公开(公告)号：US20100095118A1

公开(公告)日：2010-04-15

申请号：US12443823

申请日：2007-10-11

申请人： Anil Kumar Meka

发明人： Anil Kumar Meka

IPC分类号： H04L9/32 ,  H04L9/08

CPC分类号： G06F21/6227

摘要： Cryptographic Key Management System facilitating secure access of data portions to corresponding groups of users. In an embodiment, corresponding group key (asymmetric key pair) is provided for each group, with the private key being stored in a secure format requiring the user credentials for decryption. In addition, a data key required to decrypt a data portion of interest is encrypted using the group public key. Thus, when a user attempts to access a data portion, the user credentials are used to decrypt the group private key, which is then used to decrypt the data key. The data key is then used to decrypt the data portion of interest.

摘要翻译： 加密密钥管理系统，促进数据部分到相应用户组的安全访问。 在一个实施例中，为每个组提供相应的组密钥（非对称密钥对），私钥以需要用户凭证进行解密的安全格式存储。 此外，使用组公钥加密解密感兴趣的数据部分所需的数据密钥。 因此，当用户尝试访问数据部分时，用户凭证用于解密组私钥，然后用于解密数据密钥。 数据密钥然后用于解密感兴趣的数据部分。

公开(公告)号：US07502467B2

公开(公告)日：2009-03-10

申请号：US11265510

申请日：2005-11-02

申请人： John G. Brainard ,  Burton S. Kaliski, Jr. ,  Magnus Nyström ,  Ronald L. Rivest

发明人： John G. Brainard ,  Burton S. Kaliski, Jr. ,  Magnus Nyström ,  Ronald L. Rivest

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L63/08 ,  G06F21/31 ,  G06F21/33 ,  H04L9/0844 ,  H04L9/0869 ,  H04L9/3234 ,  H04L63/0428

摘要： In one embodiment of a user authentication system and method according to the invention, a device shares a secret, referred to as a master seed, with a server. The device and the server both derive one or more secrets, referred to as verifier seeds, from the master seed, using a key derivation function. The server shares a verifier seed with one or more verifiers. The device, or an entity using the device, can authenticate with one of the verifiers using the appropriate verifier seed. In this way, the device and the verifier can share a secret, the verifier seed for that verifier, without that verifier knowing the master seed, or any other verifier seeds. Thus, the device need only store the one master seed, have access to the information necessary to correctly derive the appropriate seed, and have seed derivation capability. A verifier cannot compromise the master seed, because the verifier does not have access to the master seed.

摘要翻译： 在根据本发明的用户认证系统和方法的一个实施例中，设备与服务器共享被称为主种子的秘密。 设备和服务器都使用密钥导出函数从主种子中导出一个或多个称为验证者种子的秘密。 服务器与一个或多个验证者共享一个验证者种子。 设备或使用该设备的实体可以使用适当的验证者种子与验证者之一进行身份验证。 以这种方式，设备和验证者可以共享秘密，该验证者的验证者种子，而没有知道主种子的验证者或任何其他验证者种子。 因此，设备只需要存储一个主播种子，可以访问正确导出适当种子所需的信息，并具有种子推导能力。 验证者不能损害主粒子，因为验证者无法访问主粒子。

公开(公告)号：US07472093B2

公开(公告)日：2008-12-30

申请号：US09802278

申请日：2001-03-08

申请人： Ari Juels

发明人： Ari Juels

IPC分类号： G06F17/60

CPC分类号： G06Q30/02 ,  G06Q40/04 ,  G06Q50/188

摘要： A system and method for enabling use of detailed consumer profiles for the purposes of targeted information delivery while protecting these profiles from disclosure to information providers or hostile third parties are disclosed herein. Rather than gathering data about a consumer in order to decide which information to send her, an information provider makes use of a client-side executable software module called a negotiant function. The negotiant function acts as a client-side proxy to protect consumer data, and it also directs the targeting of information, requesting items of information from the information provider that are tailored to the profile provided by the consumer.

