257B1 (en) * | 1999-02-27 | 2002-11-19 | Alonzo Ellis | System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment |
US6546489B1 (en) * | 1999-03-04 | 2003-04-08 | Western Digital Ventures, Inc. | Disk drive which provides a secure boot of a host computer system from a protected area of a disk |
US6618810B1 (en) * | 1999-05-27 | 2003-09-09 | Dell Usa, L.P. | Bios based method to disable and re-enable computers |
US6438594B1 (en) * | 1999-08-31 | 2002-08-20 | Accenture Llp | Delivering service to a client via a locally addressable interface |
US6625730B1 (en) * | 2000-03-31 | 2003-09-23 | Hewlett-Packard Development Company, L.P. | System for validating a bios program and memory coupled therewith by using a boot block program having a validation routine |
US6871278B1 (en) * | 2000-07-06 | 2005-03-22 | Lasercard Corporation | Secure transactions with passive storage media |
US7117376B2 (en) * | 2000-12-28 | 2006-10-03 | Intel Corporation | Platform and method of creating a secure boot that enforces proper user authentication and enforces hardware configurations |
US7484105B2 (en) * | 2001-08-16 | 2009-01-27 | Lenovo (Singapore) Ptd. Ltd. | Flash update using a trusted platform module |
US7490250B2 (en) * | 2001-10-26 | 2009-02-10 | Lenovo (Singapore) Pte Ltd. | Method and system for detecting a tamper event in a trusted computing environment |
US20030120918A1 (en) * | 2001-12-21 | 2003-06-26 | Intel Corporation | Hard drive security for fast boot |
US7107460B2 (en) * | 2002-02-15 | 2006-09-12 | International Business Machines Corporation | Method and system for securing enablement access to a data security device |
JP3863447B2 (en) * | 2002-03-08 | 2006-12-27 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Authentication system, firmware device, electrical device, and authentication method |
US20030226040A1 (en) * | 2002-06-03 | 2003-12-04 | International Business Machines Corporation | Controlling access to data stored on a storage device of a trusted computing platform system |
US7216369B2 (en) * | 2002-06-28 | 2007-05-08 | Intel Corporation | Trusted platform apparatus, system, and method |
US7200758B2 (en) | 2002-10-09 | 2007-04-03 | Intel Corporation | Encapsulation of a TCPA trusted platform module functionality within a server management coprocessor subsystem |
CN100440190C (en) * | 2002-12-26 | 2008-12-03 | 成都卫士通信息产业股份有限公司 | Surrogate mode safety remote access technology |
US8261063B2 (en) * | 2003-02-03 | 2012-09-04 | Hewlett-Packard Development Company, L.P. | Method and apparatus for managing a hierarchy of nodes |
US7200861B2 (en) * | 2003-03-27 | 2007-04-03 | Dell Products L.P. | Method and system for validating physical access to an information handling system |
JP2004336719A (en) | 2003-04-16 | 2004-11-25 | Nec Corp | Mobile terminal and its information management method, as well as computer program |
US7421588B2 (en) * | 2003-12-30 | 2008-09-02 | Lenovo Pte Ltd | Apparatus, system, and method for sealing a data repository to a trusted computing platform |
CN1314221C (en) * | 2004-02-01 | 2007-05-02 | 中兴通讯股份有限公司 | Safety proxy method |
JP2005227995A (en) * | 2004-02-12 | 2005-08-25 | Sony Corp | Information processor, information processing method and computer program |
US20050251857A1 (en) * | 2004-05-03 | 2005-11-10 | International Business Machines Corporation | Method and device for verifying the security of a computing platform |
US20060041932A1 (en) * | 2004-08-23 | 2006-02-23 | International Business Machines Corporation | Systems and methods for recovering passwords and password-protected data |
US7484241B2 (en) * | 2004-11-22 | 2009-01-27 | Lenovo (Singapore) Pte. Ltd. | Secure single sign-on to operating system via power-on password |
US20060129824A1 (en) * | 2004-12-15 | 2006-06-15 | Hoff James P | Systems, methods, and media for accessing TPM keys |
-
2005
- 2005-05-16 US US11/130,057 patent/US8972743B2/en not_active Expired - Fee Related
-
2006
- 2006-04-21 CN CN200680017008.2A patent/CN101176103B/en not_active Expired - Fee Related
- 2006-04-21 GB GB0722051A patent/GB2440697B/en not_active Expired - Fee Related
- 2006-04-21 JP JP2008511135A patent/JP4615601B2/en not_active Expired - Fee Related
- 2006-04-21 WO PCT/US2006/014999 patent/WO2006124191A1/en active Application Filing
- 2006-04-21 DE DE112006001151T patent/DE112006001151T5/en not_active Ceased
