公开(公告)号：US5121431A

公开(公告)日：1992-06-09

申请号：US547364

申请日：1990-07-02

申请人： Michael J. Wiener

发明人： Michael J. Wiener

IPC分类号： G06F7/52 ,  G06F7/72

CPC分类号： G06F7/5324 ,  G06F7/722

摘要： For a public key encryption system, for example using the RSA algorithm, large numbers, for example each of the order of 256 bits and represented by a plurality of sequentially stored words, must be multiplied together. To achieve this at high speed there is described a method using a digital signal processor which has two accumulators for accumulating products of words, each accumulator having a capacity of more than twice the size of the words which are multiplied. The two accumulators are used alternately for accumulating partial products of the same significance in a multiplication of two numbers. Pointers to the sequentially stored words are incremented in opposite directions to point to words to be multiplied to form partial products of the same significance, and the pointer incrementing directions are changed for sets of partial products of increasing significance. The pointer control and alternating use of the accumulators enables a significant increase in multiplication speed to be achieved.

摘要翻译： 对于公开密钥加密系统，例如使用RSA算法，必须将大数字（例如，256位的每一个并由多个顺序存储的字表示）相乘。 为了高速地实现这一点，描述了一种使用数字信号处理器的方法，该数字信号处理器具有用于累积单词产生的两个累加器，每个累加器的容量是乘以字的大小的两倍。 两个累加器交替地用于在两个数的相乘中累积具有相同重要性的部分乘积。 对顺序存储的字的指针以相反方向递增以指向要乘以的词以形成具有相同重要性的部分乘积，并且针对具有递增意义的部分乘积的集合改变指针递增方向。 指针控制和蓄能器的交替使用能够显着增加要实现的倍增速度。

公开(公告)号：US06393565B1

公开(公告)日：2002-05-21

申请号：US09128321

申请日：1998-08-03

申请人： Roland T. Lockhart ,  Michael J. Wiener

发明人： Roland T. Lockhart ,  Michael J. Wiener

IPC分类号： G06F0124

CPC分类号： G07F7/1008 ,  G06F21/602 ,  G06Q20/341 ,  G06Q20/3576 ,  G07F7/1016 ,  H04L9/0891 ,  H04L9/0894

摘要： A data management system and method for a limited cryptographic storage unit, such as a smartcard or other hardware token, includes a cryptographic data manager that interfaces with the limited capacity cryptographic storage unit and a data overflow memory coupled to the cryptographic data manager. The cryptographic data manager stores cryptographic data, such as decryption private keys or other secret cryptographic data, in the overflow memory from the limited capacity cryptographic storage unit based on a limited capacity storage unit data update condition. The cryptographic data manager may serve as a secondary cryptographic data manager that receives the cryptographic data from an original cryptographic data storage device, or primary storage device such as a server that generates the cryptographic data, that stores a history of the cryptographic data.

摘要翻译： 用于有限密码存储单元（诸如智能卡或其他硬件令牌）的数据管理系统和方法包括与有限容量密码存储单元相连接的加密数据管理器和耦合到密码数据管理器的数据溢出存储器。 加密数据管理器基于有限容量存储单元数据更新条件，从有限容量密码存储单元存储溢出存储器中的解密私钥或其他秘密密码数据等密码数据。 加密数据管理器可以用作从原始密码数据存储设备或存储密码数据的历史的生成加密数据的主服务器的主存储设备接收加密数据的二级加密数据管理器。

