公开(公告)号：US20080037791A1

公开(公告)日：2008-02-14

申请号：US11890408

申请日：2007-08-06

申请人： Bjorn Jakobsson

发明人： Bjorn Jakobsson

IPC分类号： H04L9/08 ,  G06F21/00 ,  H04L9/30

CPC分类号： H04L63/1433 ,  G06F21/552 ,  H04L9/0891 ,  H04L63/1483 ,  H04L2209/56 ,  H04L2209/605

摘要： Disclosed is a method and apparatus for evaluating actions performed on a client device. For each of the performed actions, a current key is generated from a previous key and an associated action attestation value is generated from the previous key and information about each action (stored in a log file). The previous key is then deleted. A final attestation value is also generated using a publicly non-invertible function and is based at least on the current key. The client device transmits information about the performed actions (stored in a log file), the plurality of action attestation values, and the final attestation value to the server so that the server can authenticate the action attestation values and the final attestation value. If the server cannot authenticate these attestation values, then the server can determine that the log file has been tampered with.

摘要翻译： 公开了一种用于评估在客户端设备上执行的动作的方法和装置。 对于每个执行的操作，从先前的密钥生成当前密钥，并且从先前密钥生成相关联的动作认证值，以及关于每个操作的信息（存储在日志文件中）。 之前的密钥被删除。 最终认证值也是使用公开的不可逆函数生成的，至少基于当前的密钥。 客户端设备向服务器发送关于执行的动作（存储在日志文件中）的信息，多个动作认证值和最终认证值，使得服务器可以认证动作认证值和最终认证值。 如果服务器无法验证这些证明值，则服务器可以确定日志文件已被篡改。

公开(公告)号：US06687822B1

公开(公告)日：2004-02-03

申请号：US09330194

申请日：1999-06-11

申请人： Markus Bjorn Jakobsson

发明人： Markus Bjorn Jakobsson

IPC分类号： H04L900

CPC分类号： H04L9/3268 ,  H04L2209/76

摘要： A method for providing publicly verifiable translation certificates comprising the steps of receiving an input encryption having a first secret key; outputting an output re-encryption of the input encryption, the output re-encryption having a second secret key; and generating a translation certificate that proves the input encryption and the output re-encryption are encryptions of an identical message, wherein the first secret key and the second secret key do not need to be, but are allowed to be, equal. This method and system for generating translation certificates in quorum controlled asymmetric proxy encryptions has uses, including but not limited to, Internet applications and specifically to E-mail systems. The scheme, which can use either an ElGamal encryption, an ElGamal encryption based on Elliptic Curves or an ElGamal related encryption algorithm, leaks no information as long as there is no dishonest quorum of proxy servers and produces a small, publicly verifiable translation certificate, that is independent of the number of prover servers involved in the re-encryption.

摘要翻译： 一种用于提供可公开验证的翻译证书的方法，包括以下步骤：接收具有第一秘密密钥的输入加密; 输出所述输入加密的输出重新加密，所述输出重新加密具有第二秘密密钥; 以及生成证明输入加密和输出重新加密的翻译证书是相同消息的加密，其中第一秘密密钥和第二秘密密钥不需要但允许相等。 用于在仲裁控制的非对称代理加密中生成翻译证书的方法和系统具有使用，包括但不限于互联网应用，特别是电子邮件系统。 该方案可以使用ElGamal加密，基于椭圆曲线的ElGamal加密或ElGamal相关加密算法，只要没有不正确的代理服务器的法定人数，并且生成一个小的可公开验证的翻译证书，就不会泄露任何信息 独立于重新加密涉及的证明者服务器的数量。

公开(公告)号：US20050165696A1

公开(公告)日：2005-07-28

申请号：US10996997

申请日：2004-11-24

申请人： Bjorn Jakobsson ,  Jean-Pierre Hubaux ,  Levente Buttyan

发明人： Bjorn Jakobsson ,  Jean-Pierre Hubaux ,  Levente Buttyan

IPC分类号： G06Q20/00 ,  H04L9/32 ,  H04L12/28 ,  H04L12/56 ,  H04L9/00

CPC分类号： H04W4/24 ,  G06Q20/06 ,  G06Q20/29 ,  G06Q20/32 ,  G06Q20/367 ,  G06Q20/38215 ,  G06Q20/3823 ,  H04L9/3236 ,  H04L2209/56 ,  H04L2209/80 ,  H04M15/68 ,  H04M2215/0196 ,  H04M2215/2026 ,  H04M2215/32 ,  H04W88/04

摘要： In a communication system having a number of base stations and user devices, a sending user device comprising a processor and a memory is configured to generate a packet or other communication for forwarding to a receiving user device via one or more intermediary user devices of the system. The forwarding path of the communication may involve one or more of the base stations. A payment token is associated with the communication, such that at least one of the intermediary user devices can generate a payment claim based on the payment token. The payment token is independent of the particular identities of the one or more intermediary user devices of the system.

