Abstract: Securely communicating traffic between control units interconnected by a network. An electronic control unit (ECU) receives a signed manifest identifying public keys for a group of ECUs authorized to communicate over the network. The ECU performs an authentication exchange with the ECUs in the group. The authentication exchange uses public keys identified in the manifest. Based on the authentication exchange, the ECU distributes a group key to authenticated ones of the ECUs that communicate messages authenticated using the group key.

Abstract: Techniques are disclosed relating to time synchronization in a network. In some embodiments, an apparatus includes a first circuit having a first clock configured to maintain a local time value for a node coupled to a network. The first circuit is configured to send a first message to a second circuit. The first message includes a first nonce. The second circuit has a second clock that maintains a reference time value for the network. The first circuit receives a second message from the second circuit, the second message including a second nonce and is associated with a timestamp identifying the reference time value. The first circuit compares the first nonce to the second nonce to determine whether the timestamp is valid and, in response to determining that the timestamp is valid, uses the timestamp to synchronize the first clock with the second clock.

Abstract: Various techniques related to authenticating and verifying the integrity of data received by a computer system from an external source (such as a sensor) are disclosed. Hardware circuits are disclosed that, along with the computer processor, allow for error-checking and authentication of data received by the computer system. For instance, the hardware circuits may generate a separate authentication code that can be compared to the authentication code in the data itself to determine whether or not the message is authentic and whether or not there is an error in the data. The disclosed techniques reduce the processing requirements of a computer system and can be implemented using simple hardware circuit designs.

Abstract: Techniques are disclosed relating to time synchronization in a network. In some embodiments, an apparatus includes a first circuit having a first clock configured to maintain a local time value for a node coupled to a network. The first circuit is configured to send a first message to a second circuit. The first message includes a first nonce. The second circuit has a second clock that maintains a reference time value for the network. The first circuit receives a second message from the second circuit, the second message including a second nonce and is associated with a timestamp identifying the reference time value. The first circuit compares the first nonce to the second nonce to determine whether the timestamp is valid and, in response to determining that the timestamp is valid, uses the timestamp to synchronize the first clock with the second clock.

Abstract: Techniques are disclosed relating to time synchronization in a network. In some embodiments, an apparatus includes a first circuit having a first clock configured to maintain a local time value for a node coupled to a network. The first circuit is configured to send a first message to a second circuit. The first message includes a first nonce. The second circuit has a second clock that maintains a reference time value for the network. The first circuit receives a second message from the second circuit, the second message including a second nonce and is associated with a timestamp identifying the reference time value. The first circuit compares the first nonce to the second nonce to determine whether the timestamp is valid and, in response to determining that the timestamp is valid, uses the timestamp to synchronize the first clock with the second clock.

Abstract: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization.

Abstract: A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization.

Abstract: The invention establishes a protected volume on a data storage device associated with a computational device by allowing an operating system of the computational device to boot up to a point (the volume conversion crossover point) at which predetermined functionality of the operating system becomes available, then establishing the protected volume. A copy of the operating system data (cleartext operating system data) that is accessed during boot up prior to the volume conversion crossover point (which can be known by monitoring and recording access to operating system data during boot-up) is stored in an unprotected region of the data storage device. A copy of the cleartext operating system data is also stored in the protected volume. After the protected volume is established, the computational device is reset, causing the operating system to boot up again.

Abstract: User and network computer client device (NC) registration with an internet service provider (ISP) occurs in two phases: the first phase with the relationship server and the second phase with the ISP. In the first phase, the NC sends the relationship server a unique identifier of the NC manufacturer, such as the manufacturer identification number. In the preferred embodiment, the NC also transmits an enterprise identification number from a smart card uniquely specifying the ISP to which the user wishes to connect. The relationship server queries a relationship database using the manufacturer and enterprise identification numbers. In the preferred embodiment, the relationship server determines whether the specified manufacturer has authorized connection to the specified ISP; if no authorization exists in the relationship server database, then the relationship server disconnects from the NC.

