公开(公告)号：US20140298033A1

公开(公告)日：2014-10-02

申请号：US14307299

申请日：2014-06-17

Applicant: Certicom Corp. ,  Pitney Bowes Inc.

Inventor： Scott Alexander VANSTONE ,  Robert Philip GALLANT ,  Robert John LAMBERT ,  Leon A. PINTSOV ,  Frederick W. RYAN, JR. ,  Ari SINGER

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3252

Abstract: A signature scheme is provided in which a message is divided in to a first portion which is hidden and is recovered during verification, and a second portion which is visible and is required as input to the verification algorithm. A first signature component is generated by encrypting the first portion alone. An intermediate component is formed by combining the first component and the visible portion and cryptographically hashing them. A second signature component is then formed using the intermediate component and the signature comprises the first and second components with the visible portion. A verification of the signature combines a first component derived only from the hidden portion of the message with the visible portion and produces a hash of the combination. The computed hash is used together with publicly available information to generate a bit string corresponding to the hidden portion.

Abstract translation: 提供一种签名方案，其中消息被分成隐藏的第一部分，并且在验证期间被恢复，并且第二部分是可见的并且被要求作为验证算法的输入。 通过单独加密第一部分来产生第一签名组件。 通过组合第一组件和可见部分并对其进行密码散列来形成中间组件。 然后使用中间部件形成第二签名部件，并且签名包括具有可见部分的第一和第二部件。 签名的验证将仅从消息的隐藏部分导出的第一组件与可见部分组合，并产生组合的散列。 所计算的散列与公开可用的信息一起使用以产生对应于隐藏部分的位串。

公开(公告)号：US20140230029A1

公开(公告)日：2014-08-14

申请号：US14252527

申请日：2014-04-14

Applicant: CERTICOM CORP.

Inventor： Matthew John Campagna ,  Robert John Lambert ,  James Robert Alfred

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/083 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/0861 ,  H04L9/3066 ,  H04L9/3236 ,  H04L9/3263 ,  H04L29/06 ,  H04L63/062 ,  H04L63/0823 ,  H04W12/04

Abstract: A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Abstract translation: 公开了一种用于使用单个凭证请求（例如，注册公钥或ECQV证书）在具有多个可信证书机构CA实体和一个或多个订户实体A的安全数字通信系统中获得多个凭证的方法和装置 以这种方式，可以通过利用单个注册公钥或隐式证书作为向一个或多个CA实体的凭证请求来获得附加证书来将实体A提供给多个PKI网络，其中每个附加证书可以用于导出附加公共 实体A的密钥 - 私钥对。

公开(公告)号：US20140215206A1

公开(公告)日：2014-07-31

申请号：US13793166

申请日：2013-03-11

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP.

Inventor： Sean Alexander Courtney ,  Matthew John Campagna ,  George Ross Staikos ,  Alexander Truskovsky

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L63/0281 ,  H04L63/18 ,  H04W12/04

Abstract: A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.

Abstract translation: 一种用于向移动设备提供安全服务的系统，其中移动设备通过受第三方干扰的第一网络路径与公共网络通信。 该系统包括一个安全服务器和一个专用网络。 安全服务器可操作以通过专用网络与移动设备进行通信。 安全服务器还可操作以通过第二网络路径与公共网络进行通信，该第二网络路径比第一网络路径更不易受到第三方的干扰。 安全服务器通过第二网络路径与公共网络进行通信，以向通过专用网络传送的移动设备提供安全服务。

公开(公告)号：US20140152417A1

公开(公告)日：2014-06-05

申请号：US13693566

申请日：2012-12-04

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP.

Inventor： Nevine Maurice Nassif EBEID ,  Yevgeny Bondar ,  Shirook M. Ali

IPC: H01F38/14

CPC classification number: H01F38/14 ,  H01F27/365 ,  H04B5/0031

Abstract: A shielding article is provided, for shielding a device enabled for proximity-based communications, for example, NFC-enabled devices. The shielding article comprises a shielding component configured to prevent operation of an antenna of the device used for conducting proximity-based communications, without preventing operation of at least one other antenna of the device when the shielding component is aligned with the antenna used for conducting proximity-based communications. The shielding article may be separate from, or included in an accessory or carrying article and may be fixed or detachably coupled thereto.

Abstract translation: 提供了屏蔽物品，用于屏蔽能够进行基于接近通信的设备，例如具有NFC功能的设备。 屏蔽制品包括屏蔽部件，其被配置为防止用于进行基于接近通信的装置的天线的操作，而不会在屏蔽部件与用于进行接近的天线对准时防止装置的至少一个其他天线的操作 的通信。 屏蔽制品可以与附件或承载制品分离或包括在附件或承载物品中，并且可以固定或可拆卸地联接到其上。

公开(公告)号：US08732467B2

公开(公告)日：2014-05-20

申请号：US13730440

申请日：2012-12-28

Applicant: Certicom Corp.

Inventor： Scott Alexander Vanstone ,  Donald B. Johnson ,  Minghua Qu

IPC: H04L9/00

CPC classification number: H04L9/3247 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L9/3066 ,  H04L9/3252 ,  H04L2209/04

Abstract: A method for creating and authenticating a digital signature is provided, including selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system, a recovered second signature component s′ is computed by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature.

Abstract translation: 提供了一种用于创建和认证数字签名的方法，包括选择第一会话参数k并生成从会话参数k导出的第一短期公钥，使用短期计算从第一数学函数导出的第一签名组件r 公开密钥，选择第二会话参数t并且使用第二会话参数t计算从第二数学函数导出的第二签名组件，并且不使用反向操作，使用第一和第二会话参数来计算第三签名组件，并且发送 签名组件（s，r，c）作为屏蔽数字签名到接收机计算机系统。 在接收机计算机系统中，通过将第三签名组件与第二签名组件组合来计算恢复的第二签名组件s'，以将签名组件（s'，r）导出为未屏蔽的数字签名。

公开(公告)号：US20130246798A1

公开(公告)日：2013-09-19

申请号：US13791301

申请日：2013-03-08

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP.

