公开(公告)号：US09225717B1

公开(公告)日：2015-12-29

申请号：US13826924

申请日：2013-03-14

Applicant: EMC Corporation

Inventor： John Brainard ,  Nikolaos Triandopoulos ,  Marten van Dijk ,  Ari Juels

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  G06F12/00 ,  G06F12/14 ,  G06F13/00 ,  G11C7/00 ,  H04L9/06

CPC classification number: H04L63/0846 ,  H04L9/3228 ,  H04L9/3242 ,  H04L9/3247 ,  H04L9/3297 ,  H04L2209/38 ,  H04L2209/56

Abstract: Methods and apparatus are provided for signing data transactions using one-time authentication passcodes. User authentication passcodes are generated by generating a time-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated time-based user authentication passcode is used for authentication of the user; and generating an event-based user authentication passcode based on a forward-secure pseudorandom number, wherein the generated event-based user authentication passcode is used to sign one or more data transactions. The generation of an event-based user authentication passcode can be performed on-demand. The generation of the event-based user authentication passcode can optionally be performed substantially simultaneously with the generation of the time-based user authentication passcode.

Abstract translation: 提供了使用一次性认证密码对数据事务进行签名的方法和装置。 通过基于前向安全伪随机数生成基于时间的用户认证密码来生成用户认证密码，其中所生成的基于时间的用户认证密码用于用户认证; 以及基于前向安全伪随机数生成基于事件的用户认证密码，其中所生成的基于事件的用户认证密码用于签署一个或多个数据事务。 基于事件的用户认证密码的生成可以按需执行。 基于事件的用户认证密码的生成可以选择性地与生成基于时间的用户认证密码同时执行。

公开(公告)号：US09185100B1

公开(公告)日：2015-11-10

申请号：US14136871

申请日：2013-12-20

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06

CPC classification number: H04W12/06 ,  H04L63/06 ,  H04L63/08 ,  H04L63/166 ,  H04W4/023 ,  H04W4/027

Abstract: A method includes receiving, in a first device, an access request. The method further includes measuring a motion of the first device to determine a first motion value, performing a pairing protocol with a second device, and granting the access request responsive to a successful pairing in accordance with the pairing protocol. The pairing protocol comprises a cryptographic commitment process. The successful pairing is based at least in part on a determination that a second motion value supplied by the second device substantially matches the first motion value. The cryptographic commitment process comprises sending a committed first motion value to the second device prior to receiving the second motion value from the second device.

Abstract translation: 一种方法包括在第一设备中接收访问请求。 该方法还包括测量第一设备的运动以确定第一运动值，与第二设备执行配对协议，以及响应于根据配对协议的成功配对来授予访问请求。 配对协议包括加密承诺过程。 成功配对至少部分地基于由第二设备提供的第二运动值基本上与第一运动值匹配的确定。 加密承诺过程包括在从第二设备接收到第二运动值之前向第二设备发送提交的第一运动值。

公开(公告)号：US09037858B1

公开(公告)日：2015-05-19

申请号：US13795801

申请日：2013-03-12

Applicant: EMC Corporation

Inventor： Ari Juels ,  Sandra Carielli ,  Kevin D. Bowers ,  Guoying Luo

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L9/085 ,  H04L9/3226

Abstract: An authentication system comprises multiple servers and a controller coupled to or otherwise associated with the servers. The controller is configured to control storage in the servers of respective chaff sets or other types of value sets, each including at least one secret value obscured within a distinct arrangement of other values. Each of the servers comprises a local verifier configured to generate an indication as to whether or not a received input value corresponds to one of the values in its value set. The controller comprises a global verifier configured to authenticate the received input value based on the indications generated by at least a subset of the servers. By way of example, the secret value may comprise a common value which is the same for all of the value sets, with the value sets otherwise including distinct values such that their intersection yields only the common value.

Abstract translation: 认证系统包括多个服务器和耦合到或与服务器相关联的控制器。 控制器被配置为控制各个衣服组或其他类型的值集合的服务器中的存储，每个包含至少一个秘密值在其他值的不同排列中被遮蔽。 每个服务器包括本地验证器，其被配置为生成关于接收到的输入值是否对应于其值集合中的一个值的指示。 控制器包括全球验证器，其被配置为基于由至少一个服务器的子集产生的指示来认证所接收的输入值。 作为示例，秘密值可以包括对于所有值集合相同的公共值，其中值集合否则包括不同的值，使得它们的交集仅产生公共值。

公开(公告)号：US08977847B1

公开(公告)日：2015-03-10

申请号：US13798542

申请日：2013-03-13

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/32 ,  H04L9/3271

Abstract: A distributed challenge-response protocol is carried out between a verifier and a prover. The verifier comprises servers storing respective shares of a set of challenge-response pairs. A particular challenge of one of the challenge-response pairs is sent to the prover, and a response to the challenge is received from the prover. The received response is authenticated as an appropriate response to the particular challenge based on indications from respective ones of at least a subset of the servers as to whether or not the received response matches respective reconstructed responses computed by those servers. A given one of the servers may be configured to reconstruct the particular challenge using information associated with the share stored in the given server and information associated with at least one other share stored in at least one other server, with the reconstructed challenge being to be sent to the prover as the particular challenge.

