-
11.发明授权Method of achieving optimistic multiple processor agreement in potentially asynchronous networks 失效在潜在异步网络中实现乐观多处理器协议的方法公开(公告)号:US06754845B2
公开(公告)日:2004-06-22
申请号:US09759122
申请日:2001-01-12
申请人: Klaus Kursawe , Victor Shoup
发明人: Klaus Kursawe , Victor Shoup
IPC分类号: G06F1100
CPC分类号: G06F11/187 , G06F11/182
摘要: A method for achieving agreement among n participating network devices to an agree-value in a network is disclosed. The method proposes an optimistic approach to the consensus problem, whereby the number t of faulty devices is less than n/3. It is distinguished between an optimistic and pessimistic case. In the pessimistic case, a fallback agreement protocol is performed that reaches the same agree-value as the method in the optimistic case outputs.
摘要翻译: 公开了一种在n个参与网络设备之间达成一致的网络中的同意值的方法。 该方法针对共识问题提出了一种乐观的方法,其中故障设备的数量t小于n / 3。 它是区分乐观和悲观的情况。 在悲观的情况下,执行回退协议协议,达到与乐观情况输出中的方法相同的同意价值。
-
12.发明授权Method for secure communication in a network, a communication device, a network and a computer program therefor 有权用于网络中的安全通信的方法,通信设备,网络及其计算机程序公开(公告)号:US09077520B2
公开(公告)日:2015-07-07
申请号:US13254462
申请日:2010-03-16
CPC分类号: H04L9/083 , H04L9/085 , H04L2209/80 , H04W12/04
摘要: A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.
摘要翻译: 一种用于保护网络(1)中的第一节点(N1)和第二节点(N2)之间的通信的方法,还包括具有根密钥材料的管理设备(2),所述管理设备(2)包括以下步骤:所述管理设备生成 基于根密钥材料,第一节点密钥材料共享包括多个子元素,并且所述第一节点密钥资源共享被布置用于生成第一完整密钥,所述管理设备选择所述第一密钥的子元素的子集 选择的子元素的数量小于或等于第一密钥材料共享的子元素的总数的数量,以及形成第一节点部分密钥材料共享或对称密钥生成引擎的所选择的子元素, 所述第一节点基于所述第一节点对称密钥生成引擎和所述第二节点的标识符生成用于保护与所述第二节点的通信的第一密钥。
-
公开(公告)号:US08271791B2
公开(公告)日:2012-09-18
申请号:US12128019
申请日:2008-05-28
申请人: Peter Buhler , Klaus Kursawe , Roman Maeder , Michael Osborne
发明人: Peter Buhler , Klaus Kursawe , Roman Maeder , Michael Osborne
IPC分类号: G06F21/00
CPC分类号: H04L9/3297 , H04L9/3234 , H04L9/3247 , H04L2209/60
摘要: A method for digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render currently cryptographic key-lengths insufficient. A double signature is issued for each document. A first digital signature ensures the long term security, while a second digital signature ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.
摘要翻译: 一种用于数字签名电子文件的方法,该文件要保持很长一段时间的安全性,从而考虑到可能使当前加密密钥长度不足的未来加密开发。 每个文件都签发双重签名。 第一个数字签名确保长期的安全性,而第二个数字签名确保个人用户的参与。 因此,第二数字签名在其生成中的计算密度比第一数字签名少。
-
14.发明申请公开(公告)号:US20120114123A1
公开(公告)日:2012-05-10
申请号:US13384016
申请日:2010-07-09
CPC分类号: H04W12/10 , H04L9/3236 , H04L63/123 , H04L2209/38 , H04L2209/805 , H04W12/0023 , H04W84/18
摘要: The invention relates to a method for securely broadcasting sensitive data in a wireless sensor networks comprising a central device, called trust center, and a plurality of sensor nodes, the trust center being initialized with a cryptographic hash chain and each node being initialized with a node key and the anchor of the trust center hash chain, the method comprising the following steps: the trust center broadcasting a first secure message to the nodes, each node, after reception of the first message, creating a first acknowledgment message, and transmitting it back to the trust center, the trust center checking whether all the nodes have transmitted respective first acknowledgment message, and in case all messages have been received, the trust center securely broadcasting sensitive data in a third message, the nodes checking, based on elements included in the first message, whether sensitive data actually originates from the trust center.
