-
公开(公告)号:US20080052772A1
公开(公告)日:2008-02-28
申请号:US10596668
申请日:2004-12-13
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F21/6254 , H04L9/3218 , H04L9/3263 , H04L63/0407 , H04L63/102 , H04L2209/42 , H04L2209/56 , H04L2209/60
摘要: The invention proposes a method to provide privacy for users or a user from a group of users with respect to authorizations they are granted, where such authorizations are expressed using digital authorization certificates, and with respect to domain certificates in case of groups of users. The idea is to conceal the user identity in the certificates, while the certificate itself remains in the clear. In this way, certificates can be widely and openly available, e.g. in a public network, without a random observer being able to link a user to an authorization or to identify a user within a domain. Privacy is also provided towards the certificate verifier by means of zero-knowledge protocols, which are carried out between the user and the verifier in order for the verifier to check a user's entitlement to a certificate. Privacy is further provided towards the certificate issuer as well, by means of a mechanism that allows the anonymous (buying or) issuing of certificates from the issuer.
摘要翻译: 本发明提出了一种方法,用于为用户或用户提供关于其授权的授权的用户或用户的隐私,其中使用数字授权证书表示授权,以及在用户组的情况下关于域证书。 这个想法是在证书中隐藏用户身份,而证书本身保持清晰。 以这种方式,证书可以广泛和公开地获得,例如。 在公共网络中,没有随机观察者能够将用户链接到授权或识别域内的用户。 还通过在用户和验证者之间执行的零知识协议向证书验证者提供隐私,以便验证者检查用户对证书的授权。 通过允许发行人匿名(购买或发行)证书的机制,还向证书颁发者提供隐私。
-
公开(公告)号:US09384338B2
公开(公告)日:2016-07-05
申请号:US11570046
申请日:2005-06-01
CPC分类号: G06F21/32 , G06F21/6245 , G06F2221/2117 , G06F2221/2143 , G07C9/00087 , H04L9/3278 , H04L2209/805
摘要: The present invention relates to a system and a method of verifying the identity of an individual by employing biometric data associated with the individual (603), wherein privacy of said biometric data (X, Y) is provided. A helper data scheme (HDS) is employed to provide privacy of the biometric data. The present invention is advantageous for number of reasons. First, processing of security sensitive information is performed in a secure, tamper-proof environment (601, 604, 606) which is trusted by the individual. This processing, combined with utilization of a helper data scheme, enables set up of a biometric system where the biometric template is available in electronic form only in the secure environment. Moreover, electronic copies of the biometric templates are not available in the secure environment permanently, but only when the individual offers her template to the sensor.
摘要翻译: 本发明涉及通过采用与个体相关联的生物特征数据(603)来验证个人身份的系统和方法,其中提供所述生物特征数据(X,Y)的隐私。 使用辅助数据方案(HDS)来提供生物特征数据的隐私。 出于多个原因本发明是有利的。 首先,在由个人信任的安全的防窜改环境(601,604,606)中执行安全敏感信息的处理。 该处理结合利用辅助数据方案,可以建立生物识别系统,其中生物特征模板仅在安全环境中以电子形式提供。 此外,生物特征模板的电子副本在永久的安全环境中不可用,但只有当个人将模板提供给传感器时。
-
公开(公告)号:US08869298B2
公开(公告)日:2014-10-21
申请号:US12732623
申请日:2010-03-26
IPC分类号: G06F7/04 , H04N21/84 , H04N21/8352 , H04N7/173 , G11B20/00
CPC分类号: H04N7/173 , G11B20/0021 , G11B20/00731 , G11B20/00855 , H04L9/3247 , H04L2209/603 , H04N21/8352 , H04N21/84
摘要: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.
