公开(公告)号：US11044105B2

公开(公告)日：2021-06-22

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US10862688B2

公开(公告)日：2020-12-08

申请号：US16352515

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/08 ,  H04L9/32

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret with a reduced message size. A receiver system receives from a sender system an encrypted message including encrypted message keys and a message MAC that is calculated and added for every sub-key. The receiver system determines if any one of the sub-keys is noiseless based on its corresponding message MAC. If none of the sub-keys are noiseless, the receiver system adjusts bits of the sub-keys until a sub-key with one noisy bit is found and corrected to form a noiseless sub-key. The noiseless sub-key is then processed to obtain a message key to decrypt the encrypted message.

公开(公告)号：US20200295939A1

公开(公告)日：2020-09-17

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20190333031A1

公开(公告)日：2019-10-31

申请号：US16002984

申请日：2018-06-07

Applicant: Dark Matter L.L.C.

Inventor： David William Kravitz

IPC: G06Q20/06 ,  G06Q20/40

Abstract: A system, method, and computer program product are provided for validating blockchain or distributed ledger transactions in a service requiring payment. In use, a transaction submitted within a blockchain or distributed ledger is accessed, the transaction being submitted for provisioning a service that requires payment. Additionally, one or more assertions of device or user attributes that are verifiably associated with at least one party to the transaction are extracted from the transaction. Further, the transaction is validated, utilizing the device or user attributes, independently of processing the payment.

公开(公告)号：US20190333029A1

公开(公告)日：2019-10-31

申请号：US15963943

申请日：2018-04-26

Applicant: Dark Matter L.L.C.

Inventor： David William Kravitz

IPC: G06Q20/06 ,  G06Q20/40

Abstract: A system, method, and computer program product are provided for validating blockchain or distributed ledger transactions in a service requiring payment. In use, a transaction submitted within a blockchain or distributed ledger is accessed, the transaction being submitted for provisioning a service that requires payment. Additionally, one or more assertions of device or user attributes that are verifiably associated with at least one party to the transaction are extracted from the transaction. Further, the transaction is validated, utilizing the device or user attributes, independently of processing the payment.

公开(公告)号：US20180246839A1

公开(公告)日：2018-08-30

申请号：US15898021

申请日：2018-02-15

Applicant: Dark Matter L.L.C.

Inventor： Jouni Tapio Nevalainen

IPC: G06F13/40 ,  G06F13/20

Abstract: A universal serial bus (USB) disconnection switch system, method, and computer program product are provided. In use, it is determined that a USB port integrated with a computing device is in electrical communication with at least one hardware component of the computing device via a data bus. Additionally, it is determined that a first predefined condition of the computing device is satisfied. Further, a switch is controlled to disconnect the data bus from the at least one hardware component of the computing device, based on the determination that the USB port is in electrical communication with the at least one hardware component via the data bus and the determination that the first predefined condition of the computing device is satisfied.

公开(公告)号：US20180013566A1

公开(公告)日：2018-01-11

申请号：US15202447

申请日：2016-07-05

Applicant: Dark Matter L.L.C.

Inventor： Alexander Sherkin ,  Ravi Singh ,  Michael Matovsky

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3242 ,  H04L9/0631 ,  H04L9/0662 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/123 ,  H04L2209/601 ,  H04L2209/80

Abstract: An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

公开(公告)号：US11159325B2

公开(公告)日：2021-10-26

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20200295950A1

公开(公告)日：2020-09-17

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US20200295945A1

公开(公告)日：2020-09-17

申请号：US16352515

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret with a reduced message size, comprising: a) receiving, by a receiver system, an encrypted message including encrypted message keys, and message authentication code (MAC) information a message MAC that is calculated and added for every sub-key, from a sender system; b) obtaining, by the receiver system, a number of a plurality of sub-keys from the received encrypted message; c) obtaining, by the receiver system, a sub-key from the plurality of sub keys associated with the encrypted message; d) utilizing, by the receiver system, a key derivation function to derive a key encryption key and a key MAC key associated with the sub-key; e) calculating, by the receiver system, an encrypted message key MAC associated with the sub-key using the derived key MAC key; f) determining, by the receiver system, whether the calculated encrypted message key MAC matches a received MAC for the sub-key; g) determining, by the receiver system, that the sub-key does not have any noise if the calculated encrypted message key MAC matches the received MAC for the sub-key; h) determining, by the receiver system, that the sub-key has noise if the calculated encrypted message key MAC does not match the received MAC for the sub-key; i) repeating, by the receiver system, steps c though h until a noiseless sub-key is found or all of the plurality of sub-keys are determined to have noise; j) if all of the plurality of sub-keys are determined to have noise, adjusting, by the receiver system, bits of a selected sub-key one by one, for each of the plurality of sub-keys, until a sub-key with one noisy bit is found and corrected to a noiseless sub-key; k) deriving, by the receiver system, a key encryption key from the noiseless sub-key; l) utilizing, by the receiver system, the key encryption key derived from the noiseless sub-key to decrypt a message key associated with the encrypted message; and m) utilizing, by the receiver system, the message key to decrypt the encrypted message.