Abstract: User and network computer client device (NC) registration with an internet service provider (ISP) occurs in two phases: the first phase with the relationship server and the second phase with the ISP. In the first phase, the NC sends the relationship server a unique identifier of the NC manufacturer, such as the manufacturer identification number. In the preferred embodiment, the NC also transmits an enterprise identification number from a smart card uniquely specifying the ISP to which the user wishes to connect. The relationship server queries a relationship database using the manufacturer and enterprise identification numbers. In the preferred embodiment, the relationship server determines whether the specified manufacturer has authorized connection to the specified ISP; if no authorization exists in the relationship server database, then the relationship server disconnects from the NC.

Abstract: A network computer client device (NC) maintains a root internet service provider (ISP) certificate which includes the ISP's public key and which is digitally signed by a root authority using the root authority's private key. The NC also maintains a root public key. When an ISP desires to write onto the smart card inserted into an NC, it sends ISP account information to be written including a digital signature portion created with the ISP's private key to the NC. The NC performs a cryptographic verification of the ISP account information using the ISP's public key found in the root ISP certificate. If this verification is successful, the NC writes the ISP account information to the smart card. If this verification fails, the ISP account information is not written to the smart card.

Abstract: All network computer client device (NC) manufacturers' authorizations to connect to specific internet service providers (ISPs) are maintained in a central database associated with a relationship server. The relationship server issues digital certificates which associate various ISPs to their respective public keys. Each ISP is assigned a unique enterprise identification number by the relationship server. To authorize a specific ISP, the manufacturer begins with the relationship server's ISP certificate. The manufacturer computes and appends its own digital signature for the relationship server's ISP certificate, thereby creating an ISP usage certificate valid for its NCs which it sends back to the relationship server. Upon first powering on, each NC dials the relationship server and transmits its manufacturer identification number. The relationship server uses the manufacturer identification number to find the ISP usage certificates corresponding to the NC manufacturer.

Abstract: User specific internet service provider (ISP) account information is stored on the user's smart card, but the ISP specific connection information is stored within a network computer client device (NC). When the NC is first powered on and used, it calls the relationship server to receive connection information corresponding to the ISP that is either specified on the first user's smart card or is otherwise chosen by the first user. This connection information is preferably stored in non-volatile memory within the NC, so that even if the NC is powered down, it maintains the ability to connect to the ISP designated by its previous user. Each ISP is designated by a unique enterprise identification number assigned by the relationship server. When a subsequent user inserts his smart card into an NC, the NC compares the enterprise identification number on the smart card to the enterprise identification number within the NC.

Abstract: A computer system and a method for the protected distribution of certificate and keying material between a certification authority and at least one entity in the certification authority's domain, including the steps of sending keying material, including a password, generated by the Certifying Authority to the entity via a secure medium; generating and protecting, by the entity, a public and a private key pair using the keying material provided it by the certifying authority; generating, protecting and sending a request for a certificate to the certifying authority using the keying material provided it by the certifying authority; requesting, by the certifying authority, that the public key and address of the entity be sent to the certifying authority; protecting and sending the public key and address of the entity to the certifying authority using the keying material provided it by the certifying authority; assembling and issuing the certificate to the entity from the certifying authority and recording the pu

Abstract: An authentication method that permits a user and a file serving workstation to mutually authenticate themselves. This is accomplished by exchanging a random number that is encrypted by a password that is known to the user and stored in a password file on the file serving workstation. A logon ID is sent from the client workstation to the server workstation. The stored user password corresponding to the user ID is retrieved from the password file. A random number is created that is encrypted by a symmetric encryption algorithm on the server workstation using the retrieved user password, and which provides an encrypted password. The user is then requested to enter the password into the user workstation. The entered password is used to decrypt the encrypted password received from the server workstation and retrieve the random number therefrom to authenticate the server workstation. The random number is then used as the encryption and decryption key for communication between the user and server workstations.

Abstract: The invention is an improved distributed information system which automatically provides for the transmission of security protocol data units between end-users of a distributed information system. The invention compares the address and security key of a received security protocol data unit to stored end-system addresses and security key information and, in the absence of an existing end-system address and security key, automatically initiates negotiation of a security key between end-systems and then confirms the negotiated security key and initiates a security protocol transmission of the data unit. A method af automatic invoking secure communications between end-systems of a distributed information system is also disclosed.