摘要翻译: 一种在内容解析过程中提供自动验证的信任的方法,其中PDR使用分辨率授权记录(RAR)来解析识别内容项的内容参考标识符(CRID),以获得标识PDR可以获得内容的位置的定位符 项目。 优选地,该措施包括在CRID,定位器和/或RAR的内容的至少一部分上计算数字签名。 该方法还可以包括加密CRID,RAR或定位符的至少一个数据部分。 可以向CRID,RAR或定位器提供访问内容项目所需的数字权限。
-
公开(公告)号:US20120204023A1
公开(公告)日:2012-08-09
申请号:US13501875
申请日:2010-10-20
申请人: Christiaan Kuipers , Pim Theo Tuyls
发明人: Christiaan Kuipers , Pim Theo Tuyls
IPC分类号: H04L9/00
CPC分类号: H04L9/3278 , G06F21/10 , G06F2221/0711 , G06F2221/0753 , G06F2221/0755 , H04L9/08 , H04L9/0866 , H04L9/32 , H04L9/3271 , H04L2209/34 , H04L2209/60 , H04L2209/80
摘要: A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server (200) and a computing device (110). During an enrollment phase, the computing device obtains a first response from an integrated physically unclonable function (150) integrated in the computing device. The system comprises an enrollment module (130) for determining helper data from a decryption key and the first response to enable later reconstruction of the decryption key from the helper data and a second response obtained from the physically unclonable function. During a reconstruction phase, which occurs after the enrollment phase and typically after a security breach has occurred that revealed data and/or programming code of the computing device, the server may encrypt digital information using an encryption module (220) with a cryptographic encryption key corresponding to the decryption key. The computing device comprises a decryption module (120) for decrypting the encrypted digital information with the decryption key. The digital information may be used to send an update message to the computing device. Since, the decryption key need only be available at the computing device after the breach, it can recover even if data, such as a cryptographic key, or programming code of the computing device was revealed, and even if an attacker could eavesdrop on the encrypted digital information.
摘要翻译: 提供了一种用于分发数字信息的分发系统和方法,其具有从安全漏洞的高可恢复性。 分配系统包括服务器(200)和计算设备(110)。 在注册阶段,计算设备从集成在计算设备中的集成的物理上不可克隆功能(150)获得第一响应。 该系统包括用于从解密密钥确定帮助数据的登记模块(130)和用于能够从辅助数据稍后重建解密密钥的第一响应以及从物理不可克隆功能获得的第二响应。 在重建阶段期间,其在注册阶段之后发生,并且通常在发生了显示计算设备的数据和/或编程代码的安全漏洞之后,使用具有密码加密密钥的加密模块(220)来加密数字信息 对应于解密密钥。 该计算装置包括用解密密钥解密加密的数字信息的解密模块(120)。 数字信息可以用于向计算设备发送更新消息。 由于解密密钥仅在破坏之后才能在计算设备上可用,所以即使显示出诸如计算设备的密码密钥或编程代码的数据,即使攻击者可以窃取加密的密钥 数字信息。
-
公开(公告)号:US07554337B2
公开(公告)日:2009-06-30
申请号:US10557262
申请日:2004-05-17
申请人: Pim Theo Tuyls , Thomas Andreas Maria Kevenaar , Petra Elisabeth De Jongh , Robertus Adrianus Maria Wolters
发明人: Pim Theo Tuyls , Thomas Andreas Maria Kevenaar , Petra Elisabeth De Jongh , Robertus Adrianus Maria Wolters
CPC分类号: H01L23/544 , H01L23/576 , H01L2223/5444 , H01L2924/0002 , H01L2924/3011 , H01L2924/00
摘要: The semiconductor device of the invention includes a circuit and a protecting structure. It is provided with a first and a second security element and with an input and an output. The security elements have a first and a second impedance, respectively, which impedances differ. The device is further provided with a measuring unit a processing unit and a connection unit. The processing unit transform any first information received into a specific program of measurement. Herewith a challenge-response mechanism is implemented in the device.
