| 发明名称 | Auditing and permission provisioning mechanisms in a distributed secure asset-management infrastructure | ||
| 摘要 | The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device. | ||
| 申请公布号 | US9584509(B2) | 申请公布日期 | 2017.02.28 |
| 申请号 | US201414535202 | 申请日期 | 2014.11.06 |
| 申请人 | CRYPTOGRAPHY RESEARCH, INC. | 发明人 | Hamburg Michael;Jun Benjamin Che-Ming;Kocher Paul C.;O'Loughlin Daniel;Pochuev Denis Alexandrovich;Kumar Ambuj |
| 分类号 | H04L9/32;H04L29/06;H04L29/08;H04W12/06;G06F21/60;G06F21/62;G06F21/72;G06F21/73;G06F21/33 | 主分类号 | H04L9/32 |
| 代理机构 | Lowenstein Sandler LLP | 代理人 | Lowenstein Sandler LLP |
| 主权项 | 1. A method comprising: receiving, by an Appliance device of a cryptographic manager (CM) system, a Module over a network from a Service device of the CM system, the Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device; receiving, by the Appliance device, a ticket over the network from the Service device, wherein the ticket is digital data that grants permission to the Appliance device to execute the Module; verifying, by the Appliance device, the ticket; and executing, by the Appliance device, the Module when the ticket is verified, wherein executing the Module results in a secure construction of a sequence of operations to securely provision the data asset to the target device, wherein the Appliance device comprises a hardware security module (HSM); maintaining, by the HSM, a list of current tickets for each of ticket names known to the Appliance device;maintaining, by the HSM, a counter that is used to prevent replay attacks; andreceiving, by the Appliance device, a ticket-related message to grant a new ticket to the HSM. | ||
| 地址 | San Francisco CA US | ||