摘要翻译： 在具有多个基站和用户设备的通信系统中，包括处理器和存储器的发送用户设备被配置为生成分组或其他通信，用于经由系统的一个或多个中间用户设备转发到接收用户设备 。 通信的转发路径可以涉及一个或多个基站。 支付令牌与通信相关联，使得至少一个中间用户设备可以基于支付令牌生成支付索赔。 支付令牌独立于系统的一个或多个中间用户设备的特定身份。

公开(公告)号：US20050036615A1

公开(公告)日：2005-02-17

申请号：US10631989

申请日：2003-07-31

申请人： Bjorn Jakobsson ,  Burton Kaliski

发明人： Bjorn Jakobsson ,  Burton Kaliski

IPC分类号： H04L9/00 ,  H04K1/00

CPC分类号： H04L9/3234 ,  H04L9/3247 ,  H04L2209/30 ,  H04L2209/38 ,  H04L2209/80

摘要： Techniques are disclosed for partitioning of cryptographic functionality, such as authentication code verification or generation ability, so as to permit delegation of at least one of a number of distinct portions of the cryptographic functionality from a delegating device to at least one recipient device. The cryptographic functionality is characterizable as a graph comprising a plurality of nodes, and a given set of the nodes is associated with a corresponding one of the distinct portions of the cryptographic functionality. Information representative of one or more of the nodes is transmitted from the delegating device to the recipient device such that the recipient device is thereby configurable for authorized execution of a corresponding one of the distinct portions of the cryptographic functionality. Advantageously, the invention provides a particularly efficient mechanism for the provision of cryptographic functionality in accordance with a subscription model.

摘要翻译： 公开了用于对加密功能进行分区的技术，例如验证码验证或生成能力，以便允许将密码功能的多个不同部分中的至少一个从授权设备委派给至少一个接收者设备。 加密功能可以被表征为包括多个节点的图，并且给定的一组节点与密码功能的不同部分中的对应的一个相关联。 代表一个或多个节点的信息从委托设备发送到接收者设备，使得接收者设备由此被配置成用于对密码功能的不同部分中对应的一个的授权执行。 有利地，本发明提供了一种用于根据订阅模型提供密码功能的特别有效的机制。

公开(公告)号：US20070106748A1

公开(公告)日：2007-05-10

申请号：US11590083

申请日：2006-10-31

申请人： Bjorn Jakobsson ,  Ari Juels

发明人： Bjorn Jakobsson ,  Ari Juels

IPC分类号： G06F15/16

CPC分类号： H04L67/42 ,  H04L63/0807

摘要： Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

摘要翻译： 公开了一种用于在服务器和客户端设备之间的第一网络会话期间执行将编码信息存储在客户端设备上的步骤的方法和装置。 为了使编码信息存储在客户机设备处，服务器首先确定对信息进行编码的一组网络资源请求。 这些网络资源请求可以包括对一个或多个特定URL的请求和/或对一个或多个文件的请求。 然后，服务器使客户端设备发起网络资源请求。 服务器可以通过例如将客户端设备重定向到网络资源来引起该启动。 启动网络资源请求的客户端设备使代表网络资源请求的数据存储在客户端设备处。

公开(公告)号：US06587946B1

公开(公告)日：2003-07-01

申请号：US09222716

申请日：1998-12-29

申请人： Markus Bjorn Jakobsson

发明人： Markus Bjorn Jakobsson

IPC分类号： H04L900

CPC分类号： H04L63/02 ,  H04L9/002 ,  H04L9/3013 ,  H04L9/3221 ,  H04L51/00 ,  H04L63/04 ,  H04L2209/16 ,  H04L2209/76

摘要： A method of forwarding an encrypted message sent to a primary recipient having a secret key to at least one secondary recipient comprising the steps of sharing portions of the secret key among a predetermined threshold number of proxy servers greater than one, upon receipt of an encrypted message by the predetermined threshold number of proxy servers, each of the predetermined threshold number of proxy servers modifying the message by applying the key portion to the encrypted message, the result of the modification comprising a message secret to the predetermined threshold number of proxy servers but decryptable by at least one secondary recipient, and forwarding the resultant message to at least one secondary recipient. This method and system for quorum controlled asymmetric proxy encryption has uses ranging from efficient key distribution for pay-tv, to methods for distributively maintaining databases. The scheme, which can use either an ElGamal, or an ElGamal encryption based on Elliptic Curves or an ElGamal related encryption algorithm, leaks no information as long as there is no dishonest quorum of proxy servers.

摘要翻译： 将发送到具有秘密密钥的主接收者的加密消息转发给至少一个次要接收方的方法，包括以下步骤：在接收到加密消息之后，在预定阈值数量的代理服务器之间共享秘密密钥的部分 通过预定阈值数量的代理服务器，每个预定阈值数量的代理服务器通过将密钥部分应用于加密消息来修改消息，修改的结果包括对预定阈值数量的代理服务器的消息秘密，但可解密 由至少一个辅助接收者，并将所得到的消息转发到至少一个辅助接收者。 这种用于仲裁控制的非对称代理加密的方法和系统具有从付费电视的有效密钥分发到分布式维护数据库的方法。 可以使用ElGamal或基于椭圆曲线的ElGamal加密或ElGamal相关加密算法的方案，只要没有不正当的代理服务器的定额，就不会泄露任何信息。