摘要翻译： 本文公开了一种用于为了有针对性的信息传递目的而使用详细的消费者简档的系统和方法，同时保护这些简档免于向信息提供者或敌对的第三方的披露。 信息提供商不是收集关于消费者的数据，以决定哪些信息发送给她，而是使用称为协商功能的客户端可执行软件模块。 协商功能充当客户端代理来保护消费者数据，并且还指导信息的定位，从信息提供商处请求与消费者提供的简档相匹配的信息。

公开(公告)号：US07359507B2

公开(公告)日：2008-04-15

申请号：US09804460

申请日：2001-03-12

申请人： Burton S. Kaliski

发明人： Burton S. Kaliski

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04L9/085 ,  H04L9/088 ,  H04L2209/04 ,  H04L2209/50

摘要： Methods for regenerating a strong secret for a user, based on input of a weak secret, such as a password, are assisted by communications exchanges with a set of independent servers. Each server holds a distinct secret value (i.e., server secret data). The strong secret is a function of the user's weak secret and of the server secret data, and a would-be attacker cannot feasibly compute the strong secret without access to both the user's weak secret and the server secret data. Any attacker has only a limited opportunity to guess the weak secret, even if he has access to all messages transmitted in the generation and regeneration processes plus a subset (but not all) of the server secret data.

摘要翻译： 通过与一组独立服务器的通信交换来辅助基于输入弱密码（例如密码）为用户重新生成用户的强大秘密的方法。 每个服务器保存不同的秘密值（即，服务器秘密数据）。 强大的秘密是用户的弱秘密和服务器秘密数据的功能，一个潜在的攻击者无法可靠地计算强大的秘密，而无需访问用户的弱密码和服务器的秘密数据。 任何攻击者只有有限的机会来猜测弱的秘密，即使他能够访问在生成和再生过程中发送的所有消息以及服务器秘密数据的子集（但不是全部）。

公开(公告)号：US07356696B1

公开(公告)日：2008-04-08

申请号：US09630711

申请日：2000-08-01

申请人： Bjorn Markus Jakobsson ,  Ari Juels

发明人： Bjorn Markus Jakobsson ,  Ari Juels

IPC分类号： H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC分类号： H04L9/3218

摘要： The bread pudding protocol of the present invention represents a novel use of proofs of work and is based upon the same principle as the dish from which it takes its name, namely, that of reuse to minimize waste. Whereas the traditional bread pudding recipe recycles stale bread, our bread pudding protocol recycles the “stale” computations in a POW to perform a separate and useful task, while also maintaining privacy in the task. In one advantageous embodiment of our bread pudding protocol, we consider the computationally intensive operation of minting coins in the MicroMint scheme of Rivest and Shamir and demonstrate how the minting operation can be partitioned into a collection of POWs, which are then used to shift the burden of the minting operation onto a large group of untrusted computational devices. Thus, the computational effort invested in the POWs is recycled to accomplish the minting operation.

摘要翻译： 本发明的面包布丁方案代表了工作证明的新颖用途，并且基于与其名称相同的原理，即重复使用以最小化废物的原理。 而传统的面包布丁配方回收陈旧的面包，我们的面包布丁协议回收了一个POW中的“陈旧”计算，以执行一个单独和有用的任务，同时保持任务中的隐私。 在我们的面包布丁协议的一个有利的实施例中，我们考虑在Rivest和Shamir的MicroMint方案中的铸币的计算密集操作，并且演示了铸造操作如何被划分成一组POWs，然后将其用于转移负担 的铸造操作到一大堆不可信的计算设备上。 因此，投资于战俘的计算工作被循环利用，以完成造币操作。

公开(公告)号：US07298243B2

公开(公告)日：2007-11-20

申请号：US10915189

申请日：2004-08-10

申请人： Ari Juels ,  John G. Brainard

发明人： Ari Juels ,  John G. Brainard

IPC分类号： H04Q5/22

CPC分类号： G06K7/10019 ,  G06K7/0008

摘要： Methods and apparatus are disclosed for use in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In accordance with an aspect of the invention, identifiers transmitted by the RFID devices are received by the reader. The system determines a classification of at least one of the received identifiers, and implements a privacy policy for data associated with one or more of the received identifiers based at least in part on the determined classification. For example, the given RFID device may be configurable into at least a first state indicative of a first classification, such as a private classification, and a second state indicative of a second classification, such as a public classification. The reader may alter a type of query that it issues based at least in part on the determined classification. Alternatively or additionally, response by the given RFID device to a query received from the reader may be conditioned on the state of the RFID device. The reader may be configured, dynamically or otherwise, so as to issue queries causing such selective responses by the RFID devices.

