公开(公告)号：US5907618A

公开(公告)日：1999-05-25

申请号：US775348

申请日：1997-01-03

申请人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L9/0841 ,  H04L9/0894

摘要： A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message. Each trustee can decrypt its recovery information by regenerating its additional shared secret value from its own secret value and the public value of the first shared Diffie-Hellman key pair. The receiver can verify the correctness of the recovery information for each trustee by decrypting the information using the additional shared secret value for that trustee, without having to recreate the recovery information or perform computationally expensive public key operations.

摘要翻译： 一种用于在具有发送者和接收者的密码通信系统中可验证地向一个或多个受托人提供密钥恢复信息的方法和装置。每个通信方都有自己的Diffie-Hellman密钥对，包括秘密值和对应的公共价值，每个受托人 发送方从其自己的秘密值和由接收者持有的公开值不交互地生成包括与接收者共享但不与任何受托人共享的第一共享秘密值的第一共享Diffie-Hellman密钥对以及相应的公共值。 对于每个受托人，发件人然后从第一共享秘密值和与受托人​​所持有的秘密值相对应的公共价值非交互地生成与接收方和受托人共享的附加共享秘密值。 发送方使用额外的共享秘密值来加密每个受信任者的恢复信息，这些信息与加密消息一起发送到接收者。 每个受托人可以通过从其自己的秘密值和第一个共享的Diffie-Hellman密钥对的公共值重新生成其附加的共享秘密值来解密其恢复信息。 接收方可以通过使用该受托人的附加共享秘密值解密信息来验证每个受托人的恢复信息的正确性，而无需重新创建恢复信息或执行计算上昂贵的公钥操作。

公开(公告)号：US08868709B2

公开(公告)日：2014-10-21

申请号：US13099529

申请日：2011-05-03

申请人： Tamer Aboualy ,  Omkharan Arasaratnam ,  Stewart Wolfe ,  Nevenko Zunic

发明人： Tamer Aboualy ,  Omkharan Arasaratnam ,  Stewart Wolfe ,  Nevenko Zunic

IPC分类号： G06F15/173 ,  G06F9/50 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06

CPC分类号： G06F9/5055 ,  H04L41/5003 ,  H04L41/5067 ,  H04L41/509 ,  H04L63/0823 ,  H04L65/4084 ,  H04L67/322

摘要： A method including querying a service provider for functional and nonfunctional qualifications of the service provider to provide a service having functional and nonfunctional requirements; responsive to input from the service provider, receiving by a requestor the functional qualifications and nonfunctional qualifications of the service provider including attesting by a third party, not the service provider or requestor, to at least the nonfunctional qualifications of the service provider; evaluating the functional qualifications and attested to nonfunctional qualifications of the service provider; and selecting a service provider having functional and attested to nonfunctional qualifications complying with the functional and nonfunctional requirements of the requestor. The method may be performed on one or more computing devices. Also disclosed is a computer program product.

摘要翻译： 一种方法，包括：查询服务提供商以获得服务提供者的功能和非功能资格，以提供具有功能和非功能性要求的服务; 响应于来自服务提供商的输入，请求者接收服务提供商的功能资格和非功能性资格，包括第三方（而不是服务提供商或请求者）向至少服务提供商的非功能资格认证; 评估职能资格并证明服务提供者的非功能资格; 以及选择具有符合请求者的功能和非功能性要求的功能和证明为非功能资格的服务提供商。 该方法可以在一个或多个计算设备上执行。 还公开了一种计算机程序产品。

公开(公告)号：US08793781B2

公开(公告)日：2014-07-29

申请号：US11871374

申请日：2007-10-12

申请人： Aldo P. Grossi ,  Claire-Marie N. Karat ,  Peter K. Malkin ,  Nevenko Zunic

发明人： Aldo P. Grossi ,  Claire-Marie N. Karat ,  Peter K. Malkin ,  Nevenko Zunic

IPC分类号： G06F21/00

CPC分类号： G06Q10/10

摘要： A method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said specified rules. In this preferred embodiment, the comparing step includes the step of comparing said plurality of given rules to the policy template to determine whether any of said given rules conflicts with said specified rules. In addition, preferably, if conflicts are found between said given policies and said specified policy, the given policies are modified to eliminate the conflicts.

