公开(公告)号：US20050193204A1

公开(公告)日：2005-09-01

申请号：US11032520

申请日：2005-01-10

Applicant: David Engberg ,  Phil Libin ,  Silvio Micali

Inventor： David Engberg ,  Phil Libin ,  Silvio Micali

IPC: H04L9/00

CPC classification number: H04L9/3268 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/80

Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The first party may cache the artificially pre-computed OCSP response for future transactions.

Abstract translation: 促进第一方和第二方之间的交易包括在发起交易之前，其中一方获得关于特定数字证书的人为预先计算的OCSP响应，其中人为地预先计算出的OCSP响应由实体产生 除了第一方和第二方之外，与交易相关的当事方之一发起交易，向第二方提供特定数字证书的第一方，以及使用人为预先验证特定数字证书的第二方 计算OCSP响应。 第二方可以在事务开始之前获得人为预先计算的OCSP响应。 第二方可以缓存人为预先计算的OCSP响应以供将来的交易使用。 第一方可以在交易开始之前获得人为预先计算的OCSP响应。 第一方可以缓存人为预先计算的OCSP响应以用于将来的交易。

公开(公告)号：US20050044386A1

公开(公告)日：2005-02-24

申请号：US10893150

申请日：2004-07-16

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

IPC: H04L9/00

CPC classification number: H04L9/00 ,  H04L9/3226 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263

Abstract: Determining access includes determining if particular credentials/proofs indicate that access is allowed, determining if there is additional data associated with the credentials/proofs, wherein the additional data is separate from the credentials/proofs, and, if the particular credentials/proofs indicate that access is allowed and if there is additional data associated with the particular credentials/proofs, then deciding whether to deny access according to information provided by the additional data. The credentials/proofs may be in one part or in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.

Abstract translation: 确定访问包括确定特定凭证/证明是否指示允许访问，确定是否存在与证书/证明相关联的附加数据，其中附加数据与证书/证明分开，并且如果特定凭证/证明表明 允许访问，并且如果存在与特定证书/证明相关联的附加数据，则根据附加数据提供的信息来决定是否拒绝访问。 凭证/证明可以在一个部分或分开的部分。 可能有一个第一个管理实体生成凭证和生成证明的其他管理实体。 第一个管理实体也可以生成证据，或者不会生成证明。 证书可以对应于数字证书，其包括作为将单向函数应用于第一个证明的结果的最终值。

公开(公告)号：US20050044376A1

公开(公告)日：2005-02-24

申请号：US10893165

申请日：2004-07-16

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

IPC: H04L9/00

CPC classification number: H04L9/3247 ,  H04L9/3268 ,  H04L2209/80

Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user. The credential may be stored in a second card different from the first card, and the first door may rely on information about the authenticated data by retrieving such information from storage. The authenticated data may be first stored in at least one other card different from the first card and the authenticated data may be transferred from the at least one other card to the first card. The authenticated data may be transferred from the at least one other card to the first card by first being transferred to at least one other door different from the first door.

Abstract translation: 发布和传播关于凭证的数据包括：使实体发出指示证书已被撤销的认证数据，使认证数据存储在第一用户的第一卡中，利用第一卡将认证数据传送到 第一门，具有关于认证数据的第一门店信息，并且使第一门依靠关于认证数据的信息来拒绝对证书的访问。 认证数据可以通过数字签名认证，并且第一门可以验证数字签名。 数字签名可以是公钥数字签名。 数字签名的公钥可能与凭证相关联。 数字签名可以是私钥数字签名。 证书和第一张卡可能都属于第一个用户。 证书可以存储在与第一卡不同的第二卡中，并且第一门可以通过从存储检索这些信息来依赖关于认证数据的信息。 认证数据可以首先存储在与第一卡不同的至少一个其他卡中，并且认证数据可以从至少一个其他卡传送到第一卡。 经认证的数据可以通过首先被传送到与第一门不同的至少一个其他门，从至少一个其他卡传送到第一卡。