Abstract translation: 在验证者和证明者之间进行分布式的挑战 - 响应协议。 验证器包括存储一组挑战 - 响应对的相应共享的服务器。 挑战 - 响应对之一的特定挑战被发送给证明者，并且从证明者接收到对挑战的响应。 所接收的响应被认证为对特定挑战的适当响应，所述响应基于来自服务器的至少一个子集中的相应的指示来确定所接收的响应是否匹配由这些服务器计算的各个重建响应。 可以将给定的一个服务器配置为使用与存储在给定服务器中的共享相关联的信息来重构特定挑战，以及与存储在至少一个其他服务器中的至少一个其他共享相关联的信息，重新发出的挑战将被发送 作为特定挑战的证明者。

公开(公告)号：US08874904B1

公开(公告)日：2014-10-28

申请号：US13713658

申请日：2012-12-13

Applicant: EMC Corporation

Inventor： Ari Juels ,  Kevin D. Bowers

IPC: H04L9/00 ,  H04L9/32

CPC classification number: H04L9/088 ,  H04L9/0891 ,  H04L9/3228 ,  H04L9/3234

Abstract: A first cryptographic device is configured to store a set of keys that is refreshed in each of a plurality of epochs. The first cryptographic device computes for each of at least a subset of the epochs at least one view based on at least a portion of the set of keys for that epoch, and transmits the views to a second cryptographic device in association with their respective epochs. At least one view computed for a current one of the epochs is configured for utilization in combination with one or more previous views computed for one or more previous ones of the epochs to permit the second cryptographic device to confirm authenticity of the set of keys for the current epoch. The first cryptographic device may include an authentication token and the second cryptographic device may include an authentication server.

Abstract translation: 第一加密设备被配置为存储在多个历元中的每一个中刷新的一组密钥。 所述第一加密设备基于至少一部分所述时期的密钥集合来计算至少一个历元的至少一个子集的至少一个视图，并且将视图与它们各自的历元相关联地发送到第二密码装置。 对于当前时期之一计算的至少一个视图被配置为与针对一个或多个先前的历元计算的一个或多个先前视图结合使用，以允许第二密码装置确认该组密钥的真实性 当前时代 第一加密设备可以包括认证令牌，并且第二密码设备可以包括认证服务器。

公开(公告)号：US09923718B2

公开(公告)日：2018-03-20

申请号：US13961319

申请日：2013-08-07

Applicant: EMC Corporation

Inventor： Daniel Vernon Bailey ,  John G. Brainard ,  Ari Juels ,  Burton S. Kaliski, Jr.

IPC: H04L9/08 ,  H04L29/06 ,  H04W12/06 ,  H04L9/32

CPC classification number: H04L9/0861 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/0838 ,  H04L2209/805 ,  H04W12/06

Abstract: In one aspect, a method comprises the steps of deriving a base point on an elliptic curve in a first processing device, generating authentication information in the first processing device utilizing the base point and a private key of the first processing device, and transmitting the authentication information from the first processing device to a second processing device. The base point on the elliptic curve may be derived, for example, by applying a one-way function to a current time value, or by computation based on a message to be signed.

公开(公告)号：US09495668B1

公开(公告)日：2016-11-15

申请号：US14039215

申请日：2013-09-27

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06 ,  G06Q20/06

CPC classification number: G06Q20/06 ,  G06Q20/065 ,  H04L9/3236 ,  H04L63/10 ,  H04L63/1458 ,  H04L63/166 ,  H04L2209/38 ,  H04L2209/56

Abstract: A method comprises sending a set of values from a first party to a second party, the set of values being usable to compute a solution to a first problem involving inversion of a first one-way function. The method further comprises receiving a given value from the second party and utilizing the given value as an input for computing a solution to a second problem involving inversion of a second one-way function, wherein a valid solution to the second problem uses as input a valid solution to the first problem.