摘要翻译: 本发明涉及一种用于在无线传感器网络中安全地广播敏感数据的方法,该无线传感器网络包括称为信任中心和多个传感器节点的中央设备,该信任中心利用密码散列链进行初始化,并且每个节点被初始化为一个节点 密钥和信任中心哈希链的锚点,该方法包括以下步骤:信任中心在接收到第一消息之后向节点,每个节点广播第一安全消息,创建第一确认消息并将其发送回 信任中心检查所有节点是否已经发送了相应的第一确认消息,并且在已经接收到所有消息的情况下,信任中心在第三消息中安全地广播敏感数据,节点根据包括在 第一个消息是,敏感数据是否来自信托中心。
-
公开(公告)号:US20090327732A1
公开(公告)日:2009-12-31
申请号:US12128019
申请日:2008-05-28
申请人: Peter Buhler , Klaus Kursawe , Roman Maeder , Michael Osborne
发明人: Peter Buhler , Klaus Kursawe , Roman Maeder , Michael Osborne
IPC分类号: H04L9/32
CPC分类号: H04L9/3297 , H04L9/3234 , H04L9/3247 , H04L2209/60
摘要: The present invention relates to digitally signing of electronic documents which are to be kept secure for a very long time, thereby taking into account future cryptographic developments which could render current cryptographic key-lengths insufficient. In accordance with the invention a double signature is issued for each document. A first digital signature (DTS) ensures the long time security, whilst a second digital signature (DUS) ensures the involvement of an individual user. Thereby, the second digital signature is less computationally intensive in its generation than the first digital signature.
摘要翻译: 本发明涉及电子文件的数字签名,这些电子文件要保持很长时间的安全性,从而考虑到可能使当前加密密钥长度不足的将来密码开发。 根据本发明,为每个文件签发双签名。 第一个数字签名(DTS)确保了长时间的安全性,而第二个数字签名(DUS)确保了个人用户的参与。 因此,第二数字签名在其生成中的计算密度比第一数字签名少。
-
16.发明授权公开(公告)号:US06957331B2
公开(公告)日:2005-10-18
申请号:US09759127
申请日:2001-01-12
申请人: Klaus Kursawe , Victor Shoup , Christian Cachin
发明人: Klaus Kursawe , Victor Shoup , Christian Cachin
CPC分类号: G06F11/182 , G06F11/187 , H04L9/3255 , H04L2209/56
摘要: Byzantine Agreement requires a set of parties in a distributed system to agree on a value even if some parties are corrupted. The invention comprises a method for achieving agreement among participating network devices in an asynchronous network is disclosed that makes use of cryptography, specifically of threshold digital signatures and a distributed coin-tossing protocol.
摘要翻译: 拜占庭协议要求分配制度中的一组缔约方就某些缔约方的腐败现象达成协议。 本发明包括一种用于在异步网络中参与的网络设备之间达成一致的方法,其公开了利用密码学,特别是阈值数字签名和分布式硬币投递协议。
-
公开(公告)号:US08707435B2
公开(公告)日:2014-04-22
申请号:US13375567
申请日:2010-05-28
IPC分类号: H04L29/00
CPC分类号: H04L9/083 , H04L63/0884 , H04L2209/80 , H04L2463/144 , H04W12/04 , H04W12/12 , H04W84/18
摘要: The invention relates to a method for identifying compromised nodes in a ZigBee network comprising a general trust center, divided in at least two security domains, each security domain corresponding to a spatial or temporal area, and being associated with a different root keying material, and each node being identified by an identifier, the method comprising: upon detection of a node (U1) entering into a security domain (SD), the general trust center (TC) distributing to the node at least one keying material share corresponding to the entered security domain, and upon detecting corruption of at least two security domains, determining, for each security domain, based on information registered by the base station (BTS), a respective set of nodes having received keying material corresponding to said security domain,—comparing the respective sets of nodes and identifying the common nodes as being compromised.
摘要翻译: 本发明涉及一种用于识别ZigBee网络中的受损节点的方法,包括在至少两个安全域中划分的一般信任中心,对应于空间或时间区域的每个安全域,并且与不同的根密钥材料相关联,以及 每个节点由标识符标识,所述方法包括:在检测到进入安全域(SD)的节点(U1)时,所述通用信任中心(TC)向所述节点分发与输入的对应的至少一个密钥材料共享 安全域,并且在检测到至少两个安全域的损坏时,针对每个安全域,基于由所述基站(BTS)登记的信息,确定已经接收到与所述安全域相对应的密钥材料的相应组节点 - 比较 相应的节点集合并且将公共节点识别为被破坏。
-
公开(公告)号:US20120084863A1
公开(公告)日:2012-04-05
申请号:US13375567
申请日:2010-05-28
IPC分类号: G06F21/00
CPC分类号: H04L9/083 , H04L63/0884 , H04L2209/80 , H04L2463/144 , H04W12/04 , H04W12/12 , H04W84/18
摘要: The invention relates to a method for identifying compromised nodes in a ZigBee network comprising a general trust center, divided in at least two security domains, each security domain corresponding to a spatial or temporal area, and being associated with a different root keying material, and each node being identified by an identifier, the method comprising: upon detection of a node (U1) entering into a security domain (SD), the general trust center (TC) distributing to the node at least one keying material share corresponding to the entered security domain, and upon detecting corruption of at least two security domains, determining, for each security domain, based on information registered by the base station (BTS), a respective set of nodes having received keying material corresponding to said security domain,—comparing the respective sets of nodes and identifying the common nodes as being compromised.
