-
公开(公告)号:US20080052772A1
公开(公告)日:2008-02-28
申请号:US10596668
申请日:2004-12-13
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F21/6254 , H04L9/3218 , H04L9/3263 , H04L63/0407 , H04L63/102 , H04L2209/42 , H04L2209/56 , H04L2209/60
摘要: The invention proposes a method to provide privacy for users or a user from a group of users with respect to authorizations they are granted, where such authorizations are expressed using digital authorization certificates, and with respect to domain certificates in case of groups of users. The idea is to conceal the user identity in the certificates, while the certificate itself remains in the clear. In this way, certificates can be widely and openly available, e.g. in a public network, without a random observer being able to link a user to an authorization or to identify a user within a domain. Privacy is also provided towards the certificate verifier by means of zero-knowledge protocols, which are carried out between the user and the verifier in order for the verifier to check a user's entitlement to a certificate. Privacy is further provided towards the certificate issuer as well, by means of a mechanism that allows the anonymous (buying or) issuing of certificates from the issuer.
摘要翻译: 本发明提出了一种方法,用于为用户或用户提供关于其授权的授权的用户或用户的隐私,其中使用数字授权证书表示授权,以及在用户组的情况下关于域证书。 这个想法是在证书中隐藏用户身份,而证书本身保持清晰。 以这种方式,证书可以广泛和公开地获得,例如。 在公共网络中,没有随机观察者能够将用户链接到授权或识别域内的用户。 还通过在用户和验证者之间执行的零知识协议向证书验证者提供隐私,以便验证者检查用户对证书的授权。 通过允许发行人匿名(购买或发行)证书的机制,还向证书颁发者提供隐私。
-
42.发明授权公开(公告)号:US09252960B2
公开(公告)日:2016-02-02
申请号:US13254356
申请日:2010-02-10
CPC分类号: H04L9/3278 , G06F7/588 , H04L9/0816 , H04L9/304 , H04L2209/08
摘要: In systems for establishing a cryptographic key depending on a physical uncloneable function (PUF) it may be a problem that internal information correlated with the cryptographic key is leaked to the outside of the system via a side-channel. To mitigate this problem a cryptographic system for reproducibly establishing a cryptographic key is presented. The system comprises a physical system comprising a physical, at least partially random, configuration of components from which an initial bit-string is derived. An error corrector corrects deviations occurring in the initial bit-string. Through the use of randomization the error corrector operates on a randomized data. Information leaking through a side channel is thereby reduced. After error correction a cryptographic key may be derived from the initial bit-string.
摘要翻译: 在用于根据物理不可克隆功能(PUF)建立加密密钥的系统中,可能是与密码密钥相关的内部信息经由侧信道泄漏到系统外部的问题。 为了减轻这个问题,提出了一种用于可重复地建立加密密钥的加密系统。 该系统包括物理系统,其包括从其导出初始位串的部件的物理的,至少部分随机的配置。 错误校正器纠正在初始位串中发生的偏差。 通过使用随机化,误差校正器对随机数据进行操作。 因此,通过侧通道泄漏的信息被减少。 在纠错之后,可以从初始位串导出加密密钥。
-
公开(公告)号:US08869298B2
公开(公告)日:2014-10-21
申请号:US12732623
申请日:2010-03-26
IPC分类号: G06F7/04 , H04N21/84 , H04N21/8352 , H04N7/173 , G11B20/00
CPC分类号: H04N7/173 , G11B20/0021 , G11B20/00731 , G11B20/00855 , H04L9/3247 , H04L2209/603 , H04N21/8352 , H04N21/84
摘要: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.
