-
公开(公告)号:US20150228144A1
公开(公告)日:2015-08-13
申请号:US14629395
申请日:2015-02-23
Applicant: Certicom Corp.
Inventor: Scott A. VANSTONE
CPC classification number: G07F7/1008 , G06Q20/341 , G06Q20/3674 , G06Q20/3825 , G06Q20/401 , G06Q20/40975 , G06Q2220/00 , G07F7/1016 , H04L9/3066 , H04L9/3249 , H04L9/3252 , H04L2209/56
Abstract: A method of verifying a pair of correspondents in electronic transaction, the correspondents each including first and second signature schemes and wherein the first signature scheme is computationally more difficult in signing than verifying and the second signature scheme is computationally more difficult in verifying than signing. The method comprises the step of the first correspondent signing information according to the first signature scheme and transmitting the first signature to the second correspondent, the second correspondent verifying the first signature received from the first correspondent, wherein the verification is performed according to the first signature scheme. The second correspondent then signs information according to the second signature scheme and transmits the second signature to the first correspondent, the first correspondent verifies the second signature received from the second correspondent, wherein the verification is performed according to the second signature algorithm; the transaction is rejected if either verification fails. The method thereby allows one of the correspondents to participate with relatively little computing power while maintaining security of the transaction.
-
公开(公告)号:US09106635B2
公开(公告)日:2015-08-11
申请号:US13741598
申请日:2013-01-15
Applicant: Certicom Corp.
CPC classification number: H04L63/0823 , H04L9/0847 , H04L9/0869 , H04L9/3066 , H04L63/08 , H04L63/126 , H04L63/166 , H04L63/18 , H04L67/14
Abstract: A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation.
Abstract translation: 提供了一种用于使客户端设备能够连接到网络的系统和方法。 该方法包括:经由与网络不同的通信信道获得授权码,与客户端设备对应的授权码; 并且在检测到客户端设备发起安全协商协议之后,在至少一个安全协商操作中使用授权码。
-
公开(公告)号:US20150139424A1
公开(公告)日:2015-05-21
申请号:US14603637
申请日:2015-01-23
Applicant: Certicom Corp.
CPC classification number: H04L9/0819 , H04L9/0866 , H04L9/14 , H04L9/3271 , H04L63/123 , H04L2209/24 , H04L2209/80 , H04L2463/061 , H04W12/02 , H04W12/04 , H04W12/10
Abstract: Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator.
Abstract translation: 描述用于在通信系统中执行密钥协商操作的方法,系统和计算机程序。 在一些方面,无线网络运营商接收移动设备标识符并访问与移动设备相关联的秘密密钥。 基于秘密密钥来评估消息认证码功能以产生输出值。 基于输出值获得会话密钥和质询值。 在一些方面,响应于从无线网络运营商接收到挑战值,移动设备访问秘密密钥。 基于秘密密钥来评估消息认证码功能以产生输出值。 基于输出值获得响应值和会话密钥。 响应值被发送到无线网络运营商。
-
公开(公告)号:US08996855B2
公开(公告)日:2015-03-31
申请号:US13676730
申请日:2012-11-14
Applicant: Research In Motion Limited , Certicom Corp.
Inventor: Alexander Sherkin , Gregory Marc Zaverucha , Alexander Truskovsky , Michael Matovsky , Osman Zohaib Arfeen
IPC: H04L29/06
CPC classification number: H04L63/0428 , H04L63/0823 , H04L63/166
Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.
Abstract translation: 当由处理器执行时,客户端应用程序可操作以创建包含包含机密值的目标报头的超文本传输协议(HTTP)请求。 HTTP请求将通过安全套接字层(SSL)3.0连接或传输层安全(TLS)1.0连接发送到Web服务器。 客户端应用程序在其HTTP层实现了对块选择边界攻击的对策。 客户机应用程序生成一个额外的标头,其标题名称不能由Web服务器识别,并将附加标头插入到目标标题之前的HTTP请求中,从而创建修改的HTTP请求。 修改的HTTP请求将通过SSL 3.0连接或与服务器的TLS 1.0连接发送,而不是未修改的HTTP请求。
-
公开(公告)号:US08971528B2
公开(公告)日:2015-03-03
申请号:US13753126
申请日:2013-01-29
Applicant: Certicom Corp.
Inventor: Matthew John Campagna
CPC classification number: H04L9/3252
Abstract: A modified Chinese State Encryption Management Bureau's SM2 Elliptic Curve Signature Algorithm that offers partial message recovery and lowers the signature size for a given cryptographic strength. The modified SM2 Elliptic Curve Signature Algorithm includes a signature and verification algorithm that modifies a signature generation primitive to compute a key derived from the ephemeral signing key, and a multiple of the signer's public key.
Abstract translation: 经修改的中国国家加密管理局的SM2椭圆曲线签名算法,提供部分消息恢复,降低给定加密强度的签名大小。 经修改的SM2椭圆曲线签名算法包括签名和验证算法,其修改签名生成原语以计算从短暂签名密钥导出的密钥,以及签名者的公钥的倍数。
-
Patent Agency Ranking
公开(公告)号:US20140369200A1
公开(公告)日:2014-12-18
申请号:US14470851
申请日:2014-08-27
Applicant: Certicom Corp.