摘要翻译: 本发明涉及一种用于识别ZigBee网络中的受损节点的方法,包括在至少两个安全域中划分的一般信任中心,对应于空间或时间区域的每个安全域,并且与不同的根密钥材料相关联,以及 每个节点由标识符标识,所述方法包括:在检测到进入安全域(SD)的节点(U1)时,所述通用信任中心(TC)向所述节点分发与输入的对应的至少一个密钥材料共享 安全域,并且在检测到至少两个安全域的损坏时,针对每个安全域,基于由所述基站(BTS)登记的信息,确定已经接收到与所述安全域相对应的密钥材料的相应组节点 - 比较 相应的节点集合并且将公共节点识别为被破坏。
-
公开(公告)号:US20110153944A1
公开(公告)日:2011-06-23
申请号:US12645190
申请日:2009-12-22
申请人: Klaus Kursawe
发明人: Klaus Kursawe
CPC分类号: G06F12/126 , G06F12/0802 , G06F12/0804 , G06F21/71 , G06F21/78 , G06F2212/1052 , G06F2212/2515 , G06F2221/2147 , G06F2221/2149
摘要: A variety of circuits, methods and devices are implemented for secure storage of sensitive data in a computing system. A first dataset that is stored in main memory is accessed and a cache memory is configured to maintain logical consistency between the main memory and the cache. In response to determining that a second dataset is a sensitive dataset, the cache memory is directed to store the second dataset in a memory location of the cache memory without maintaining logical consistency with the dataset and main memory.
摘要翻译: 为了在计算系统中安全地存储敏感数据,实现了各种电路,方法和设备。 访问存储在主存储器中的第一数据集,并且配置高速缓存存储器以维持主存储器和高速缓存之间的逻辑一致性。 响应于确定第二数据集是敏感数据集,高速缓存存储器被定向以将第二数据集存储在高速缓存存储器的存储器位置中,而不保持与数据集和主存储器的逻辑一致性。
-
公开(公告)号:US20100138669A1
公开(公告)日:2010-06-03
申请号:US12529796
申请日:2008-03-11
申请人: Klaus Kursawe , Timothy Kerins
发明人: Klaus Kursawe , Timothy Kerins
CPC分类号: G06F21/10 , G06F21/60 , G06F21/62 , G06F2211/007 , G06F2221/2107 , H04L9/0618 , H04L9/065 , H04L9/0861 , H04L63/0428 , H04L63/0435 , H04L63/0457
摘要: It is described a method for encrypting and a method for decrypting at least a portion (155) of a dataset being stored in a memory (150), wherein the dataset has at least two dimensions. The described multi-dimensional cryptographic methods comprise forming a first keystream (165) being assigned to a first dimension of the dataset and forming a second keystream (175) being assigned to a second dimension of the dataset The encrypting method further comprises encrypting each data packet of the portion (155) of the dataset by using a combination of the first keystream (165) and the second keystream (175). The decrypting method further comprises decrypting each data packet of the portion (155) of the dataset by using a combination of the first keystream (165) and the second keystream (175). It is further described a method for temporarily storing at least a portion (155) of a dataset into a memory (150) and a device for handling a dataset, which method and which device take advantage of the above-described encrypting method and/or the above-described decrypting method.
摘要翻译: 描述了一种用于加密的方法和用于解密存储在存储器(150)中的数据集的至少一部分(155)的方法,其中数据集具有至少两个维度。 所描述的多维密码方法包括形成分配给数据集的第一维度的第一密钥流(165),并形成分配给数据集的第二维度的第二密钥流(175)。加密方法还包括加密每个数据包 通过使用第一密钥流(165)和第二密钥流(175)的组合来创建数据集的部分(155)。 解密方法还包括通过使用第一密钥流(165)和第二密钥流(175)的组合来解密数据集的部分(155)的每个数据分组。 进一步描述了一种用于将数据集的至少一部分(155)临时存储到存储器(150)和用于处理数据集的装置的方法,该方法和哪个装置利用上述加密方法和/或 上述解密方法。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.017 秒)