摘要翻译: 一种在内容解析过程中提供自动验证的信任的方法,其中PDR使用分辨率授权记录(RAR)来解析识别内容项的内容参考标识符(CRID),以获得标识PDR可以获得内容的位置的定位符 项目。 优选地,该措施包括在CRID,定位器和/或RAR的内容的至少一部分上计算数字签名。 该方法还可以包括加密CRID,RAR或定位符的至少一个数据部分。 可以向CRID,RAR或定位器提供访问内容项目所需的数字权限。
-
公开(公告)号:US08699714B2
公开(公告)日:2014-04-15
申请号:US13129462
申请日:2009-11-17
IPC分类号: H04L9/08
CPC分类号: H04L9/0866 , G06F21/602
摘要: An electronic system (100) having a memory (1 12, 1 14, 1 16) with multiple memory locations, each specific memory location of the multiple memory locations being arranged to produce a respective value, the respective value depending on a physical, at least partially random, configuration of components constructing the specific memory location, the electronic system comprises a key extraction means (130) arranged to retrieve multiple values in a first order from the multiple memory locations and for determining a reproducible cryptographic key in dependency on the multiple values, characterized in that the electronic system further comprises a re-ordering (120) means in between the memory and the key extraction means for providing the multiple values to the key extraction means in a second order, different from the first order, prior to determining the cryptographic key.
摘要翻译: 具有多个存储器位置的存储器(112,114,116)的电子系统(100),所述多个存储器位置的每个特定存储器位置被布置成产生相应的值,所述相应值取决于物理,在 构成特定存储器位置的组件的最少部分随机配置,电子系统包括密钥提取装置(130),其被安排为从多个存储器单元中以一级顺序检索多个值,并且依赖于多个存储器位置来确定可再现密码密钥 值,其特征在于,所述电子系统还包括在所述存储器和所述密钥提取装置之间的重新排序(120)装置,用于在所述密钥提取装置之前以与所述第一顺序不同的第二顺序向所述密钥提取装置提供所述多个值 确定密码密钥。
-
公开(公告)号:US08502669B2
公开(公告)日:2013-08-06
申请号:US12441582
申请日:2007-09-19
申请人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
发明人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
IPC分类号: G08B13/14
CPC分类号: G06K19/0723
摘要: It is described a RFID device (231a, 231b, 231c, 331) comprising a data memory (236) and an electronic circuit arrangement (237, 238, 239, 247) coupled thereto. The electronic circuit arrangement has a first and a second operational configuration, wherein by receiving a control command (250a) the electronic circuit arrangement can be switched irreversibly from the first to the second configuration. The RFID device further comprises a communication interface (245) being coupled to the electronic circuit arrangement. In the first configuration the RFID device is adapted to communicate with a standard RFID reader (110) via the communication interface. In the second configuration the communication with the standard RFID reader is disabled and the RFID device is adapted to communicate with a readout-RFID device (370). The RFID device may be equipped with a secondary communication interface that can be used to communicate with the RFID device in a privacy-preserving manner. After the RFID device has been disabled, the secondary interface can be used to access data in a secure manner.
