公开(公告)号：US20130120109A1

公开(公告)日：2013-05-16

申请号：US13561267

申请日：2012-07-30

Applicant: Phil LIBIN ,  Silvio Micali ,  David Engberg

Inventor： Phil LIBIN ,  Silvio Micali ,  David Engberg

IPC: G05B1/00

CPC classification number: G05B1/00 ,  G07C9/00039 ,  G07C9/00103 ,  G07C9/00158 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04W4/021

Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.

Abstract translation: 与访问区域相关联的记录事件包括记录与访问该区域相关联的事件以提供事件记录和至少认证事件记录以提供经认证的记录。 记录事件可能包括记录事件的时间。 记录事件可能包括记录一种事件。 该事件可能是访问该地区的尝试。 记录事件可能包括与访问该区域的尝试相关联的记录凭证/证明。 记录事件可能包括记录尝试的结果。 记录事件可以包括记录除了表示应该拒绝访问的凭据/证明之外的数据的存在。 记录事件可能包括记录与该区域相关的附加数据。 记录录制可能包括对录音进行数字签名。

公开(公告)号：US08171524B2

公开(公告)日：2012-05-01

申请号：US12069227

申请日：2008-02-08

Applicant: Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

Inventor： Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

IPC: G06F7/04

CPC classification number: H04L9/3236 ,  H04L9/007 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/805

Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

Abstract translation: 公开了一种用于通过数字证书验证过程来控制物理访问的系统和方法，所述数字证书验证过程使用标准证书格式，并且使得认证机构（CA）可以在任何时间间隔（例如，每天， 小时或分钟），从C的发行日期开始，D1。 C的时间粒度可以在证书本身内指定，除非对所有证书是相同的。 例如，所有证书可能具有一天的粒度，每个证书在发布后365天到期。 给定由CA提供的某些初始输入，单向散列函数用于计算数字证书中包含的指定字节大小的值，并计算保密并在验证过程中使用的其他值。

公开(公告)号：US08015597B2

公开(公告)日：2011-09-06

申请号：US10893165

申请日：2004-07-16

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg ,  Alex Sinelnikov

IPC: G06F7/04 ,  H04L29/06 ,  H04L9/32 ,  G06F21/00

CPC classification number: H04L9/3247 ,  H04L9/3268 ,  H04L2209/80

Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user. The credential may be stored in a second card different from the first card, and the first door may rely on information about the authenticated data by retrieving such information from storage. The authenticated data may be first stored in at least one other card different from the first card and the authenticated data may be transferred from the at least one other card to the first card. The authenticated data may be transferred from the at least one other card to the first card by first being transferred to at least one other door different from the first door.

Abstract translation: 发布和传播关于凭证的数据包括：使实体发出指示证书已被撤销的认证数据，使认证数据存储在第一用户的第一卡中，利用第一卡将认证数据传送到 第一门，具有关于认证数据的第一门店信息，并且使第一门依靠关于认证数据的信息来拒绝对证书的访问。 认证数据可以通过数字签名认证，并且第一门可以验证数字签名。 数字签名可以是公钥数字签名。 数字签名的公钥可能与凭证相关联。 数字签名可以是私钥数字签名。 证书和第一张卡可能都属于第一个用户。 证书可以存储在与第一卡不同的第二卡中，并且第一门可以通过从存储检索这些信息来依赖关于认证数据的信息。 认证数据可以首先存储在与第一卡不同的至少一个其他卡中，并且认证数据可以从至少一个其他卡传送到第一卡。 经认证的数据可以通过首先被传送到与第一门不同的至少一个其他门，从至少一个其他卡传送到第一卡。

公开(公告)号：US20070011100A1

公开(公告)日：2007-01-11

申请号：US11471273

申请日：2006-06-20

Applicant: Phil Libin ,  David Engberg

Inventor： Phil Libin ,  David Engberg

IPC: G06Q99/00

CPC classification number: G06Q20/40 ,  G06F21/34 ,  G06F21/35 ,  G06Q20/24 ,  G06Q20/341 ,  G06Q20/346 ,  G06Q20/367 ,  G06Q20/4014 ,  G07C9/00126 ,  G07F7/1008 ,  G07F7/122