Inventor： Michael Eoin Buckley ,  Matthew John Campagna ,  Gregory Marc Zaverucha

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/3252 ,  H04L9/3263 ,  H04L63/12 ,  H04W4/90 ,  H04W12/10

Abstract: There is provided a method for secure communications. The method comprises receiving a transmission comprising a signature of a broadcast message at a communication device, and verifying the signature using a certificate.

Abstract translation: 提供了一种用于安全通信的方法。 该方法包括在通信设备处接收包括广播消息的签名的传输，以及使用证书来验证签名。

公开(公告)号：US20130238899A1

公开(公告)日：2013-09-12

申请号：US13861540

申请日：2013-04-12

Applicant: CERTICOM CORP.

Inventor： Brian NEILL ,  Ashok VADEKAR ,  Patrick XU

IPC: G06F21/72

CPC classification number: G06F21/72 ,  H04L9/0897 ,  H04L63/062 ,  H04L2209/04 ,  H04L2209/60 ,  H04L2463/062

Abstract: A system and method for remote device registration, to monitor and meter the injection of keying or other confidential information onto a device, is provided. A producer who utilizes one or more separate manufacturers, operates a remote module that communicates over forward and backward channels with a local module at the manufacturer. Encrypted data transmissions are sent by producer to the manufacturer and are decrypted to obtain sensitive data used in the devices. As data transmissions are decrypted, credits from a credit pool are depleted and can be replenished by the producer through credit instructions. As distribution images are decrypted, usage records are created and eventually concatenated, and sent as usage reports back to the producer, to enable the producer to monitor and meter production at the manufacturer.

Abstract translation: 提供了用于远程设备注册的系统和方法，用于监视和计量密钥或其他机密信息到设备上的注入。 使用一个或多个单独的制造商的生产商操作远程模块，其通过前向和后向通道与制造商的本地模块进行通信。 加密的数据传输由制造商发送给制造商，并被解密以获得在设备中使用的敏感数据。 当数据传输被解密时，来自信用卡的信用被用尽，并且可以通过信用指示由生产者补充。 随着分发图像被解密，创建使用记录并最终并入，并将其作为使用报告发送回制造商，以使制造商能够监视制造商的生产计量。

公开(公告)号：US20130182841A1

公开(公告)日：2013-07-18

申请号：US13739671

申请日：2013-01-11

Applicant: Research In Motion Limited ,  Certicom Corp.

Inventor： Michael Eoin Buckley ,  Gregory Marc Zaverucha ,  Matthew John Campagna

IPC: H04L9/08

CPC classification number: H04L9/0861 ,  H04L9/083 ,  H04L9/0869 ,  H04L63/061 ,  H04L63/306 ,  H04L2209/80

Abstract: The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values.

Abstract translation: 本公开涉及用于安全通信的系统和方法。 在一些方面，发起方KMS从发起方UE接收用于生成加密密钥的一个或多个值，其包括获得与RANDRi相关联的至少一个值。 启动器KMS将与RANDRi相关联的至少一个值发送到响应者KMS。 响应者KMS使用一个或多个值生成加密密钥。

公开(公告)号：US20130145168A1

公开(公告)日：2013-06-06

申请号：US13730440

申请日：2012-12-28

Applicant: CERTICOM CORP.

Inventor： Scott Alexander Vanstone ,  Donald B. Johnson ,  Minghua Qu

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/1008 ,  H04L9/3066 ,  H04L9/3252 ,  H04L2209/04

Abstract: A method for creating and authenticating a digital signature is provided, including selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system, a recovered second signature component s′ is computed by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature.

Abstract translation: 提供了一种用于创建和认证数字签名的方法，包括选择第一会话参数k并生成从会话参数k导出的第一短期公钥，使用短期计算从第一数学函数导出的第一签名组件r 公开密钥，选择第二会话参数t并且使用第二会话参数t计算从第二数学函数导出的第二签名组件，并且不使用反向操作，使用第一和第二会话参数来计算第三签名组件，并且发送 签名组件（s，r，c）作为屏蔽数字签名到接收机计算机系统。 在接收机计算机系统中，通过将第三签名组件与第二签名组件组合来计算恢复的第二签名组件s'，以将签名组件（s'，r）导出为未屏蔽的数字签名。

公开(公告)号：US11119905B2

公开(公告)日：2021-09-14

申请号：US16508073

申请日：2019-07-10

Applicant: Certicom Corp.

Inventor： Keelan Smith ,  Richard Gwynn Jones ,  Chinh Khac Nguyen ,  Thomas Rudolf Stiemerling

IPC: G06F11/36 ,  G06F21/00 ,  G06Q10/06 ,  G06Q50/04 ,  G06F21/57 ,  G06F8/70 ,  G06F9/54

Abstract: An asset management system is provided which comprises one or more controllers, which operate as main servers and can be located at the headquarters of an electronic device manufacturer to remotely control their operations at any global location. The controller can communicate remotely over the Internet or other network to control one or more secondary or remote servers, herein referred to as appliances. The appliances can be situated at different manufacturing, testing or distribution sites. The controller and appliances comprise hardware security modules (HSMs) to perform sensitive and high trust computations, store sensitive information such as private keys, perform other cryptographic operations, and establish secure connections between components. The HSMs are used to create secure end-points between the controller and the appliance and between the appliance and the secure point of trust in an asset control core embedded in a device.