Inventor: Yuri POELUEV , Ronald G. MERCER
CPC classification number: H04W28/06 , H04L67/04 , H04L69/22 , H04L69/24 , H04L69/32 , H04L69/323 , H04W80/04 , H04W80/06 , H04W84/12
Abstract: A system and method for disabling header compression during an establishment and configuration of a communication protocol and communication channel between a pair of correspondents. The system comprises an initiating correspondent transmitting at least one PPP negotiation packet having at least one acceptable TCP/IP header compression option type. A software module of a responding correspondent intercepts and examines said at least one PPP negotiation packet before said at least one PPP negotiation packet reaches a PPP layer of the responding correspondent and modifies said acceptable TCP/IP header compression option type to an unacceptable TCP/IP header compression option type and transmits same to said PPP layer of the responding correspondent. The responding correspondent rejects said unacceptable TCP/IP header compression option type. Said software module receiving said modified PPP negotiation packet modifies same to said acceptable TCP/IP header compression option type, and transmitting said PPP negotiation packet to said initiating correspondent.
Abstract translation: 一种用于在通信协议的建立和配置期间禁用报头压缩的系统和方法以及一对记者之间的通信信道。 该系统包括发起具有至少一个可接受的TCP / IP报头压缩选项类型的至少一个PPP协商分组的初始通信对方。 响应的记者的软件模块在所述至少一个PPP协商分组到达响应的通信对方的PPP层之前拦截并检查所述至少一个PPP协商分组,并且将所述可接受的TCP / IP报头压缩选项类型修改为不可接受的TCP / IP 报头压缩选项类型,并将其发送到响应通信方的所述PPP层。 响应的记者拒绝所述不可接受的TCP / IP报头压缩选项类型。 接收所述经修改的PPP协商分组的所述软件模块将其修改为所述可接受的TCP / IP报头压缩选项类型,并将所述PPP协商分组发送到所述初始通信对象。
-
公开(公告)号:US20140344576A1
公开(公告)日:2014-11-20
申请号:US14089358
申请日:2013-11-25
Applicant: Certicom Corp.
Inventor: Donald B. JOHNSON
CPC classification number: H04L9/30 , H04L9/0816 , H04L9/3066 , H04L9/3252 , H04L9/3263 , H04L2209/24
Abstract: A system and method for validating digital information transmitted by one correspondent to another in a data communication system. The method comprising the steps of generating a public key in accordance with a predetermined, generating a public key in accordance with a predetermined cryptographic scheme having predetermined arithmetic properties and system parameters. The verifying said public key conforms to said arithmetic properties of said scheme, transmitting said verified public key to a recipient.
Abstract translation: 一种用于在数据通信系统中验证由一个通信对方发送的数字信息的系统和方法。 该方法包括以下步骤:根据预定的生成公钥,根据具有预定的算术特性和系统参数的预定的密码方式生成公开密钥。 验证所述公钥符合所述方案的所述算术特性,将所述经验证的公开密钥发送给接收方。
-
公开(公告)号:US20140282873A1
公开(公告)日:2014-09-18
申请号:US14199421
申请日:2014-03-06
Applicant: Certicom Corp.
Inventor: Marinus Struik
IPC: H04L29/06
CPC classification number: H04L9/0618 , H04L9/00 , H04L63/0428 , H04L63/08 , H04L2209/24
Abstract: A method of formatting data for transmission to another party including the step of incorporating in the data a flag indicative of the absence of data for authentication of the sender. An authentication tag length is also included to permit variable length tags to be used.
Abstract translation: 一种用于将数据格式化以传输给另一方的方法,包括在数据中包含指示不存在用于发送者的认证的数据的标志的步骤。 还包括认证标签长度以允许使用可变长度标签。
-
公开(公告)号:US20140229730A1
公开(公告)日:2014-08-14
申请号:US14257781
申请日:2014-04-21
Applicant: Certicom Corp.
Inventor: Minghua Qu , Scott A. Vanstone
IPC: H04L9/32
CPC classification number: H04L9/3263 , H04L9/0844 , H04L9/3247
Abstract: A method of generating a public key in a secure digital communication system, having at least one trusted entity CA and subscriber entities A. For each entity A, the trusted entity selects a unique identity distinguishing the entity A. The trusted entity then generates a public key reconstruction public data of the entity A by mathematically combining public values obtained from respective private values of the trusted entity and the entity A. The unique identity and public key reconstruction public data of the entity A serve as A's implicit certificate. The trusted entity combines the implicit certificate information with a mathematical function to derive an entity information ƒ and generates a value kA by binding with ƒ with private values of the trusted entity. The trusted entity transmits the value kA to the entity to permit A to generate a private key from kA, A's private value and A's implicit certificate. The entity A's public key information may be reconstructed from public information, and A's implicit certificate.
Abstract translation: 一种在安全数字通信系统中生成公共密钥的方法,其具有至少一个可信实体CA和订户实体A.对于每个实体A,可信实体选择区分实体A的唯一标识。然后,可信实体生成公共 通过数字地组合从可信实体和实体A的各私有值获得的公共值,实体A的关键重建公共数据。实体A的唯一身份和公钥重建公共数据作为A的隐式证书。 可信实体将隐式证书信息与数学函数组合以导出实体信息ƒ并通过与ƒ与可信实体的私有值绑定来生成值kA。 可信实体将值kA发送给实体,以允许A从kA,A的私有值和A的隐式证书生成私钥。 实体A的公钥信息可以从公共信息和A的隐式证书重建。
-
公开(公告)号:US20140156998A1
公开(公告)日:2014-06-05
申请号:US13690996
申请日:2012-11-30
Applicant: CERTICOM CORP.
Inventor: Robert John Lambert
IPC: G06F21/44
CPC classification number: G06F21/44 , G06F2221/2103 , H04L9/3236 , H04L9/3271 , H04L9/3273
Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.
-
-
-
-
-
-
-
-
-
Search Results
187
records
(took 0.021 seconds)