摘要翻译： 公开了用于RFID系统中的方法和装置，所述RFID系统包括多个RFID设备和至少一个与一个或多个设备通信的读取器。 根据本发明的一个方面，读取器接收由RFID设备发送的标识符。 系统确定所接收的标识符中的至少一个的分类，并且至少部分地基于所确定的分类，针对与一个或多个所接收的标识符相关联的数据实施隐私策略。 例如，给定的RFID设备可以被配置为指示诸如私有分类的第一分类的第一状态和指示诸如公共分类的第二分类的第二状态。 读者可以至少部分地基于所确定的分类来改变它所发出的查询的类型。 或者或另外，由给定的RFID设备对从读取器接收的查询的响应可以根据RFID设备的状态进行调节。 可以动态地或以其他方式配置读取器，以便发出引起RFID设备的这种选择性响应的查询。

公开(公告)号：US20070124321A1

公开(公告)日：2007-05-31

申请号：US11265539

申请日：2005-11-02

申请人： Michael Szydlo

发明人： Michael Szydlo

IPC分类号： G06F7/00

CPC分类号： G06F21/31 ,  G06F2221/2131 ,  G06Q20/40 ,  H04L9/3218

摘要： Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.”

摘要翻译： 用于将秘密信息存储在数字保险库中的方法和系统包括从用户获得对多个不同问题的回答，以及确定哪些子集或问题的组合，以后由实体提供的正确答案将使该实体能够访问 保险库中的秘密信息。 每个组合中的问题数量少于问题总数，至少有一个子集至少有两个问题。 对于每个子集，生成相应的答案字符串，字符串被散列，并且所得到的散列值与数字秘密组合。 这隐藏了数字秘密，然后将其存储在保管库中。 用于注册认证材料的方法和系统包括存储用于每个组合的散列字符串的答案，生成“多个认证者”。

公开(公告)号：US07100049B2

公开(公告)日：2006-08-29

申请号：US10435322

申请日：2003-05-09

申请人： Louis A Gasparini ,  Charles E Gotlieb

发明人： Louis A Gasparini ,  Charles E Gotlieb

IPC分类号： H04L9/00 ,  G06F17/30

CPC分类号： H04L63/08 ,  G06F21/31 ,  G06F21/445 ,  G06F21/6263 ,  G06F2221/2119 ,  H04L63/083 ,  H04L63/12 ,  H04L63/1466 ,  H04L63/168 ,  H04L67/02

摘要： A system and method allows a user to authenticate a web site, a web site to authenticate a user, or both. When a user requests a web page from the web site, customization information that is recognizable to the user is provided to allow the user to authenticate the web site. A signed, encrypted cookie stored on the user's system allows the web site to authenticate the user.

摘要翻译： 系统和方法允许用户对网站进行身份验证，网站对用户进行身份验证，或两者兼而有之。 当用户从网站请求网页时，提供用户可识别的定制信息以允许用户认证网站。 存储在用户系统上的已签名加密的cookie允许网站对用户进行身份验证。

公开(公告)号：US20060174104A1

公开(公告)日：2006-08-03

申请号：US11303752

申请日：2005-12-16

申请人： Mark Crichton ,  James Townsend

发明人： Mark Crichton ,  James Townsend

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  G06F21/33 ,  H04L63/0807

摘要： A method of allowing a user to authenticate to an authentication service while isolating information associated with the user from the authentication service includes generating a service user identifier (SUID) associated with an authentication code source, a subscribing site and an authentication service. The method includes creating an association of the SUID with the information associated with the user, and isolating the association within the subscribing site. The method includes providing an authentication code generated by the authentication code-generating device from the user to the subscribing site, and providing the authentication code along with the SUID and information identifying the subscribing site to the authentication service. The method includes identifying the code-generating device, using the SUID and the information identifying the subscribing site, and generating an authentication decision for the authentication code with respect to the code-generating device, and providing the decision to the subscribing site.

摘要翻译： 允许用户对认证服务进行身份验证同时将与用户相关联的信息与认证服务隔离的方法包括生成与认证码源，订阅站点和认证服务相关联的服务用户标识符（SUID）。 该方法包括创建SUID与与用户相关联的信息的关联，以及隔离订阅站点内的关联。 所述方法包括：将由认证码生成装置生成的认证码从用户提供给订阅站点，并将认证码与SUID一起提供，并将识别订阅站点的信息提供给认证服务。 该方法包括使用SUID和识别订阅站点的信息来识别代码生成装置，并且针对代码生成装置生成用于认证代码的认证决定，并向订阅站点提供决定。

公开(公告)号：USD517440S1

公开(公告)日：2006-03-21

申请号：US29214508

申请日：2004-10-04

申请人： Kenneth M. Gehalo ,  Edward W. Vipond ,  Carolus Thijssen ,  William Wrightson

设计人： Kenneth M. Gehalo ,  Edward W. Vipond ,  Carolus Thijssen ,  William Wrightson