-
公开(公告)号:US07660994B2
公开(公告)日:2010-02-09
申请号:US10876275
申请日:2004-06-24
Applicant: Phil Libin , Silvio Micali
Inventor: Phil Libin , Silvio Micali
IPC: H04K1/00
Abstract: An administration entity controls access to an electronic device by generating credentials and a plurality of corresponding proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs. The electronic device receives the credentials and, if access is authorized at a particular time, the electronic device receives a proof corresponding to the particular time and confirms the proof using the credentials. A single administration entity may generate the credentials and generate the proofs and/or there may be a first administration entity that generates the credentials and other administration entities that generate proofs. The credentials may be a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
Abstract translation: 管理实体通过生成凭证和多个对应的证明来控制对电子设备的访问,其中仅给出证明和过期证明的值,才能确定有效的证明。 电子设备接收凭证,并且如果在特定时间授权访问,则电子设备接收与特定时间相对应的证明,并且使用凭证来确认证明。 单个管理实体可以生成证书并生成证明和/或可以存在生成凭证的第一管理实体和产生证明的其他管理实体。 凭证可以是数字证书,其包括作为将单向函数应用于第一个证明的结果的最终值。
-
公开(公告)号:US20080211624A1
公开(公告)日:2008-09-04
申请号:US12069227
申请日:2008-02-08
Applicant: Silvio Micali , David Engberg , Phil Libin , Leo Reyzin , Alex Sinelnikov
Inventor: Silvio Micali , David Engberg , Phil Libin , Leo Reyzin , Alex Sinelnikov
IPC: H04L9/32
CPC classification number: H04L9/3236 , H04L9/007 , H04L9/3247 , H04L9/3263 , H04L2209/56 , H04L2209/805
Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
-
公开(公告)号:US07205882B2
公开(公告)日:2007-04-17
申请号:US10985348
申请日:2004-11-10
Applicant: Phil Libin
Inventor: Phil Libin
CPC classification number: H04W12/08 , G07C9/00103 , G07C9/00309 , G07C9/00817 , G07C2009/00825 , G07C2209/08 , G08C17/02 , G08C2201/21 , G08C2201/93 , G08C2201/94 , H04L63/0846
Abstract: Actuating a security system includes providing a first set of access codes to a wireless device and causing the wireless device to transmit the first set of access codes to a first controller that actuates the security system. The first set of access codes provided to the wireless device may expire. Actuating a security system may also include providing expiration dates for each of the first set of access codes provided to the wireless device. Actuating a security system may also include examining each of the expiration dates and, in response to a particular expiration date being prior to a current date, erasing from the wireless device a particular one of the first set of access codes that corresponds to the particular expiration date.
Abstract translation: 启动安全系统包括向无线设备提供第一组访问代码,并且使无线设备将第一组访问代码发送到致动安全系统的第一控制器。 提供给无线设备的第一组接入码可能会过期。 启动安全系统还可以包括为提供给无线设备的第一组访问代码中的每一个提供到期日期。 启动安全系统还可以包括检查每个到期日期,并且响应于在当前日期之前的特定有效期,从无线设备擦除与特定到期日期对应的第一组访问代码中的特定一个 日期。
-
公开(公告)号:US09158288B2
公开(公告)日:2015-10-13
申请号:US13561267
申请日:2012-07-30
Applicant: Phil Libin , Silvio Micali , David Engberg
Inventor: Phil Libin , Silvio Micali , David Engberg
IPC: B60R25/00 , G05B19/00 , G05B23/00 , G06K5/00 , G06F7/04 , G05B1/00 , G07C9/00 , H04W4/02 , H04L29/06
CPC classification number: G05B1/00 , G07C9/00039 , G07C9/00103 , G07C9/00158 , H04L63/08 , H04L63/102 , H04L63/1416 , H04W4/021
Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.