Abstract: Determining whether to remotely authorize an action on behalf of a requester includes having the requester provide a privacy token, remotely obtaining data from the privacy token, and authorizing the action if the data from the privacy token verifies that the requester is authorized to take the action. The action may include issuing a credit card for the requester. The privacy token may be a smart card. The data may be digitally signed. Determining whether to remotely authorize an action on behalf of a requester may also include authorizing the action if the requester had previously indicated a desire not to require presentation of the privacy token. The action may be authorized only if the data from the privacy token verifies the identity of the requester.

Abstract translation: 确定是否代表请求者远程授权操作包括让请求者提供隐私令牌，从隐私令牌远程获得数据，以及如果来自隐私令牌的数据验证请求者被授权采取行动，则授权该动作 。 该举措可能包括为请求者发放信用卡。 隐私令牌可以是智能卡。 数据可能是数字签名的。 确定是否代表请求者远程授权操作还可以包括如果请求者先前已经指示了不要求呈现隐私令牌的愿望，则授权该动作。 仅当来自隐私令牌的数据验证请求者的身份时，该操作才可以被授权。

公开(公告)号：US20120274444A1

公开(公告)日：2012-11-01

申请号：US13399480

申请日：2012-02-17

Applicant: Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

Inventor： Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

IPC: G05B19/00

CPC classification number: G07C9/00031 ,  G07C9/00134

Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

Abstract translation: 公开了一种用于通过数字证书验证过程来控制物理访问的系统和方法，所述数字证书验证过程使用标准证书格式，并且使得认证机构（CA）可以在任何时间间隔（例如，每天， 小时或分钟），从C的发行日期开始，D1。 C的时间粒度可以在证书本身内指定，除非对所有证书是相同的。 例如，所有证书可能具有一天的粒度，每个证书在发布后365天到期。 给定由CA提供的某些初始输入，单向散列函数用于计算数字证书中包含的指定字节大小的值，并计算保密并在验证过程中使用的其他值。

公开(公告)号：US07966487B2

公开(公告)日：2011-06-21

申请号：US11032520

申请日：2005-01-10

Applicant: David Engberg ,  Phil Libin ,  Silvio Micali

Inventor： David Engberg ,  Phil Libin ,  Silvio Micali

IPC: H04L9/32 ,  G06F7/04 ,  G06F17/30

CPC classification number: H04L9/3268 ,  H04L9/3247 ,  H04L2209/56 ,  H04L2209/80

Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The first party may cache the artificially pre-computed OCSP response for future transactions.

Abstract translation: 促进第一方和第二方之间的交易包括在发起交易之前，其中一方获得关于特定数字证书的人为预先计算的OCSP响应，其中人为地预先计算出的OCSP响应由实体产生 除了第一方和第二方之外，与交易相关的当事方之一发起交易，向第二方提供特定数字证书的第一方，以及使用人为预先验证特定数字证书的第二方 计算OCSP响应。 第二方可以在事务开始之前获得人为预先计算的OCSP响应。 第二方可以缓存人为预先计算的OCSP响应以供将来的交易使用。 第一方可以在交易开始之前获得人为预先计算的OCSP响应。 第一方可以缓存人为预先计算的OCSP响应以用于将来的交易。

公开(公告)号：US20080211624A1

公开(公告)日：2008-09-04

申请号：US12069227

申请日：2008-02-08

Applicant: Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

Inventor： Silvio Micali ,  David Engberg ,  Phil Libin ,  Leo Reyzin ,  Alex Sinelnikov

IPC: H04L9/32

CPC classification number: H04L9/3236 ,  H04L9/007 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/805

Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.

公开(公告)号：US09158288B2

公开(公告)日：2015-10-13

申请号：US13561267

申请日：2012-07-30

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg

IPC: B60R25/00 ,  G05B19/00 ,  G05B23/00 ,  G06K5/00 ,  G06F7/04 ,  G05B1/00 ,  G07C9/00 ,  H04W4/02 ,  H04L29/06

CPC classification number: G05B1/00 ,  G07C9/00039 ,  G07C9/00103 ,  G07C9/00158 ,  H04L63/08 ,  H04L63/102 ,  H04L63/1416 ,  H04W4/021

Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.

