公开(公告)号：US07487359B2

公开(公告)日：2009-02-03

申请号：US11846562

申请日：2007-08-29

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04L9/00 ,  G06F7/04 ,  H04K1/00

CPC分类号： H04L9/3297 ,  H04L9/3242

摘要： A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

摘要翻译： 时间戳协议有两个阶段，称为票务阶段和认证阶段。 在票务阶段，文件或其他识别数据被发送到TSA。 TSA根据文档或其他标识数据和从可信时钟导出的时间指示生成“票证”。 作为未签名的时间戳收据的票据被传回给文件发起者。 在认证阶段，机票持有人通过向TSA提供机票来申请经过认证的时间戳收据。 TSA验证票据并生成一个称为票据存根的签名时间戳收据，然后将其传回给文档发起者。 票据桩作为票据存根的持有者可以用来证明文件的日期的“通用时间戳”。

公开(公告)号：US06535607B1

公开(公告)日：2003-03-18

申请号：US09184002

申请日：1998-11-02

申请人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

发明人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

IPC分类号： H04L900

CPC分类号： H04L9/0841 ,  H04L9/0894

摘要： A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K. The key recovery block KRB, the encrypted XOR product e(X, Y) and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the third key X from the first key K′ and the key recovery block KRB, decrypting the XOR product Y using the regenerated third key X, and recombining the XOR product Y with the first key K″ to regenerate the second key K. In a third embodiment, an integrity value is computed on a key K and its key recovery block KRB. The integrity value and the key K are encrypted to form an encrypted portion of a key exchange block KEB, while the key recovery block KRB is put in an unencrypted portion of the key exchange block KEB, which is sent along with the encrypted data e(K, data) to the receiver. The receiver decrypts the encrypted portion, recomputes the integrity value and compares it with the received integrity value. Only if the two integrity values compare is the key K extracted and used to decrypt the data.

公开(公告)号：US07796761B2

公开(公告)日：2010-09-14

申请号：US12352658

申请日：2009-01-13

申请人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

发明人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

IPC分类号： H04L9/00

CPC分类号： H04L9/3013 ,  H04L9/0844

摘要： A system to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.

摘要翻译： 使用一对随机数，根据随机数和密码计算的一对Diffie-Hellman公钥来交换和认证共享公共密码的各方之间的公共密钥的系统，Diffie-Hellman对称密钥 根据Diffie-Hellman公钥和随机数计算出的散列值，并根据这些元素的参数进行散列。

公开(公告)号：US07607009B2

公开(公告)日：2009-10-20

申请号：US10361515

申请日：2003-02-10

申请人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

发明人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

IPC分类号： H04L29/06

CPC分类号： H04L9/3226 ,  H04L9/0825 ,  H04L9/3236

摘要： A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password. The parties exchange public keys, where the public keys are accompanied by hashed values based on the keys, the password, and random numbers. Each party then encrypts its random number using the public key of the other party, and the encryptions are exchanged. Based on the received encryptions and the known password, each party then re-computes the hashed value received from the other party, and compares the re-computed hashed value with the received hashed value. If the two are the same, the public key that accompanied the hashed value is judged authentic.

摘要翻译： 一种交换和验证共享密码密码的各方之间的公钥加密密钥的方法。 双方交换公钥，其中公钥基于密钥，密码和随机数字伴随散列值。 每一方然后使用另一方的公钥对其随机数进行加密，并交换加密。 根据接收到的加密和已知密码，每一方然后重新计算从另一方接收的散列值，并将重新计算的散列值与接收到的散列值进行比较。 如果两者相同，伴随散列值的公钥被判断为真实的。

公开(公告)号：US07315948B1

公开(公告)日：2008-01-01

申请号：US09458921

申请日：1999-12-10

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04L9/00 ,  G06F7/04 ,  H04K1/00

CPC分类号： H04L9/3297 ,  H04L9/3242

摘要： A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

摘要翻译： 时间戳协议有两个阶段，称为票务阶段和认证阶段。 在票务阶段，文件或其他识别数据被发送到TSA。 TSA根据文档或其他标识数据和从可信时钟导出的时间指示生成“票证”。 作为未签名的时间戳收据的票据被传回给文件发起者。 在认证阶段，机票持有人通过向TSA提交机票来申请经过认证的时间戳收据。 TSA验证票据并生成一个称为票据存根的签名时间戳收据，然后将其传回给文档发起者。 票据桩作为票据存根的持有者可以用来证明文件的日期的“通用时间戳”。

公开(公告)号：US20070294537A1

公开(公告)日：2007-12-20

申请号：US11846562

申请日：2007-08-29

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen Matyas

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen Matyas

IPC分类号： H04L9/00

CPC分类号： H04L9/3297 ,  H04L9/3242

摘要： A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document

摘要翻译： 时间戳协议有两个阶段，称为票务阶段和认证阶段。 在票务阶段，文件或其他识别数据被发送到TSA。 TSA根据文档或其他标识数据和从可信时钟导出的时间指示生成“票证”。 作为未签名的时间戳收据的票据被传回给文件发起者。 在认证阶段，机票持有人通过向TSA提交机票来申请经过认证的时间戳收据。 TSA验证票据并生成一个称为票据存根的签名时间戳收据，然后将其传回给文档发起者。 票据存根是票据存根持有人可以用来证明文件的日期的“通用时间戳”