公开(公告)号：US6134550A

公开(公告)日：2000-10-17

申请号：US40744

申请日：1998-03-18

申请人： Paul C. Van Oorschot ,  Michael J. Wiener ,  Ian Curry

发明人： Paul C. Van Oorschot ,  Michael J. Wiener ,  Ian Curry

IPC分类号： G06F21/33 ,  H04L9/32 ,  G06F17/00

CPC分类号： G06F21/33 ,  G06Q20/38215 ,  H04L9/3265 ,  H04L9/3268 ,  Y10S707/99939 ,  Y10S707/99942

摘要： A method and apparatus constructs a preferred certificate chain, such as a list of all certificate authorities in a shortest trusted path, based on generated certificate chain data, such as a table of trust relationships among certificate issuing units in a community of interest, to facilitate rapid validity determination of the certificate by a requesting unit. In one embodiment, requesting units, such as certificate validation units or subscribers, send queries to a common certificate chain constructing unit. Each query may identify a beginning and target certification authority in the community. The certificate chain constructing unit then automatically determines the certification chain among certification issuing units between the beginning and target certification authorities for each query and provides certificate chain data to the requesting unit. The requesting unit then performs validity determination on the certificate to be validated based on the certificate chain data.

摘要翻译： 一种方法和装置基于生成的证书链数据（诸如感兴趣的社区中的证书颁发单位之间的信任关系表）来构建优选证书链，诸如最短信任路径中的所有证书颁发机构的列表，以便于 请求单位对证书的快速有效性确定。 在一个实施例中，诸如证书验证单元或订户的请求单元向公共证书链构造单元发送查询。 每个查询可以标识社区中的开始和目标证书颁发机构。 证书链构造单元然后在每个查询的开始和目标认证机构之间自动确定认证发行单元之间的认证链，并向请求单元提供证书链数据。 然后，请求单元基于证书链数据对要验证的证书进行有效性确定。

公开(公告)号：US5949884A

公开(公告)日：1999-09-07

申请号：US950416

申请日：1997-10-24

申请人： Carlisle M. Adams ,  Michael J. Wiener

发明人： Carlisle M. Adams ,  Michael J. Wiener

IPC分类号： H04L9/06 ,  H04K1/00

CPC分类号： H04L9/0625 ,  H04L2209/24

摘要： A method of encrypting or decrypting an input message block of binary data of predetermined length 2n into an output message block by dividing the message block into two equal size halves, performing one or more transformation rounds on the message block halves, each transformation round further comprising the steps of determining a key, processing the first half data block using a hash function to obtain a modified first half data block of length n, and combining the modified first half data block with the second half data block to obtain a modified second half data block of length n; and, lastly, appending the first modified half data block to the second modified half data block to obtain the output message block.

摘要翻译： 将预定长度为2n的二进制数据的输入消息块加密或解密为输出消息块的方法，通过将消息块划分成两个相等的大小一半，在消息块一半上执行一个或多个变换回合，每个变换回合还包括 确定密钥的步骤，使用散列函数处理前半数据块以获得长度为n的经修改的前半数据块，并将修改的前半数据块与第二半数据块组合以获得修改的第二半数据 长度为n的块 并且最后，将第一修改后的半数据块附加到第二修改的半数据块以获得输出消息块。

公开(公告)号：US06363485B1

公开(公告)日：2002-03-26

申请号：US09150430

申请日：1998-09-09

申请人： Carlisle Adams ,  Michael J. Wiener

发明人： Carlisle Adams ,  Michael J. Wiener

IPC分类号： H04L900

CPC分类号： H04L9/304 ,  H04L9/3231

摘要： A multi-factor biometric authenticating device and method generates error correction based partial encryption key seed data based on a plurality of sample biometric inputs, such as raw biometric data The error correction based partial encryption key seed data serves as a partial seed for generating a secret encryption key for encrypting user data. The first partial seed is combined with a second partial encryption seed to generate the secret encryption key. The device stores the error correction based partial encryption key seed data and does not store the secret encryption key.

摘要翻译： 多因素生物特征鉴定装置和方法基于诸如原始生物特征数据的多个样本生物特征输入产生基于错误校正的部分加密密钥种子数据。基于误差校正的部分加密密钥种子数据用作用于产生秘密的部分种子 用于加密用户数据的加密密钥。 第一部分种子与第二部分加密种子组合以产生秘密加密密钥。 该设备存储基于错误校正的部分加密密钥种子数据，并且不存储秘密加密密钥。