公开(公告)号：US20050033962A1

公开(公告)日：2005-02-10

申请号：US10893164

申请日：2004-07-16

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg

IPC: H04L9/00

CPC classification number: H04L9/3247 ,  G07C9/00103 ,  G07C9/00571 ,  G07C2209/08

Abstract: An entity controlling access of a plurality of users to at least one disconnected door includes mapping the plurality of users to a group, for each time interval d of a sequence of dates, having an authority produce a digital signature indicating that members of the group can access door during time interval d, causing at least one of the members of the group to receive the digital signature during time interval d for presentation to the door in order to pass therethrough, having the at least one member of the group present the digital signature to the door D, and having the door open after verifying that (i) the digital signature is a digital signature of the authority indicating that members of the group can access the door at time interval d, and (ii) that the current time is within time interval d. The at least one member of the group may have a user card and the door may have a card reader coupled to an electromechanical lock, and the at least one member of the group may receive the digital signature by storing it into the user card, and may present the digital signature to the door by having the user card read by the card reader.

Abstract translation: 控制多个用户对至少一个断开的门的访问的实体包括：对于具有权限的每个时间间隔d，将多个用户映射到一个组，具有指示组的成员可以 在时间间隔d内访问门，使得组中的至少一个成员在时间间隔d期间接收数字签名，以呈现给门以便通过，具有组中的至少一个成员呈现数字签名 在门D之后，并且在验证（i）数字签名是授权机构的数字签名，指示该组成员可以在时间间隔d访问该门的情况下，并且（ii）当前时间是 在时间间隔内d。 组中的至少一个成员可以具有用户卡，并且门可以具有耦合到机电锁的读卡器，并且该组的至少一个成员可以通过将数字签名存储到用户卡中来接收数字签名，以及 可以通过读卡器读取用户卡将数字签名呈现给门。

公开(公告)号：US20050010783A1

公开(公告)日：2005-01-13

申请号：US10876275

申请日：2004-06-24

Applicant: Phil Libin ,  Silvio Micali

Inventor： Phil Libin ,  Silvio Micali

IPC: G06F20060101 ,  G06F21/33 ,  G06Q10/00 ,  H04K1/00

CPC classification number: G06F21/33 ,  G06Q10/00 ,  G06Q90/00

Abstract: At least one administration entity controls access to an electronic device by the at least one administration entity generating credentials and a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the electronic device receiving the credentials, if access is authorized at a particular time, the electronic device receiving a proof corresponding to the particular time, and the electronic device confirming the proof using the credentials. The at least one administration entity may generate proofs after generating the credentials. A single administration entity may generate the credentials and generate the proofs. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not. The credentials may be a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs. Each of the proofs may be a result of applying a one way function to a future one of the proofs. The digital certificate may include an identifier for the electronic device.

Abstract translation: 至少一个管理实体控制由至少一个管理实体对电子设备的访问，该管理实体生成用于电子设备的证书和多个对应证明，其中没有有效的证明是可被确定的，仅给出期限证明的证书和值，电子设备 如果在特定时间授权访问，则电子设备接收与特定时间相对应的证明，以及电子设备使用凭证确认证明。 至少一个管理实体可以在生成凭证之后生成证明。 单个管理实体可以生成证书并生成证明。 可能有一个第一个管理实体生成凭证和生成证明的其他管理实体。 第一个管理实体也可以生成证明，也可能不生成证据。 凭证可以是数字证书，其包括作为将单向函数应用于第一个证明的结果的最终值。 每个证明可能是将单向函数应用于将来的一个证明的结果。 数字证书可以包括电子设备的标识符。

公开(公告)号：US10089404B2

公开(公告)日：2018-10-02

申请号：US13399576

申请日：2012-02-17

Applicant: Phil Libin ,  Phil Constantinou ,  Dmitry Stavisky ,  Alex Pachikov ,  Pavel Skaldin ,  Andrew Sinkov ,  Jakob Bignert

Inventor： Phil Libin ,  Phil Constantinou ,  Dmitry Stavisky ,  Alex Pachikov ,  Pavel Skaldin ,  Andrew Sinkov ,  Jakob Bignert

