Patents Assigned to SafeNet, Inc.
-
Patent number: 6856981Abstract: A system and method in accordance with the present invention determines in real-time the portions of a set of characters from a data or character stream which satisfies one or more predetermined regular expressions. A Real-time Deterministic Finite state Automaton (RDFA) ensures that the set of characters is processed at high speeds with relatively small memory requirements. An optimized state machine models the regular expression(s) and state related alphabet lookup and next state tables are generated. Characters from the data stream are processed in parallel using the alphabet lookup and next state tables, to determine whether to transition to a next state or a terminal state, until the regular expression is satisfied or processing is terminated. Additional means may be implemented to determine a next action from satisfaction of the regular expression.Type: GrantFiled: December 3, 2001Date of Patent: February 15, 2005Assignee: SafeNet, Inc.Inventors: Daniel Wyschogrod, Alain Arnaud, David Eric Berman Lees, Leonid Leibman
-
Patent number: 6708273Abstract: A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator.Type: GrantFiled: February 25, 1999Date of Patent: March 16, 2004Assignee: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed, Robert W. Doud
-
Patent number: 6704871Abstract: A secure communication platform on an integrated circuit is a highly integrated security processor which incorporates a general purpose digital signal processor (DSP), along with a number of high performance cryptographic function elements, as well as a PCI and PCMCIA interface. The secure communications platform is integrated with an off-the-shelf DSP so that a vendor who is interested in digital signal processing could also receive built-in security functions which cooperate with the DSP. The integrated circuit includes a callable library of cryptographic commands and encryption algorithms. An encryption processor is included to perform key and data encryption, as well as a high performance hash processor and a public key accelerator.Type: GrantFiled: September 16, 1998Date of Patent: March 9, 2004Assignee: SafeNet, Inc.Inventors: Michael M. Kaplan, Timothy Ober, Peter Reed, Robert W. Doud
-
Patent number: 6654465Abstract: A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.Type: GrantFiled: July 2, 2001Date of Patent: November 25, 2003Assignee: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed
-
Patent number: 6631472Abstract: A kernel mode protection circuit includes a processor, a program counter, a kernel program fetch supervisor circuit, a kernel data fetch supervisor circuit, a program memory, a data memory, a flip-flop circuit and two AND circuits. The data memory includes two user memories, protected registers and random access memory (RAM). The program memory includes two user memories and a kernel read only memory (ROM). The circuit may operate in either a user mode (kernel ROM is not accessible) or a kernel mode (kernel ROM is accessible). When in the kernel mode the kernel RAM and certain protected registers are accessible only by a secure kernel. The kernel mode control circuit will reset the processor should a security violation occur, such as attempting to access the kernel RAM while in the user mode.Type: GrantFiled: July 2, 2001Date of Patent: October 7, 2003Assignee: SafeNet, Inc.Inventors: Michael M. Kaplan, Timothy Ober, Peter Reed
-
Patent number: 6453415Abstract: A method of communicating securely between an application program and a secure kernel is performed by passing command requests and arguments between the application program and the secure kernel through a kernel block memory and a command block memory so that security intensive and real time intensive applications can co-exist without a security breach. The secure kernel retrieves the command requests and the arguments from an application program data memory and processes the information within the secure kernel. The secure kernel returns the processed data to the application program. All data transfers are under control of the secure kernel software, and thus numerous ‘active attacks’ against the security of the system are defeated.Type: GrantFiled: September 16, 1998Date of Patent: September 17, 2002Assignee: SafeNet, Inc.Inventor: Timothy Ober
-
Publication number: 20020080958Abstract: A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.Type: ApplicationFiled: July 2, 2001Publication date: June 27, 2002Applicant: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed
-
Patent number: 6412069Abstract: Cryptographic service software embodied on a hard disc or a floppy disc electronically communicates with a standard operating system of a personal computer. The operating system has an application space and a kernel space. The cryptographic service software performs cryptographic services in the kernel space of the operating system. The cryptographic service software includes a kernel space level application programming interface and a cryptographic service module having a library of encryption algorithms.Type: GrantFiled: September 16, 1998Date of Patent: June 25, 2002Assignee: SafeNet, Inc.Inventor: Bronislav Kavsan