Abstract translation: 与访问区域相关联的记录事件包括记录与访问该区域相关联的事件以提供事件记录和至少认证事件记录以提供经认证的记录。 记录事件可能包括记录事件的时间。 记录事件可能包括记录一种事件。 该事件可能是访问该地区的尝试。 记录事件可能包括与访问该区域的尝试相关联的记录凭证/证明。 记录事件可能包括记录尝试的结果。 记录事件可以包括记录除了表示应该拒绝访问的凭据/证明之外的数据的存在。 记录事件可能包括记录与该区域相关的附加数据。 记录录制可能包括对录音进行数字签名。
-
公开(公告)号:US08099603B2
公开(公告)日:2012-01-17
申请号:US11804798
申请日:2007-05-21
Applicant: Phil Libin , David Engberg
Inventor: Phil Libin , David Engberg
CPC classification number: H04L9/3234 , G06Q20/367 , G06Q20/3672 , G06Q20/3674 , G06Q20/382 , H04L9/0866 , H04L9/3226 , H04L2209/80 , H04W12/08
Abstract: A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.
Abstract translation: 可以使用提供有效保护所传送的非公开属性信息的具有成本效益的系统,例如来控制对安全区域的访问。 可以使用诸如XOR和/或流密码加密之类的对称加密技术来执行属性信息的加密。 存储和发送加密的属性信息的集中式数据库可以基于所选择的信息字节生成加密/解密密钥,例如从插入到安全区域使用的手持设备的卡中取出。 用于生成加密密钥流的所选择的信息可以由集中式数据库周期性地改变。 用于特定访问授权请求的哪些选定字节的信息可以被发送到手持式单元,或者可以通过手持式单元的用户的动作来输入,例如通过输入PIN码。
-
Patent Agency Ranking
公开(公告)号:US07822989B2
公开(公告)日:2010-10-26
申请号:US10893126
申请日:2004-07-16
Applicant: Phil Libin , Silvio Micali , David Engberg
Inventor: Phil Libin , Silvio Micali , David Engberg
CPC classification number: G07C9/00103 , G07C9/00007
Abstract: Controlling access includes providing a barrier to access that includes a controller that selectively allows access, at least one administration entity generating credentials/proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the controller receiving the credentials/proofs, the controller determining if access is presently authorized, and, if access is presently authorized, the controller allowing access. The credentials/proofs may be in one part or may be in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or the first administration entity may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
Abstract translation: 控制访问包括提供访问障碍,其包括选择性地允许访问的控制器,至少一个生成凭证/证明的管理实体,其中没有有效证明是可被确定的,只给出期限证明的凭证和值,控制器接收证书/证明 ,控制器确定当前是否授权访问,并且如果当前授权访问,则控制器允许访问。 凭证/证明可以在一个部分或可以在不同的部分。 可能有一个第一个管理实体生成凭证和生成证明的其他管理实体。 第一管理实体也可以生成证明,或者第一管理实体可能不生成证明。 证书可以对应于数字证书,其包括作为将单向函数应用于第一个证明的结果的最终值。
-
公开(公告)号:US07716486B2
公开(公告)日:2010-05-11
申请号:US10893164
申请日:2004-07-16
Applicant: Phil Libin , Silvio Micali , David Engberg
Inventor: Phil Libin , Silvio Micali , David Engberg
IPC: H04L9/32
CPC classification number: H04L9/3247 , G07C9/00103 , G07C9/00571 , G07C2209/08
Abstract: An entity controlling access of a plurality of users to at least one disconnected door includes mapping the plurality of users to a group, for each time interval d of a sequence of dates, having an authority produce a digital signature indicating that members of the group can access door during time interval d, causing at least one of the members of the group to receive the digital signature during time interval d for presentation to the door in order to pass therethrough, having the at least one member of the group present the digital signature to the door D, and having the door open after verifying that (i) the digital signature is a digital signature of the authority indicating that members of the group can access the door at time interval d, and (ii) that the current time is within time interval d. The at least one member of the group may have a user card and the door may have a card reader coupled to an electromechanical lock, and the at least one member of the group may receive the digital signature by storing it into the user card, and may present the digital signature to the door by having the user card read by the card reader.
