公开(公告)号：US06192129B1

公开(公告)日：2001-02-20

申请号：US09018630

申请日：1998-02-04

申请人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L906

CPC分类号： H04L9/0625 ,  H04L2209/08 ,  H04L2209/24

摘要： A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.

摘要翻译： 一种用于加密和解密的高级字节取向对称密钥密码的方法和装置，使用块密码算法。 支持不同的块大小和密钥大小，每轮中使用不同的子密钥。 使用可变数量的混合，置换和密钥依赖替换来计算加密。 解密使用可变数量的密钥依赖逆替换，逆置换和反向混合。 可变长度子密钥与数据无关，可以预先计算。

公开(公告)号：US5796830A

公开(公告)日：1998-08-18

申请号：US681679

申请日：1996-07-29

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

摘要翻译： 可与现有系统互通的加密密钥恢复系统，用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P，Q和（可选地）R作为会话密钥和公共信息的函数，使得会话密钥可以从密钥恢复值P，Q和（ 如果生成）R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值（如果生成的话）不提供给密钥恢复代理，而是使用标准密码分析技术来确定，以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头，以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时，接收方才能解密接收的消息。

公开(公告)号：US07893830B2

公开(公告)日：2011-02-22

申请号：US12246140

申请日：2008-10-06

申请人： Vaijayanthimala K. Anand ,  Sandra K. Johnson ,  David Robert Safford ,  Kimberly DaShawn Simon

发明人： Vaijayanthimala K. Anand ,  Sandra K. Johnson ,  David Robert Safford ,  Kimberly DaShawn Simon

IPC分类号： G08B13/00

CPC分类号： H04L63/1416 ,  G06F21/55

摘要： An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.

摘要翻译： 提供入侵检测机制，用于在异构环境中进行灵活，自动，彻底，一致的安全检查和漏洞解决。 该机制可以提供预定义数量的默认入侵分析方法，例如基于签名的，基于异常的，基于扫描的和危险理论。 入侵检测机制还允许在飞行中添加无限数量的入侵分析方法。 使用入侵检测皮肤，该机制允许将各种权重分配给特定的入侵分析方法。 该机制可以动态地调整这些权重。 可以定制分数比例以确定入侵是否发生并动态调整。 此外，可以强制执行用于任何类型的计算元件的多个安全策略。

公开(公告)号：US07343493B2

公开(公告)日：2008-03-11

申请号：US10108600

申请日：2002-03-28

申请人： David Carroll Challener ,  David Robert Safford

发明人： David Carroll Challener ,  David Robert Safford

IPC分类号： G06F12/14 ,  G06F12/00 ,  G06F17/30 ,  H04L9/00

CPC分类号： G06F21/57

摘要： A method for restricting access to an encryption key of an encrypted file system (EFS), whereby access is provided only when a computer system is booted in a trusted state. The EFS encrypts the files within a TPM chip according to TCPA specifications and simultaneously creates the encryption key, which is also stored in the TPM. The key is sealed to one or more platform control register (PCR) states (i.e., the TPM will export the key only when the PCRs are in a pre-defined state.). The original PCR states are modified during boot up of the computer system via a secure hashing algorithm, which extends a value of one PCR to a next PCR at each stage of the boot process and then hashes the value with the remaining content of the next PCR. When the system boot process is completed and before control passes to the user, the values within the PCRs are compared to values stored in a PCR table within the TPM, and the encryption key is exported to the OS kernel only when the PCR values match the table values. The control code of the TPM chip decrypts and exports the key only if the value of each and every PCR matches its corresponding table value. A complete match indicates that the computer system has completed a trusted boot sequence.

摘要翻译： 一种用于限制对加密文件系统（EFS）的加密密钥的访问的方法，由此仅在计算机系统以可信状态引导时提供访问。 EFS根据TCPA规范加密TPM芯片内的文件，并同时创建加密密钥，该密钥也存储在TPM中。 密钥被密封到一个或多个平台控制寄存器（PCR）状态（即，仅当PCR处于预定义状态时，TPM将导出密钥）。 原始PCR状态在计算机系统引导期间通过安全散列算法进行修改，该算法在引导过程的每个阶段将一个PCR的值扩展到下一个PCR，然后用下一个PCR的剩余内容将该值进行散列 。 当系统启动过程完成并且在控制传递给用户之前，将PCR中的值与存储在TPM内的PCR表中的值进行比较，并且仅当PCR值匹配时才将加密密钥导出到OS内核 表值。 只有当每个PCR的值与其对应的表值匹配时，TPM芯片的控制代码才能解密并输出密钥。 一个完整的匹配表示计算机系统已经完成了可信的启动顺序。

公开(公告)号：US06185304B2

公开(公告)日：2001-02-06

申请号：US09027765

申请日：1998-02-23

申请人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04K100

CPC分类号： H04L9/002 ,  H04L9/0625 ,  H04L2209/24

摘要： The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.