Abstract translation: 一种方法包括将一组值从第一方发送到第二方，所述一组值可用于计算涉及第一单向函数的反转的第一问题的解。 所述方法还包括从所述第二方接收给定值并利用所述给定值作为用于计算涉及第二单向函数的反转的第二问题的解的输入，其中所述第二问题的有效解决方案用作输入 有效的解决第一个问题。

公开(公告)号：US09430501B1

公开(公告)日：2016-08-30

申请号：US13731654

申请日：2012-12-31

Applicant: EMC Corporation

Inventor： Ting-Fang Yen ,  Ari Juels ,  Kaan Onarlioglu ,  Alina Oprea

IPC: G06F17/30

CPC classification number: G06F17/30283 ,  G06F17/30008 ,  G06F17/30067 ,  G06F17/30144 ,  G06F17/30241 ,  G06F17/30303

Abstract: Time correction records are created for correcting timestamps of network logs to identify timing of network events in a predetermined time reference frame, the network logs being created by logging devices generating the timestamps in device time reference frames. For each logging device, one or more network events are generated or identified at respective event times in the predetermined time reference frame, each network event having a corresponding event-related network log from the logging device and a respective timestamp in a device time reference frame. For each network event, a respective difference value is calculated as a difference between the event time and a respective timestamp from a network log. For each logging device, a selection function is applied to the difference values to calculate a correction value, and the correction value is stored along with an identifier of the logging device in a time correction record.

Abstract translation: 创建时间校正记录用于校正网络日志的时间戳以识别预定时间参考帧中的网络事件的定时，网络日志是通过记录在设备时间参考帧中生成时间戳的设备来创建的。 对于每个记录设备，在预定时间参考帧中的相应事件时间生成或识别一个或多个网络事件，每个网络事件具有来自记录设备的对应的事件相关网络日志以及设备时间参考帧中的相应时间戳 。 对于每个网络事件，相应的差值被计算为来自网络日志的事件时间和相应时间戳之间的差。 对于每个记录装置，对差值应用选择功能以计算校正值，并且将校正值与记录装置的标识符一起存储在时间校正记录中。

公开(公告)号：US09083515B1

公开(公告)日：2015-07-14

申请号：US13728271

申请日：2012-12-27

Applicant: EMC Corporation

Inventor： Marten van Dijk ,  Nikolaos Triandopoulos ,  Ari Juels ,  Ronald Rivest

IPC: H04L9/22 ,  H04L9/08 ,  H04L29/06 ,  H04L9/00

CPC classification number: H04L9/0869 ,  H04L9/005 ,  H04L9/0891 ,  H04L63/068 ,  H04L63/1441 ,  H04L2209/38

Abstract: Methods and apparatus are provided for generation of forward secure pseudorandom numbers that are resilient to such forward clock attacks. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node νi in a hierarchical tree, wherein the current leaf νi produces a first pseudorandom number ri−1; updating the first state si to a second state si+t corresponding to a second leaf node νi+t; and computing a second pseudorandom number ri+t−1 corresponding to the second leaf node νi+t, wherein the second pseudorandom number ri+t−1 is based on a forward clock reset index that identifies an instance of the hierarchical tree, wherein the instance of the hierarchical tree is incremented when one or more criteria indicating a forward clock attack are detected. The forward clock reset index can be encoded in a forward secure manner in the hierarchical tree.

Abstract translation: 提供了用于产生对这种前向时钟攻击具有弹性的前向安全伪随机数的方法和装置。 通过获得与分层树中的当前叶节点＆ngr; i对应的第一状态si来生成正向安全伪随机数，其中当前叶子n产生第一伪随机数ri-1; 将第一状态si更新为对应于第二叶节点ngr i + t的第二状态si + t; 并且计算与第二叶节点＆ngr; i + t对应的第二伪随机数ri + t-1，其中第二伪随机数ri + t-1基于标识分层树的实例的前向时钟重置索引， 其中当检测到指示前向时钟攻击的一个或多个准则时，分层树的实例被增加。 正向时钟复位索引可以以分层树中的前向安全方式进行编码。

公开(公告)号：US09032212B1

公开(公告)日：2015-05-12

申请号：US13840654

申请日：2013-03-15

Applicant: EMC Corporation

Inventor： Ari Juels

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/088 ,  H04L9/0891 ,  H04L9/3226 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3247 ,  H04L63/068

Abstract: In one embodiment, a set of servers generates at least one challenge that is sent to a client. The servers receive from the client a response that includes a message generated as a function of the challenge. The response also includes a digital signature computed on the message using a secret key of a key pair generated for a current epoch. The client is authenticated based on indications from respective ones of the servers as to whether or not the received response is accepted as valid by that server. Other embodiments involve interaction between a set of servers and a relying party in authenticating a passcode, password or other information received from a client. The client in some embodiments may comprise a connected authentication token or other type of hardware or software authentication token.

Abstract translation: 在一个实施例中，一组服务器生成发送给客户端的至少一个挑战。 服务器从客户端接收包含作为挑战的函数产生的消息的响应。 响应还包括使用为当前时期生成的密钥对的秘密密钥在消息上计算的数字签名。 基于来自相应服务器的指示来确认客户端是否接收到该服务器的有效的响应。 其他实施例涉及在一组服务器和依赖方之间进行认证从客户端接收的密码，密码或其他信息中的交互。 在一些实施例中，客户端可以包括连接的认证令牌或其他类型的硬件或软件认证令牌。