公开(公告)号：US06230272B1

公开(公告)日：2001-05-08

申请号：US08949744

申请日：1997-10-14

申请人： Roland T. Lockhart ,  Michael J. Wiener

发明人： Roland T. Lockhart ,  Michael J. Wiener

IPC分类号： H04K100

CPC分类号： G06F21/62 ,  G06F21/6245 ,  G06F2211/008 ,  H04L9/0894 ,  H04L9/3247 ,  H04L9/3263

摘要： A method and system for protecting a multipurpose data string used for both decrypting data and for authenticating a user utilizes a remote storage element that contains a long random data string or password protected by a short easy to remember access data, such as a personal identification number or other user authentication mechanism. The remote storage element contains data used for both initially encrypting secret private keys and for later decrypting the encrypted secret private keys, or other secret data, so they can be used to decrypt data transferred within a computer network, or be used for digitally signing data transferred within a computer network.

摘要翻译： 用于保护用于解密数据和用于认证用户的多用途数据串的方法和系统利用包含长简单记忆访问数据（例如个人识别号码）保护的长随机数据串或密码的远程存储元件 或其他用户认证机制。 远程存储元件包含用于初始加密秘密私钥和随后解密加密的秘密专用密钥或其他秘密数据的数据，因此它们可用于解密在计算机网络内传送的数据，或用于数字签名数据 在计算机网络内传输。

公开(公告)号：US06978017B2

公开(公告)日：2005-12-20

申请号：US08949525

申请日：1997-10-14

申请人： Michael J. Wiener ,  Josanne M. Otway

发明人： Michael J. Wiener ,  Josanne M. Otway

IPC分类号： H04L9/30 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L9/0891 ,  H04L9/0894

摘要： An adaptable cryptographic method and system provides updated digital signature key pairs in a public key system by providing, through a multi-client manager unit, selectable expiry data such as digital signature certificate lifetime data, public key expiry data and private key expiry data as selectable on a per client basis. The multi-client manager unit stores selected public key expiry data and private key expiry data for association with a new digital signature key pair and associates the stored selected expiry data with the new digital signature key pair to facilitate a transition from an old digital signature key pair to a new digital signature key pair.

摘要翻译： 适应性密码方法和系统通过多客户管理器单元提供诸如数字签名证书生命周期数据，公开密钥到期数据和专用密钥到期数据之类的可选择的到期数据，在公开密钥系统中提供更新的数字签名密钥对， 在每个客户的基础上。 多客户端管理单元存储用于与新的数字签名密钥对相关联的所选择的公钥到期数据和私钥到期数据，并将所存储的所选择的到期数据与新的数字签名密钥对相关联，以便于从旧的数字签名密钥 配对到一个新的数字签名密钥对。

公开(公告)号：US5481613A

公开(公告)日：1996-01-02

申请号：US227871

申请日：1994-04-15

申请人： Warwick S. Ford ,  Michael J. Wiener

发明人： Warwick S. Ford ,  Michael J. Wiener

IPC分类号： G09C1/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/30

CPC分类号： H04L9/0841 ,  H04L9/088

摘要： Novel cryptographic key distribution techniques to be used in large computer networks are disclosed. The techniques require trusted key release agent systems in each security domain. The encryptor of a data message nominates the set of authorized decryptors, using a set of access control attributes recognized by a key release agent in a target security domain. Data enabling the message decryption key and the access control attributes to be recovered are sent to the decryptor in an access controlled decryption block, which is encrypted under a separate key. The access controlled decryption block can only be decrypted by a key release agent in the correct security domain. The key release agent recovers the decryption key and supplies it to an authorized decryptor, which allows the decryptor to recover the original data message.

摘要翻译： 公开了在大型计算机网络中使用的新型加密密钥分配技术。 这些技术需要每个安全域中的可信密钥发行代理系统。 数据消息的加密器使用由目标安全域中的密钥释放代理识别的一组访问控制属性来指定授权的解密器集合。 允许消息解密密钥和访问控制属性被恢复的数据被发送到访问控制解密块中的解密器，该解密块在单独的密钥下进行加密。 访问控制解密块只能由正确的安全域中的密钥释放代理解密。 密钥释放代理恢复解密密钥并将其提供给授权的解密器，这允许解密器恢复原始数据消息。