IPC: G06F7/00 ,  G06F17/30

Abstract: A system is provided for presenting users with relevant personalized and/or customized information whenever a visitor visits a website or performs an Internet search. The described system described herein advantageously provides for the saving (clipping) of website information as an integrated part of a visitor's browsing experience. The user may be presented with either a suggested list of notebooks and/or a suggested list of tags for the website informationa. The content of the website information that is clipped may be advantageously controlled by a website owner/publisher. Using website clips, identified as “notes,” previously stored by a visitor, currently displayed website content may be accordingly modified in connection with identified relevant notes and/or a notification may be displayed on the current website for a particular visitor identifying stored relevant notes of the visitor.

公开(公告)号：US08327149B2

公开(公告)日：2012-12-04

申请号：US12657791

申请日：2010-01-27

Applicant: Silvio Micali ,  Phil Libin ,  Brandon Volbright

Inventor： Silvio Micali ,  Phil Libin ,  Brandon Volbright

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3265 ,  H04L2209/56

Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.

Abstract translation: 指示数据电流包括在日期序列的任何日期，在特定时间间隔内发出指示数据的当前状态的证明。 证明可能是数字签名。 时间间隔可以是当前日期和时间量的形式。 证明可以包括时间间隔的数字签名。 该证明可以包括时间间隔和数据的数字签名。 证明可以包括时间间隔的数字签名和诸如散列的紧凑形式的数据。 指示数据电流还可以包括将证明分发到响应用户对证明的请求的多个不安全单元。 指示数据电流还可以包括收集多个单独的数据片段，并为单独的数据片提供单一证明。 数据可以是电子文件。

公开(公告)号：US20120274444A1

公开(公告)日：2012-11-01

申请号：US13399480

申请日：2012-02-17

Applicant: Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

Inventor： Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

IPC: G05B19/00

CPC classification number: G07C9/00031 ,  G07C9/00134

Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

Abstract translation: 公开了一种用于通过数字证书验证过程来控制物理访问的系统和方法，所述数字证书验证过程使用标准证书格式，并且使得认证机构（CA）可以在任何时间间隔（例如，每天， 小时或分钟），从C的发行日期开始，D1。 C的时间粒度可以在证书本身内指定，除非对所有证书是相同的。 例如，所有证书可能具有一天的粒度，每个证书在发布后365天到期。 给定由CA提供的某些初始输入，单向散列函数用于计算数字证书中包含的指定字节大小的值，并计算保密并在验证过程中使用的其他值。

公开(公告)号：US07966487B2

公开(公告)日：2011-06-21

申请号：US11032520

申请日：2005-01-10

Applicant: David Engberg ,  Phil Libin ,  Silvio Micali

Inventor： David Engberg ,  Phil Libin ,  Silvio Micali

IPC: H04L9/32 ,  G06F7/04 ,  G06F17/30

CPC classification number: H04L9/3268 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/80

Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The first party may cache the artificially pre-computed OCSP response for future transactions.

Abstract translation: 促进第一方和第二方之间的交易包括在发起交易之前，其中一方获得关于特定数字证书的人为预先计算的OCSP响应，其中人为地预先计算出的OCSP响应由实体产生 除了第一方和第二方之外，与交易相关的当事方之一发起交易，向第二方提供特定数字证书的第一方，以及使用人为预先验证特定数字证书的第二方 计算OCSP响应。 第二方可以在事务开始之前获得人为预先计算的OCSP响应。 第二方可以缓存人为预先计算的OCSP响应以供将来的交易使用。 第一方可以在交易开始之前获得人为预先计算的OCSP响应。 第一方可以缓存人为预先计算的OCSP响应以用于将来的交易。

公开(公告)号：US20100268956A1

公开(公告)日：2010-10-21

申请号：US12657791

申请日：2010-01-27

Applicant: Silvio Micali ,  Phil Libin ,  Brandon Volbright

Inventor： Silvio Micali ,  Phil Libin ,  Brandon Volbright

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3265 ,  H04L2209/56

Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.