Abstract translation: 与访问区域相关联的记录事件包括记录与访问该区域相关联的事件以提供事件记录和至少认证事件记录以提供经认证的记录。 记录事件可能包括记录事件的时间。 记录事件可能包括记录一种事件。 该事件可能是访问该地区的尝试。 记录事件可能包括与访问该区域的尝试相关联的记录凭证/证明。 记录事件可能包括记录尝试的结果。 记录事件可以包括记录除了表示应该拒绝访问的凭据/证明之外的数据的存在。 记录事件可能包括记录与该区域相关的附加数据。 记录录制可能包括对录音进行数字签名。

公开(公告)号：US08099603B2

公开(公告)日：2012-01-17

申请号：US11804798

申请日：2007-05-21

Applicant: Phil Libin ,  David Engberg

Inventor： Phil Libin ,  David Engberg

IPC: G06F21/00 ,  G06F21/20

CPC classification number: H04L9/3234 ,  G06Q20/367 ,  G06Q20/3672 ,  G06Q20/3674 ,  G06Q20/382 ,  H04L9/0866 ,  H04L9/3226 ,  H04L2209/80 ,  H04W12/08

Abstract: A cost-effective system that provides for the efficient protection of transmitted non-public attribute information may be used, for example, to control access to a secure area. Encryption of the attribute information may be performed using symmetric encryption techniques, such as XOR and/or stream cipher encryption. A centralized database that stores and transmits the encrypted attribute information may generate the encryption/decryption key based on selected information bytes, for example, as taken from a card inserted into a handheld device used at the secure area. The selected information to generate the encryption key stream may be varied on a periodic basis by the centralized database. Information as to which selected bytes are to be used for a particular access authorization request may be transmitted to the handheld unit or may be input through action of a user of the handheld unit, for example by entry of a PIN code.

Abstract translation: 可以使用提供有效保护所传送的非公开属性信息的具有成本效益的系统，例如来控制对安全区域的访问。 可以使用诸如XOR和/或流密码加密之类的对称加密技术来执行属性信息的加密。 存储和发送加密的属性信息的集中式数据库可以基于所选择的信息字节生成加密/解密密钥，例如从插入到安全区域使用的手持设备的卡中取出。 用于生成加密密钥流的所选择的信息可以由集中式数据库周期性地改变。 用于特定访问授权请求的哪些选定字节的信息可以被发送到手持式单元，或者可以通过手持式单元的用户的动作来输入，例如通过输入PIN码。

公开(公告)号：US07822989B2

公开(公告)日：2010-10-26

申请号：US10893126

申请日：2004-07-16

Applicant: Phil Libin ,  Silvio Micali ,  David Engberg

Inventor： Phil Libin ,  Silvio Micali ,  David Engberg

IPC: H04K1/00 ,  G06F21/00 ,  H04L9/32

CPC classification number: G07C9/00103 ,  G07C9/00007

Abstract: Controlling access includes providing a barrier to access that includes a controller that selectively allows access, at least one administration entity generating credentials/proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the controller receiving the credentials/proofs, the controller determining if access is presently authorized, and, if access is presently authorized, the controller allowing access. The credentials/proofs may be in one part or may be in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or the first administration entity may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.

Abstract translation: 控制访问包括提供访问障碍，其包括选择性地允许访问的控制器，至少一个生成凭证/证明的管理实体，其中没有有效证明是可被确定的，只给出期限证明的凭证和值，控制器接收证书/证明 ，控制器确定当前是否授权访问，并且如果当前授权访问，则控制器允许访问。 凭证/证明可以在一个部分或可以在不同的部分。 可能有一个第一个管理实体生成凭证和生成证明的其他管理实体。 第一管理实体也可以生成证明，或者第一管理实体可能不生成证明。 证书可以对应于数字证书，其包括作为将单向函数应用于第一个证明的结果的最终值。