摘要翻译: 本发明的半导体器件包括电路和保护结构。 它设置有第一和第二安全元件以及输入和输出。 安全元件分别具有阻抗不同的第一和第二阻抗。 该设备还具有测量单元,处理单元和连接单元。 处理单元将接收的任何第一信息转换成特定的测量程序。 因此,在设备中实现了挑战响应机制。
-
公开(公告)号:US20090153841A1
公开(公告)日:2009-06-18
申请号:US11573947
申请日:2005-08-15
申请人: Wil Ophey , Sjoerd Stallinga , Pim Theo Tuyls , Antonius Hermanus Maria Akkermans , Boris Skoric
发明人: Wil Ophey , Sjoerd Stallinga , Pim Theo Tuyls , Antonius Hermanus Maria Akkermans , Boris Skoric
IPC分类号: G06K9/74
CPC分类号: H04L9/3278 , G07D7/003 , G07D7/121
摘要: An optical identifier (1) can be used as a Physical Unclonable Function for producing a speckle pattern, as a response, upon being challenged with a light beam, as a challenge. This property can be used for identification of the optical identifier or of an object attached thereto, for the authentication of an information carrier or for generation of transaction keys. Since the response obtained in response to given challenge is highly sensitive to the relative position of the optical identifier, light beam source and detector for the speckle pattern, this relative position has to be accurately adjusted to reliably obtain the same response to a given challenge. To this aim, an optical identifier is proposed having an alignment area (3) for splitting an incident beam into distinct beams (6, 7) which can be detected as alignment signals (10a, 10b, 10c, 10d) on a detector (8) and used for the monitoring and for the adjustment of said relative position.
摘要翻译: 作为挑战,光学标识符(1)可以用作用于产生斑点图案作为响应的物理不可克隆功能,作为响应。 该属性可以用于识别光学标识符或附加到其上的对象,用于信息载体的认证或用于生成交易密钥。 由于响应于给定挑战而获得的响应对于光学标识符,用于散斑图案的光束源和检测器的相对位置高度敏感,所以必须精确地调整该相对位置以可靠地获得对给定挑战的相同响应。 为此目的,提出一种具有用于将入射光束分成不同光束(6,7)的对准区域(3)的光学识别器,其可以被检测为检测器(8)上的对准信号(10a,10b,10c,10d) )并用于监视和调整所述相对位置。
-
公开(公告)号:US20090006855A1
公开(公告)日:2009-01-01
申请号:US11718806
申请日:2005-11-09
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , H04L9/008 , H04L9/3218 , H04L2209/46 , H04L2209/805
摘要: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.
摘要翻译: 本发明涉及一种安全地计算至少两组数据的相似性度量的方法和系统。 本发明的基本思想是安全地比较两组加密数据,以确定这两组数据是否足够相似。 如果相似性度量符合预定标准,则认为加密的数据集来源的两组数据是相同的。
-
公开(公告)号:US20080260152A1
公开(公告)日:2008-10-23
申请号:US12094999
申请日:2006-11-27
申请人: Boris Skoric , Alphons Antonius Maria Lambertus Bruekers , Pim Theo Tuyls , Willem Gerard Ophey
发明人: Boris Skoric , Alphons Antonius Maria Lambertus Bruekers , Pim Theo Tuyls , Willem Gerard Ophey
IPC分类号: H04L9/32
CPC分类号: H04L9/3234 , H04L9/3278
摘要: The present invention relates to a method and a device (104) for authenticating a plurality of physical tokens (101, 102, 103). A basic idea of the invention is to supply a sequence of interconnected devices (108, 109, 110), each device comprising a physical token (101, 102, 103), with a challenge of the respective physical token created during enrollment of said respective physical token, wherein the sequence of interconnected devices is arranged such that a data set supplied to the sequence is cryptographically processed with a response of a token comprised in a device and passed on to a token comprised in a subsequent device which further cryptographically processes the processed data set with its response until a response of a final physical token has been used to further cryptographically process the data set. Then, the data set which has been cryptographically processed with the responses of the tokens in the sequence is received and used together with the data set itself and data associated with the response of the respective token to authenticate the sequence of physical tokens.