公开(公告)号：US06965998B1

公开(公告)日：2005-11-15

申请号：US09459187

申请日：1999-12-10

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04L9/3297 ,  H04L2209/60

摘要： A time-stamping protocol for time-stamping digital documents uses a time-based signature key. A document or other identifying data is sent to a time stamping authority TSA. The TSA has a time-based signature key that the TSA uses to sign time stamp receipts. The signature key is associated with a fixed time reference that is stored in a public key certificate also containing the public verification key. Upon receiving the document, the TSA creates a time stamp receipt by computing a time difference between the time reference associated with the signature key and the time the document was received. The time difference is appended to the document to create a time stamp receipt and the receipt is then signed by the TSA and transmitted to the requestor.

摘要翻译： 时间戳数字文档的时间戳协议使用基于时间的签名密钥。 文件或其他识别数据被发送到时间戳机构TSA。 TSA具有TSA用于签署时间戳收据的基于时间的签名密钥。 签名密钥与存储在还包含公共验证密钥的公开密钥证书中的固定时间基准相关联。 在接收到文档时，TSA通过计算与签名密钥相关联的时间参考与文档被接收的时间之间的时间差来创建时间戳接收。 时间差附加到文档以创建时间戳收据，然后TSA签收收据并传送给请求者。

公开(公告)号：US06742119B1

公开(公告)日：2004-05-25

申请号：US09458937

申请日：1999-12-10

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04L900

CPC分类号： H04L9/3297 ,  H04L2209/60

摘要： A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document and a digital time indication. The time stamp receipt is submitted to a time stamping agent having a trusted clock. The time stamping agent optionally validates the time stamp receipt and then computes the age of the time stamp receipt. If valid, the time stamping agent certifies the time stamp receipt by signing the time stamp receipt with a private signature key. The private signature key is selected from a group of signature keys by the time stamping agent based on the computed age of the time stamp receipt.

摘要翻译： 公开了一种用于时间戳数字文档的方法。 文档创建者通过组合文档和数字时间指示来创建时间戳收据。 时间戳收据提交给具有可信时钟的时间戳代理。 时间戳代理可选地验证时间戳收据，然后计算时间戳收据的年龄。 如果有效，则时间戳代理人通过使用私人签名密钥签署时间戳接收来证明时间戳接收。 基于所计算的时间戳收据的年龄，由时间戳代理从一组签名密钥中选择私人签名密钥。

公开(公告)号：US6058188A

公开(公告)日：2000-05-02

申请号：US899855

申请日：1997-07-24

申请人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

发明人： Coimbatore S. Chandersekaran ,  Rosario Gennaro ,  Sarbari Gupta ,  Stephen M. Matyas, Jr. ,  David R. Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/32

CPC分类号： H04L9/3247 ,  H04L9/0894 ,  H04L9/3268

摘要： In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver. The receiver verifies the signature on the key recovery information using the certified public verification key and decrypts the encrypted data only if the signature is verified as being a valid signature.

摘要翻译： 在加密通信系统中，允许加密数据的发送方向接收机证明正确地生成与加密数据一起发送的密钥恢复信息的能力的方法和装置，并且执法人员或其他人可以从其恢复原始 加密密钥 最初，发送者生成包括私有签名密钥和对应的公共验证密钥的密钥对，并将其发送到密钥恢复验证服务（KRVS）。 在发送方能够正确生成密钥恢复信息的令人满意的演示之后，KRVS生成证明公共验证密钥的证书以及发送方正确生成密钥恢复信息的能力。 发送方使用其私有签名密钥在密钥恢复信息上生成数字签名，密钥恢复信息与密钥恢复信息和加密数据一起发送给接收者。 接收者使用经认证的公开验证密钥来验证密钥恢复信息上的签名，并且只有当签名被验证为有效签名时才对加密数据进行解密。

公开(公告)号：US07694136B2

公开(公告)日：2010-04-06

申请号：US10361250

申请日：2003-02-10

申请人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

发明人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3226 ,  H04L9/0825 ,  H04L9/3236

摘要： A method to distribute and authenticate public encryption keys. A client concatenates its ID, its public key, and a secret password known to the client and a server, and hashes the result. The client forms an extended concatenation including the ID, the public key, and the hashed value, and sends the extended concatenation to the server. The server reads the ID and public key, and re-computes the hashed value based on its own knowledge of the password. If the received and the computed hashed values are the same, the server concludes that the client's public key is authentic. An analogous process enables the server to distribute its public key, and enables the client to authenticate the server's distributed public key.

摘要翻译： 一种分发和验证公共加密密钥的方法。 客户端连接其ID，其公钥和客户机和服务器已知的秘密密码，并将结果进行散列。 客户端形成包括ID，公钥和散列值的扩展级联，并将扩展级联发送到服务器。 服务器读取ID和公钥，并根据自己的密码知道重新计算散列值。 如果接收的和计算的散列值相同，则服务器断定客户端的公钥是可信的。 类似的过程使服务器能够分发其公钥，并使客户端能够对服务器的分布式公钥进行身份验证。