摘要翻译： 公开了一种方法和系统，用于分析遵守指定策略的策略。 该方法包括以下步骤：创建表示所述指定策略的策略模板，以及将一组给定策略与所述策略模板进行比较，以确定所述给定策略是否与所述指定策略冲突。 在本发明的优选实施例中，指定的策略可以包括指定的规则，给定的策略包括多个给定的规则，并且策略模板表达所述指定的规则。 在该优选实施例中，比较步骤包括将所述多个给定规则与策略模板进行比较以确定所述给定规则中的任何规则是否与所述指定规则冲突的步骤。 另外，优选地，如果在所述给定策略和所述指定策略之间发现冲突，则修改给定策略以消除冲突。

公开(公告)号：US07694136B2

公开(公告)日：2010-04-06

申请号：US10361250

申请日：2003-02-10

申请人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

发明人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3226 ,  H04L9/0825 ,  H04L9/3236

摘要： A method to distribute and authenticate public encryption keys. A client concatenates its ID, its public key, and a secret password known to the client and a server, and hashes the result. The client forms an extended concatenation including the ID, the public key, and the hashed value, and sends the extended concatenation to the server. The server reads the ID and public key, and re-computes the hashed value based on its own knowledge of the password. If the received and the computed hashed values are the same, the server concludes that the client's public key is authentic. An analogous process enables the server to distribute its public key, and enables the client to authenticate the server's distributed public key.

摘要翻译： 一种分发和验证公共加密密钥的方法。 客户端连接其ID，其公钥和客户机和服务器已知的秘密密码，并将结果进行散列。 客户端形成包括ID，公钥和散列值的扩展级联，并将扩展级联发送到服务器。 服务器读取ID和公钥，并根据自己的密码知道重新计算散列值。 如果接收的和计算的散列值相同，则服务器断定客户端的公钥是可信的。 类似的过程使服务器能够分发其公钥，并使客户端能够对服务器的分布式公钥进行身份验证。

公开(公告)号：US20090276446A1

公开(公告)日：2009-11-05

申请号：US12114296

申请日：2008-05-02

申请人： Marcel Graf ,  Morton G. Swimmer ,  Nevenko Zunic

发明人： Marcel Graf ,  Morton G. Swimmer ,  Nevenko Zunic

IPC分类号： G06F17/30

CPC分类号： G06F17/30569

摘要： A system and method for classifying structured data by automatically suggesting classification labels. The system comprises a taxonomy configured to provide one or more normalized labels and a classification tool configured to automatically classify data across an enterprise system using the one or more normalized labels. The method comprises extracting metadata from one or more relational databases; suggesting classifications based on the metadata; and converting one or more names to normalized labels across an enterprise system based on the suggested classifications.

摘要翻译： 通过自动建议分类标签对结构化数据进行分类的系统和方法。 该系统包括被配置为提供一个或多个标准化标签的分类法和被配置为使用一个或多个标准化标签在企业系统之间自动分类数据的分类工具。 该方法包括从一个或多个关系数据库提取元数据; 建议基于元数据的分类; 并根据建议的分类将一个或多个名称转换为整个企业系统的标准化标签。

公开(公告)号：US20090100498A1

公开(公告)日：2009-04-16

申请号：US11871374

申请日：2007-10-12

申请人： Aldo P. Grossi ,  Claire-Marie N. Karat ,  Peter K. Malkin ,  Nevenko Zunic

发明人： Aldo P. Grossi ,  Claire-Marie N. Karat ,  Peter K. Malkin ,  Nevenko Zunic

IPC分类号： G06F17/00

CPC分类号： G06Q10/10

摘要： A method and system are disclosed for analyzing policies for compliance with a specified policy. The method comprises the steps of creating a policy template representing said specified policy, and comparing a group of given policies to said policy template to determine whether said given policies conflict with said specified policy. In the preferred embodiment of the invention, the specified policy may include specified rules, the given policies include a plurality of given rules, and the policy template expresses said specified rules. In this preferred embodiment, the comparing step includes the step of comparing said plurality of given rules to the policy template to determine whether any of said given rules conflicts with said specified rules. In addition, preferably, if conflicts are found between said given policies and said specified policy, the given policies are modified to eliminate the conflicts.