摘要翻译： 本发明提供了一种用于对称密钥块密码的技术，系统和计算机程序。 支持可变块大小和密钥大小，以及可变数目的轮次。 密码器使用多个处理阶段，其中阶段具有不同的结构和不同的子区域功能，以提供对线性和差分攻击的极好抵抗。 使用Feistel Type-3网络，在不同阶段使用不同的网络。 轮次数可能会有所不同。 子项在某些（但不是全部）阶段中使用。 可变长度键可以预先计算。 定义了在密码中使用乘法的新颖方式。

公开(公告)号：US5907618A

公开(公告)日：1999-05-25

申请号：US775348

申请日：1997-01-03

申请人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L9/0841 ,  H04L9/0894

摘要： A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message. Each trustee can decrypt its recovery information by regenerating its additional shared secret value from its own secret value and the public value of the first shared Diffie-Hellman key pair. The receiver can verify the correctness of the recovery information for each trustee by decrypting the information using the additional shared secret value for that trustee, without having to recreate the recovery information or perform computationally expensive public key operations.

摘要翻译： 一种用于在具有发送者和接收者的密码通信系统中可验证地向一个或多个受托人提供密钥恢复信息的方法和装置。每个通信方都有自己的Diffie-Hellman密钥对，包括秘密值和对应的公共价值，每个受托人 发送方从其自己的秘密值和由接收者持有的公开值不交互地生成包括与接收者共享但不与任何受托人共享的第一共享秘密值的第一共享Diffie-Hellman密钥对以及相应的公共值。 对于每个受托人，发件人然后从第一共享秘密值和与受托人​​所持有的秘密值相对应的公共价值非交互地生成与接收方和受托人共享的附加共享秘密值。 发送方使用额外的共享秘密值来加密每个受信任者的恢复信息，这些信息与加密消息一起发送到接收者。 每个受托人可以通过从其自己的秘密值和第一个共享的Diffie-Hellman密钥对的公共值重新生成其附加的共享秘密值来解密其恢复信息。 接收方可以通过使用该受托人的附加共享秘密值解密信息来验证每个受托人的恢复信息的正确性，而无需重新创建恢复信息或执行计算上昂贵的公钥操作。

公开(公告)号：US20090033490A1

公开(公告)日：2009-02-05

申请号：US12246140

申请日：2008-10-06

申请人： Vaijayanthimala K. Anand ,  Sandra K. Johnson ,  David Robert Safford ,  Kimberly DaShawn Simon

发明人： Vaijayanthimala K. Anand ,  Sandra K. Johnson ,  David Robert Safford ,  Kimberly DaShawn Simon

IPC分类号： G08B13/00

CPC分类号： H04L63/1416 ,  G06F21/55

摘要： An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.

摘要翻译： 提供入侵检测机制，用于在异构环境中进行灵活，自动，彻底，一致的安全检查和漏洞解决。 该机制可以提供预定义数量的默认入侵分析方法，例如基于签名的，基于异常的，基于扫描的和危险理论。 入侵检测机制还允许在飞行中添加无限数量的入侵分析方法。 使用入侵检测皮肤，该机制允许将各种权重分配给特定的入侵分析方法。 该机制可以动态地调整这些权重。 可以定制分数比例以确定入侵是否发生并动态调整。 此外，可以强制执行用于任何类型的计算元件的多个安全策略。

公开(公告)号：US07085933B2

公开(公告)日：2006-08-01

申请号：US10166835

申请日：2002-06-11

申请人： David Carroll Challener ,  David Robert Safford ,  Leendert Peter Van Doorn

发明人： David Carroll Challener ,  David Robert Safford ,  Leendert Peter Van Doorn

IPC分类号： H04L9/00

CPC分类号： G06F21/57 ,  G06F2221/2105

摘要： A computer system, method of operation, and program product which gives a clear indication to a user when a computer system has transitioned to a trusted state.

公开(公告)号：US06189095B1

公开(公告)日：2001-02-13

申请号：US09092125

申请日：1998-06-05

申请人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L900

CPC分类号： H04L9/0625 ,  H04L9/002 ,  H04L2209/08 ,  H04L2209/24

摘要： The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).

摘要翻译： 本发明提供了一种用于对称密钥块密码的技术，系统和计算机程序。 该密码在扩展箱前向功能中使用具有修改的Type-3 Feistel网络和修改的不平衡类型1 Feistel网络的多个阶段。 密码允许块大小，密钥大小，扩展次数和加密阶段数量的变化。 修改后的Type-3密码在某些回合中修改了用作扩展箱输入的字，以加快加密的扩散性能。 修改后的Type-3和Type-1密码是交错的，并且对线性和差分攻击提供出色的阻力。 可以预先计算可变长度子项和S盒。 需要最少量的计算机存储来实现该密码，这可以在硬件或软件（或其某种组合）中同样良好地实现。

公开(公告)号：US06185679B2

公开(公告)日：2001-02-06

申请号：US09027769

申请日：1998-02-23

申请人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Don Coppersmith ,  Rosario Gennaro ,  Shai Halevi ,  Charanjit S. Jutla ,  Stephen M. Matyas, Jr. ,  Luke James O'Connor ,  Mohammed Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L900

CPC分类号： H04L9/002 ,  H04L9/0625 ,  H04L2209/08 ,  H04L2209/12 ,  H04L2209/24

摘要： The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.

摘要翻译： 本发明提供了一种用于对称密钥块密码的技术，系统和计算机程序。 支持可变块大小和密钥大小，以及可变数目的轮次。 密码器使用多个处理阶段，其中阶段具有不同的结构和不同的子区域功能，以提供对线性和差分攻击的极好抵抗。 两种不同阶段都使用1型和3型Feistel。 轮次数可能会有所不同。 子项在某些（但不是全部）阶段中使用。 可变长度键可以预先计算。 定义了在密码中使用数据相关旋转的新颖方式。