Abstract translation: 控制多个用户对至少一个断开的门的访问的实体包括:对于具有权限的每个时间间隔d,将多个用户映射到一个组,具有指示组的成员可以 在时间间隔d内访问门,使得组中的至少一个成员在时间间隔d期间接收数字签名,以呈现给门以便通过,具有组中的至少一个成员呈现数字签名 在门D之后,并且在验证(i)数字签名是授权机构的数字签名,指示该组成员可以在时间间隔d访问该门的情况下,并且(ii)当前时间是 在时间间隔内d。 组中的至少一个成员可以具有用户卡,并且门可以具有耦合到机电锁的读卡器,并且该组的至少一个成员可以通过将数字签名存储到用户卡中来接收数字签名,以及 可以通过读卡器读取用户卡将数字签名呈现给门。
-
公开(公告)号:US07657751B2
公开(公告)日:2010-02-02
申请号:US10845579
申请日:2004-05-13
Applicant: Silvio Micali , Phil Libin , Brandon Volbright
Inventor: Silvio Micali , Phil Libin , Brandon Volbright
IPC: H04L9/32
CPC classification number: H04L9/3247 , H04L9/3265 , H04L2209/56
Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.
Abstract translation: 指示数据电流包括在日期序列的任何日期,在特定时间间隔内发出指示数据的当前状态的证明。 证明可能是数字签名。 时间间隔可以是当前日期和时间量的形式。 证明可以包括时间间隔的数字签名。 该证明可以包括时间间隔和数据的数字签名。 证明可以包括时间间隔的数字签名和诸如散列的紧凑形式的数据。 指示数据电流还可以包括将证明分发到响应用户对证明的请求的多个不安全单元。 指示数据电流还可以包括收集多个单独的数据片段,并为单独的数据片提供单一证明。 数据可能是电子文件。
-
公开(公告)号:US07600129B2
公开(公告)日:2009-10-06
申请号:US10893150
申请日:2004-07-16
Applicant: Phil Libin , Silvio Micali , David Engberg , Alex Sinelnikov
Inventor: Phil Libin , Silvio Micali , David Engberg , Alex Sinelnikov
IPC: H04L29/06 , H04L9/32 , H04L9/08 , G06F21/00 , G06F11/30 , G06F17/00 , G06F7/04 , G06F17/30 , H04L9/00
CPC classification number: H04L9/00 , H04L9/3226 , H04L9/3234 , H04L9/3247 , H04L9/3263
Abstract: Determining access includes determining if particular credentials/proofs indicate that access is allowed, determining if there is additional data associated with the credentials/proofs, wherein the additional data is separate from the credentials/proofs, and, if the particular credentials/proofs indicate that access is allowed and if there is additional data associated with the particular credentials/proofs, then deciding whether to deny access according to information provided by the additional data. The credentials/proofs may be in one part or in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
Abstract translation: 确定访问包括确定特定凭证/证明是否指示允许访问,确定是否存在与证书/证明相关联的附加数据,其中附加数据与证书/证明分开,并且如果特定凭证/证明表明 允许访问,并且如果存在与特定证书/证明相关联的附加数据,则根据附加数据提供的信息来决定是否拒绝访问。 凭证/证明可以在一个部分或分开的部分。 可能有一个第一个管理实体生成凭证和生成证明的其他管理实体。 第一个管理实体也可以生成证据,或者不会生成证明。 凭证可以对应于数字证书,其包括作为将单向函数应用于第一个证明的结果的最终值。
-
公开(公告)号:US20070200662A1
公开(公告)日:2007-08-30
申请号:US11639387
申请日:2006-12-14
Applicant: Phil Libin
Inventor: Phil Libin
IPC: G05B19/00
CPC classification number: H04W12/08 , G07C9/00103 , G07C9/00309 , G07C9/00817 , G07C2009/00825 , G07C2209/08 , G08C17/02 , G08C2201/21 , G08C2201/93 , G08C2201/94 , H04L63/0846
Abstract: Actuating a security system includes providing a first set of access codes to a wireless device and causing the wireless device to transmit the first set of access codes to a first controller that actuates the security system. The first set of access codes provided to the wireless device may expire. Actuating a security system may also include providing expiration dates for each of the first set of access codes provided to the wireless device. Actuating a security system may also include examining each of the expiration dates and, in response to a particular expiration date being prior to a current date, erasing from the wireless device a particular one of the first set of access codes that corresponds to the particular expiration date.
-
-
-
-
-
-
-
-
-
Search Results
37
records
(took 0.04 seconds)