摘要翻译: 描述了包括数据存储器(236)和与其耦合的电子电路装置(237,238,239,247)的RFID装置(231a,231b,231c,331)。 电子电路装置具有第一和第二操作配置,其中通过接收控制命令(250a),电子电路装置可以从第一配置到第二配置不可逆地切换。 RFID设备还包括耦合到电子电路装置的通信接口(245)。 在第一配置中,RFID设备适于经由通信接口与标准RFID读取器(110)进行通信。 在第二配置中,禁止与标准RFID读取器的通信,并且RFID设备适于与读出RFID设备(370)通信。 RFID设备可以配备有可以以隐私保护的方式与RFID设备通信的辅助通信接口。 在RFID设备被禁用之后,辅助接口可以用于以安全的方式访问数据。
-
公开(公告)号:US20120204023A1
公开(公告)日:2012-08-09
申请号:US13501875
申请日:2010-10-20
申请人: Christiaan Kuipers , Pim Theo Tuyls
发明人: Christiaan Kuipers , Pim Theo Tuyls
IPC分类号: H04L9/00
CPC分类号: H04L9/3278 , G06F21/10 , G06F2221/0711 , G06F2221/0753 , G06F2221/0755 , H04L9/08 , H04L9/0866 , H04L9/32 , H04L9/3271 , H04L2209/34 , H04L2209/60 , H04L2209/80
摘要: A distribution system and method for distributing digital information is provided, which has high recoverability from a security breach. The distribution system comprises a server (200) and a computing device (110). During an enrollment phase, the computing device obtains a first response from an integrated physically unclonable function (150) integrated in the computing device. The system comprises an enrollment module (130) for determining helper data from a decryption key and the first response to enable later reconstruction of the decryption key from the helper data and a second response obtained from the physically unclonable function. During a reconstruction phase, which occurs after the enrollment phase and typically after a security breach has occurred that revealed data and/or programming code of the computing device, the server may encrypt digital information using an encryption module (220) with a cryptographic encryption key corresponding to the decryption key. The computing device comprises a decryption module (120) for decrypting the encrypted digital information with the decryption key. The digital information may be used to send an update message to the computing device. Since, the decryption key need only be available at the computing device after the breach, it can recover even if data, such as a cryptographic key, or programming code of the computing device was revealed, and even if an attacker could eavesdrop on the encrypted digital information.
摘要翻译: 提供了一种用于分发数字信息的分发系统和方法,其具有从安全漏洞的高可恢复性。 分配系统包括服务器(200)和计算设备(110)。 在注册阶段,计算设备从集成在计算设备中的集成的物理上不可克隆功能(150)获得第一响应。 该系统包括用于从解密密钥确定帮助数据的登记模块(130)和用于能够从辅助数据稍后重建解密密钥的第一响应以及从物理不可克隆功能获得的第二响应。 在重建阶段期间,其在注册阶段之后发生,并且通常在发生了显示计算设备的数据和/或编程代码的安全漏洞之后,使用具有密码加密密钥的加密模块(220)来加密数字信息 对应于解密密钥。 该计算装置包括用解密密钥解密加密的数字信息的解密模块(120)。 数字信息可以用于向计算设备发送更新消息。 由于解密密钥仅在破坏之后才能在计算设备上可用,所以即使显示出诸如计算设备的密码密钥或编程代码的数据,即使攻击者可以窃取加密的密钥 数字信息。
-
公开(公告)号:US20110215829A1
公开(公告)日:2011-09-08
申请号:US12674367
申请日:2008-08-18
IPC分类号: H03K19/003 , H05K13/00
CPC分类号: G11C7/1006 , G06F7/588 , G06F21/73 , G06F21/76 , G06F2221/2129 , G11C7/24 , G11C8/16 , H01L23/544 , H01L2223/54433 , H01L2223/5444 , H01L2924/0002 , H04L9/3278 , Y10T29/49002 , H01L2924/00
摘要: A method of generating a response to a physically unclonable function, said response being uniquely representative of the identity of a device having challengeable memory, the memory comprising a plurality of logical locations each having at least two possible logical states, the method comprising applying a challenge signal to an input of said memory so as to cause each of said logical locations to enter one of said two possible logical states and thereby generate a response pattern of logical states, said response pattern being dependent on said physically unclonable function which is defined by, the physical characteristics of said memory, the method further comprising reading out said response pattern.