-
Patent number: 6397331Abstract: A method of expanding a secure kernel memory area to accommodate additional software code includes the step of digitally signing the additional code by a trusted authority. The code has a digital signature to authenticate the source of the code and to control what code can be added to the secure kernel. The new code is copied into an unprotected memory where the digital signature is verified. The digital signature includes a unique integrated circuit (IC) identification number, which provides the IC manufacturer with the ability to control the secure kernel memory expansion of all or each of the ICs. If the code is authenticated via the digital signature, then those memory blocks are locked-in as protected memory and thus given “secure kernel” privileges.Type: GrantFiled: September 16, 1998Date of Patent: May 28, 2002Assignee: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed
-
Publication number: 20020051538Abstract: A kernel mode protection circuit includes a processor, a program counter, a kernel program fetch supervisor circuit, a kernel data fetch supervisor circuit, a program memory, a data memory, a flip-flop circuit and two AND circuits. The data memory includes two user memories, protected registers and random access memory (RAM). The program memory includes two user memories and a kernel read only memory (ROM). The circuit may operate in either a user mode (kernel ROM is not accessible) or a kernel mode (kernel ROM is accessible). When in the kernel mode the kernel RAM and certain protected registers are accessible only by a secure kernel. The kernel mode control circuit will reset the processor should a security violation occur, such as attempting to access the kernel RAM while in the user mode.Type: ApplicationFiled: July 2, 2001Publication date: May 2, 2002Applicant: SafeNet, Inc.Inventors: Michael M. Kaplan, Timothy Ober, Peter Reed
-
Publication number: 20010036276Abstract: A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.Type: ApplicationFiled: July 2, 2001Publication date: November 1, 2001Applicant: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed
-
Patent number: 6307936Abstract: A key management scheme for managing encryption keys in a cryptographic co-processor includes the first step of selecting a key from one of a symmetrical key type and an asymmetrical key type. Then, the key bit length is selected. The key is then generated and, lastly, the key is represented in either an external form or an internal form.Type: GrantFiled: September 16, 1998Date of Patent: October 23, 2001Assignee: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed
-
Patent number: 6282657Abstract: A protection circuit operates in a user or kernel mode. In the kernel mode, a kernel memory is accessible only by a secure kernel. A processor is reset if a security violation occurs, such as by attempting to access kernel memory in user mode. A program fetch supervisor circuit compares addresses to a predetermined address to determine if a security violation has occurred. A data fetch supervisor circuit compares data addresses to a protected memory address range. A security violation occurs if the data address is in protected memory, which resets the processor. A method of kernel mode protection includes fetching a program opcode or data operand. If the program opcode or data operand is from kernel memory and the processor is in user mode, the processor is reset. If an opcode is fetched from user memory while in kernel mode, the processor reverts to user mode.Type: GrantFiled: September 16, 1998Date of Patent: August 28, 2001Assignee: SafeNet, Inc.Inventors: Michael M. Kaplan, Timothy Ober, Peter Reed
-
Patent number: 6278782Abstract: A method of generating a recovery key encryption key (RKEK) in a secure manner by an integrated circuit (IC) and a key recovery escrow agent includes the steps of generating by the IC a first number having a private component and a public component, and generating by the escrow agent a second number having a private component and a public component. The public component of the first number is provided to the escrow agent, and the public component of the second number is provided to the integrated circuit. A Diffie-Hellman modulo-exponentiation mathematical operation is performed by the integrated circuit using the private component of the first number, the public component of the first number and the public component of the second number to create the RKEK. A similar operation is performed by the escrow agent using the private component of the second number, the public number of the second number and the public component of the first number to create the RKEK at its end.Type: GrantFiled: September 16, 1998Date of Patent: August 21, 2001Assignee: SafeNet, Inc.Inventors: Timothy Ober, Peter Reed