摘要翻译: 本发明涉及一种用于认证多个物理令牌(101,102,103)的方法和装置(104)。 本发明的基本思想是提供一系列互连的设备(108,109,110),每个设备包括物理令牌(101,102,103),在所述相应的设备注册期间产生相应物理令牌的挑战 物理令牌,其中所述互连设备的序列被布置为使得提供给所述序列的数据集通过包含在设备中的令牌的响应进行密码处理,并传递到包含在后续设备中的令牌,所述令牌进一步加密处理 数据集具有其响应,直到最终物理令牌的响应已被用于进一步加密处理数据集。 然后,已经用序列中的令牌的响应进行了密码处理的数据集被接收并与数据集本身一起使用,并且与相应令牌的响应相关联的数据被使用以验证物理令牌的顺序。
-
公开(公告)号:US20080237506A1
公开(公告)日:2008-10-02
申请号:US12090364
申请日:2006-10-11
IPC分类号: G01N23/00
CPC分类号: H04L9/3278 , H04L2209/805
摘要: In a device for providing challenge-response pairs a radiation detection element, a challenge-modifying element and preferably also a light source are arranged on the same side of an imaginary plane, which separates said radiation-detecting element from a radiation scattering element. Hence, generation of a speckle pattern having a desired minimum speckle size is facilitated and a more easily assembled device is provided.
摘要翻译: 在用于提供挑战 - 响应对的装置中,辐射检测元件,挑战修改元件以及优选地还有光源被布置在虚拟平面的同一侧上,该假平面将辐射检测元件与辐射散射元件分离。 因此,有助于产生具有期望的最小散斑尺寸的散斑图案,并且提供更容易组装的装置。
-
40.发明申请Integrated Physical Unclonable Function (Puf) with Combined Sensor and Display 审中-公开具有组合传感器和显示器的集成物理不可克隆功能(Puf)公开(公告)号:US20080231418A1
公开(公告)日:2008-09-25
申请号:US12090414
申请日:2006-10-02
IPC分类号: H04L9/32
CPC分类号: G02B26/0833 , G02B5/02 , G02B26/026 , G02B27/00 , G09C1/00 , H04L9/3278 , H04L2209/805
摘要: The present invention relates to a device (100, 200, 300) and a method for creating challenge-response pairs. A basic idea of the present invention is to create a challenge in the form of light emitted onto a light scattering element (103, 203), which light will be scattered in the light scattering element and detected as a response to the challenge by light detecting elements (105, 205). The light scattering element comprises a transmissive material which contains randomly distributed light scattering particles (104, 204), which scatter incident light such that a random speckle pattern is created and spread over the light detecting elements. This random pattern is detected by the light detecting elements, and is known as the response to the challenge (i.e. the light) that was supplied to the light scattering element. Hence, a challenge-response pair is created. Further, picture elements (109, 209) are included in the device in order to enable modification of the challenge created by a light source (101, 201) and supplied to the light scattering element. By activating picture elements and thereby modifying the challenge, one will also modify the response that corresponds to the modified challenge.
摘要翻译: 本发明涉及一种用于创建挑战 - 响应对的装置(100,200,300)和方法。 本发明的基本思想是以光散射元件(103,203)的光的形式产生挑战,该光将散射在光散射元件中,并通过光检测作为对挑战的响应进行检测 元素(105,205)。 光散射元件包括透射材料,其包含随机分布的光散射粒子(104,204),其散射入射光,使得随机散斑图案被产生并分布在光检测元件上。 该随机图案由光检测元件检测,并且被称为对提供给光散射元件的挑战(即,光)的响应。 因此,创建了一个挑战 - 响应对。 此外,图像元素(109,209)包括在装置中,以便能够修改由光源(101,201)产生并提供给光散射元件的挑战。 通过激活图片元素并从而修改挑战,还将修改对应于修改的挑战的响应。
-
-
-
-
-
-
-
-
-
搜索结果
70 条记录 (耗时 0.027 秒)