摘要翻译: 一种产生对物理不可克隆功能的响应的方法,所述响应唯一地代表具有可询问存储器的设备的身份,所述存储器包括多个逻辑位置,每个逻辑位置具有至少两个可能的逻辑状态,该方法包括应用挑战 信号到所述存储器的输入,以使每个所述逻辑位置进入所述两个可能的逻辑状态之一,从而生成逻辑状态的响应模式,所述响应模式取决于所述物理不可克隆功能, 所述存储器的物理特性,所述方法还包括读出所述响应模式。
-
公开(公告)号:US07554337B2
公开(公告)日:2009-06-30
申请号:US10557262
申请日:2004-05-17
申请人: Pim Theo Tuyls , Thomas Andreas Maria Kevenaar , Petra Elisabeth De Jongh , Robertus Adrianus Maria Wolters
发明人: Pim Theo Tuyls , Thomas Andreas Maria Kevenaar , Petra Elisabeth De Jongh , Robertus Adrianus Maria Wolters
CPC分类号: H01L23/544 , H01L23/576 , H01L2223/5444 , H01L2924/0002 , H01L2924/3011 , H01L2924/00
摘要: The semiconductor device of the invention includes a circuit and a protecting structure. It is provided with a first and a second security element and with an input and an output. The security elements have a first and a second impedance, respectively, which impedances differ. The device is further provided with a measuring unit a processing unit and a connection unit. The processing unit transform any first information received into a specific program of measurement. Herewith a challenge-response mechanism is implemented in the device.
摘要翻译: 本发明的半导体器件包括电路和保护结构。 它设置有第一和第二安全元件以及输入和输出。 安全元件分别具有阻抗不同的第一和第二阻抗。 该设备还具有测量单元,处理单元和连接单元。 处理单元将接收的任何第一信息转换成特定的测量程序。 因此,在设备中实现了挑战响应机制。
-
公开(公告)号:US20090006855A1
公开(公告)日:2009-01-01
申请号:US11718806
申请日:2005-11-09
IPC分类号: H04L9/32
CPC分类号: H04L9/3231 , H04L9/008 , H04L9/3218 , H04L2209/46 , H04L2209/805
摘要: The present invention relates to a method and a system of securely computing a measure of similarity for at least two sets of data. A basic idea of the present invention is to securely compare two sets of encrypted data to determine whether the two sets of data resemble each other to a sufficient extent. If the measure of similarity complies with predetermined criteria, the two sets of data from which the encrypted sets of data originate are considered to be identical.
摘要翻译: 本发明涉及一种安全地计算至少两组数据的相似性度量的方法和系统。 本发明的基本思想是安全地比较两组加密数据,以确定这两组数据是否足够相似。 如果相似性度量符合预定标准,则认为加密的数据集来源的两组数据是相同的。
-
公开(公告)号:US20080106605A1
公开(公告)日:2008-05-08
申请号:US11577355
申请日:2005-10-06
申请人: Geert Jan Schrijen , Pim Theo Tuyls
发明人: Geert Jan Schrijen , Pim Theo Tuyls
CPC分类号: G06F21/86 , G06F21/60 , G06F21/73 , G07C9/00158 , H01L23/576 , H01L2924/0002 , H01L2924/3011 , H04L9/3278 , H04L2209/805 , H01L2924/00
摘要: A method and device for providing a secure sensor chip (1) for recording digital information regarding at least one physical parameter, wherein the recording later can be verified with respect to its authenticity, whether the at least one physical parameter was indeed recorded by the specified chip (1) or not, wherein this is accomplished by providing the sensor chip (1) with a Controlled Physical Random Function (CPUF) in the form of a coating (5) and wherein both the sensor chip (1) and a micro controller (2) controlling all digital inputs (3) and outputs (4) of the sensor chip are both embedded in the CPUF coating (5).
摘要翻译: 一种用于提供用于记录关于至少一个物理参数的数字信息的安全传感器芯片(1)的方法和装置,其中可以根据其真实性来验证以后的记录,所述至少一个物理参数是否确实由指定的 芯片(1),其中这是通过向传感器芯片(1)提供涂层(5)形式的受控物理随机功能(CPUF)来实现的,并且其中传感器芯片(1)和微控制器 (2)控制传感器芯片的所有数字输入(3)和输出(4)均嵌入在CPUF涂层(5)中。
-
-
-
-
-
-
-
-
-
搜索结果
70 条记录 (耗时 0.029 秒)