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1107627A1 (en) * | 1999-12-03 | 2001-06-13 | Siemens Aktiengesellschaft | A method for protecting user data stored in memory of a mobile communication device, particularly a mobile phone |
US20030133575A1 (en) * | 2002-01-14 | 2003-07-17 | Challener David Carroll | Super secure migratable keys in TCPA |
EP1469692A2 (en) * | 2003-04-16 | 2004-10-20 | Nec Corporation | A mobile terminal, management method of information in the same, and a computer program for the information management |
Non-Patent Citations (1)
Title |
---|
"Trusted Computing Platform Alliance (TCPA) Main Specification Version 1.1b", TCPA MAIN SPECIFICATION, 22 February 2002 (2002-02-22), XP002294897 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008198186A (en) * | 2007-02-09 | 2008-08-28 | Lenovo Singapore Pte Ltd | Generalized authentication system and generalized authentication method |
JP2011501269A (en) * | 2007-10-11 | 2011-01-06 | マイクロソフト コーポレーション | Multi-factor content protection |
Also Published As
Publication number | Publication date |
---|---|
US8972743B2 (en) | 2015-03-03 |
CN101176103B (en) | 2010-05-19 |
JP4615601B2 (en) | 2011-01-19 |
GB2440697A (en) | 2008-02-06 |
GB0722051D0 (en) | 2007-12-19 |
US20060259782A1 (en) | 2006-11-16 |
CN101176103A (en) | 2008-05-07 |
GB2440697B (en) | 2010-04-21 |
DE112006001151T5 (en) | 2008-04-17 |
JP2008541264A (en) | 2008-11-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8972743B2 (en) | Computer security system and method | |
US6230272B1 (en) | System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user | |
US8930700B2 (en) | Remote device secure data file storage system and method | |
EP2351316B1 (en) | Method and system for token-based authentication | |
US10348706B2 (en) | Assuring external accessibility for devices on a network | |
US11606348B2 (en) | User authentication using multi-party computation and public key cryptography | |
US10771467B1 (en) | External accessibility for computing devices | |
US20080077592A1 (en) | method and apparatus for device authentication | |
US20140189807A1 (en) | Methods, systems and apparatus to facilitate client-based authentication | |
US20110126023A1 (en) | Systems And Methods For Data Security | |
US20200259637A1 (en) | Management and distribution of keys in distributed environments | |
US20130019281A1 (en) | Server Based Remote Authentication for BIOS | |
CN102271037A (en) | Key protectors based on online keys | |
CN112425114A (en) | Password manager protected by public-private key pair | |
US10867056B2 (en) | Method and system for data protection | |
EP1472816A2 (en) | Access system utilizing multiple factor identification and authentication | |
WO2021111824A1 (en) | Electronic signature system and tamper-proof device | |
JP2008048166A (en) | Authentication system | |
Kim et al. | Security analysis and bypass user authentication bound to device of windows hello in the wild | |
JP7293491B2 (en) | Method and system for secure transactions | |
CN114491481B (en) | Safety calculation method and device based on FPGA | |
AU2020204174B2 (en) | Assuring external accessibility for devices on a network | |
TWI746504B (en) | Method and device for realizing synchronization of session identification | |
JP2024045374A (en) | Exclusive self-escrow methods and equipment | |
CN117313144A (en) | Sensitive data management method and device, storage medium and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680017008.2 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 4589/CHENP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120060011510 Country of ref document: DE |
|
ENP | Entry into the national phase |
Ref document number: 0722051 Country of ref document: GB Kind code of ref document: A Free format text: PCT FILING DATE = 20060421 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 0722051.0 Country of ref document: GB |
|
ENP | Entry into the national phase |
Ref document number: 2008511135 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
RET | De translation (de og part 6b) |
Ref document number: 112006001151 Country of ref document: DE Date of ref document: 20080417 Kind code of ref document: P |
|
WWE | Wipo information: entry into national phase |
Ref document number: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06750904 Country of ref document: EP Kind code of ref document: A1 |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8607 |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8607 |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8607 |