摘要翻译： 公开了一种方法和系统，用于分析遵守指定策略的策略。 该方法包括以下步骤：创建表示所述指定策略的策略模板，以及将一组给定策略与所述策略模板进行比较，以确定所述给定策略是否与所述指定策略冲突。 在本发明的优选实施例中，指定的策略可以包括指定的规则，给定的策略包括多个给定的规则，并且策略模板表达所述指定的规则。 在该优选实施例中，比较步骤包括将所述多个给定规则与策略模板进行比较以确定所述给定规则中的任何规则是否与所述指定规则冲突的步骤。 另外，优选地，如果在所述给定策略和所述指定策略之间发现冲突，则修改给定策略以消除冲突。

公开(公告)号：US07519824B1

公开(公告)日：2009-04-14

申请号：US09458410

申请日：1999-12-10

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04L9/00 ,  G06F7/04 ,  H04K1/00

CPC分类号： H04L9/3297 ,  H04L2209/60

摘要： A method for time stamping a digital document employs a two-part time stamp receipt. The first part of the time stamp receipt includes identifying data associated with a document and a nonce. The second part of the time stamp receipt includes a time indication and the nonce. The nonce serves as a link between the first and second parts.

摘要翻译： 用于时间戳数字文档的方法采用两部分时间戳收据。 时间戳收据的第一部分包括与文档和随机数相关联的识别数据。 时间戳收据的第二部分包括时间指示和随机数。 该随机数作为第一和第二部分之间的链接。

公开(公告)号：US07490241B1

公开(公告)日：2009-02-10

申请号：US09458922

申请日：1999-12-10

申请人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

发明人： Mohammad Peyravian ,  Allen Roginsky ,  Nevenko Zunic ,  Stephen M. Matyas, Jr.

IPC分类号： H04L9/00

CPC分类号： H04L9/3297 ,  H04L2209/60

摘要： A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt using the document and the current time. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority validates the time stamp receipt by comparing the time value specified in the time stamp receipt to the current time. If the time value specified in the time stamp receipt is within a predetermined time window, the time stamping authority cryptographically binds the time value and document, or the time value and some representation of the document, e.g., by signing the time stamp receipt with its private signature key.

摘要翻译： 公开了一种用于时间戳数字文档的方法。 文档创建者使用文档和当前时间创建时间戳收据。 时间戳收据提交给具有可信时钟的时间戳机构。 时间戳权限通过将时间戳收据中指定的时间值与当前时间进行比较来验证时间戳收据。 如果时间戳收据中指定的时间值在预定的时间窗口内，则时间戳机构将时间值和文档加密地绑定，或者时间值和文档的某些表示，例如通过签署时间戳 私人签名密钥。

公开(公告)号：US07480384B2

公开(公告)日：2009-01-20

申请号：US10361433

申请日：2003-02-10

申请人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

发明人： Mohammad Peyravian ,  Allen Leonid Roginsky ,  Nevenko Zunic

IPC分类号： H04L9/00

CPC分类号： H04L9/3013 ,  H04L9/0844

摘要： A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.

摘要翻译： 使用一对随机数，根据随机数和密码计算的一对Diffie-Hellman公钥来交换和认证公共密钥之间的公共密钥，Diffie-Hellman对称密钥 根据Diffie-Hellman公钥和随机数计算出的散列值，并根据这些元素的参数进行散列。

公开(公告)号：US20070297608A1

公开(公告)日：2007-12-27

申请号：US11766192

申请日：2007-06-21

申请人： Per Jonas ,  Allen Roginsky ,  Nevenko Zunic

发明人： Per Jonas ,  Allen Roginsky ,  Nevenko Zunic

IPC分类号： H04L9/32

CPC分类号： H04L9/0822 ,  H04L9/0863

摘要： A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.

摘要翻译： 一种用于保护数据以供多个用户访问的方法。 服务器使用主密钥和对称加密算法对数据进行加密。 对于每个授权用户，密钥加密密钥（KEK）是从密码短语导出的，并且使用KEK对主密钥进行加密。 服务器发布加密数据以及辅助文件，其中包括针对每个用户的根据用户的KEK加密的用户标识符和主密钥。 为了访问数据，用户将密码短语输入客户端，重新导出用户的KEK，并在辅助文件中发现使用用户的KEK加密的主密钥。 客户端解密主密钥，然后解密数据。 KEK可以从自然语言密码短语中衍生，通过散列密码，连接结果和预定文本，散列连接和截断。