-
公开(公告)号:US20140095860A1
公开(公告)日:2014-04-03
申请号:US13630460
申请日:2012-09-28
Applicant: Alcatel-Lucent USA Inc. , Alcatel Lucent
Inventor: Abdullatif Shikfa , Vladimir Kolesnikov
CPC classification number: H04L9/008 , H04L63/0428 , H04L63/123
Abstract: A method for providing enhanced security in cloud computing architecture by managing the types of interaction a server should be allowed, thus preventing decryption of private data. A client may encrypt data using an order preserving encryption (OPE) algorithm. One application of the method and system is a browser-based webmail application where a client may receive email from one or more servers then store the received email that has been associated with OPE data, on a separate server that is not used to send or receive email.
Abstract translation: 一种通过管理应允许服务器的交互类型来提供云计算架构增强安全性的方法,从而防止私有数据的解密。 客户端可以使用订单保留加密(OPE)算法来加密数据。 方法和系统的一个应用是基于浏览器的webmail应用程序,其中客户端可以从一个或多个服务器接收电子邮件,然后将已经与OPE数据相关联的接收的电子邮件存储在不用于发送或接收的单独的服务器上 电子邮件。
-
公开(公告)号:US20150181024A1
公开(公告)日:2015-06-25
申请号:US14415757
申请日:2013-08-23
Applicant: ALCATEL LUCENT
Inventor: Yacine El Mghazli , Abdullatif Shikfa
IPC: H04M3/38 , H04B1/3816 , H04W60/00 , H04W12/04 , H04W12/06
Abstract: A method and system for initial personalization of a smart card coupled with a communication device of a user who is not yet a subscriber of any telecommunication network are disclosed. A temporary international identity and a temporary authentication key are stored in the smart card and in a home location register connected to a roaming entity of a telecommunication network. A series of signals are exchanged between the smart card, the roaming entity, an application server and a personalization server to establish a secure session between the smart card and the personalization server. During the secure session, the smart card receives a message containing an initial international identity from the personalization server, and replaces the temporary international identity and the temporary authentication key by the initial international identity and the initial authentication key.
Abstract translation: 公开了一种智能卡的初始个性化方法和系统,该智能卡与尚未成为任何电信网络的用户的用户的通信设备相结合。 临时国际身份和临时认证密钥存储在智能卡和连接到电信网络的漫游实体的归属位置寄存器中。 在智能卡,漫游实体,应用服务器和个性化服务器之间交换一系列信号,以在智能卡和个人化服务器之间建立安全会话。 在安全会话期间,智能卡从个性化服务器接收包含初始国际身份的消息,并且通过初始国际身份和初始认证密钥替换临时国际身份和临时认证密钥。
-
公开(公告)号:US10289862B2
公开(公告)日:2019-05-14
申请号:US15304149
申请日:2015-04-14
Inventor: Daniel Augot , Françoise Levy-dit-Vehel , Abdullatif Shikfa
Abstract: A method of storing and retrieving a set of original data (E1, . . . , En) in and from a plurality of remote servers (SP1, . . . , SPI+1), comprises a coding step which consists in creating a set of coded data (S1, . . . , SN) from the set of original data (E1, . . . , En), a storing step which consists in storing the set of coded data (S1, . . . , SN) into the plurality of remote servers (SP1, . . . , SPI+1). Each server (SP1, . . . , SPI+1) of the said plurality of servers stores only a respective part of the set of coded data (S1, . . . , SN) and the method comprises a step which consists in generating a table (T1, T2) which indicates which respective part of the set of coded data (S1, . . . , SN) is stored in which server of the said plurality of remote servers (SP1, . . . , SPI+1).
-
公开(公告)号:US09769780B2
公开(公告)日:2017-09-19
申请号:US14396425
申请日:2013-06-11
Applicant: Alcatel Lucent
Inventor: Yacine El Mghazli , Abdullatif Shikfa
IPC: H04W60/00 , H04W76/02 , H04W8/04 , H04W8/18 , H04W4/00 , H04W8/20 , H04W12/04 , H04W12/06 , H04W4/14
CPC classification number: H04W60/005 , H04W4/14 , H04W4/60 , H04W8/04 , H04W8/186 , H04W8/205 , H04W12/04 , H04W12/06
Abstract: A method and apparatus for personalizing a smart card (SC) in a communication device of a subscriber of a first telecommunication network (TN), who wishes to become a subscriber of a second TN, is disclosed. A first identity and authentication key (AK) are stored in the SC. A first application server (AS) in the first TN receives a request of subscription change comprising an identifier of the second TN, establishes a secured session with a second AS of the second TN, and sends a message comprising the first identity and AK to the second AS so the SC can access the second TN. The second AS sends a second message including a personalization command, admin code, second identity and second AK to the communication device, which executes the personalization command to replace the first identity and AK with the second identity and the second AK if the admin code is valid.
-
5.发明授权Method for protecting confidentiality of a file distributed and stored at a plurality of storage service providers 有权保护在多个存储服务提供商分发和存储的文件的机密性的方法公开(公告)号:US09286487B2
公开(公告)日:2016-03-15
申请号:US14401236
申请日:2013-04-18
Applicant: Alcatel Lucent
Inventor: Abdullatif Shikfa , Serge Papillon
CPC classification number: G06F21/6218 , G06F3/0604 , G06F3/0605 , G06F3/0607 , G06F3/062 , G06F3/0638 , G06F3/067 , G06F21/62 , G06F21/6209 , G06F21/6227 , G06F21/6272 , G06F21/64 , G06F2221/2149 , H04L9/0894
Abstract: This method comprises the steps of: —choosing (1) a security parameter n,—segmenting (2) the file in n chunks S1, . . . , Sn, —randomly choosing (3) n2 coefficients aij for i=1, . . . , n and j=1, . . . , n,—verifying (3) that the vectors ai1, . . . , ain, for i=1, . . . , n, are linearly independent, otherwise generating the coefficients again, —computing (4) n linear combinations Ci=ai1S1+ . . . +aijSj+ . . . +ain·Sn, for i=1, n,—choosing (5) n storage service providers Oi, . . . , On among said plurality of storage service provider, —generating (6a; 6b; 6c) n file identifiers ID′1, . . . , ID′n designating said file (F),—storing (6a; 6b; 6c) the combination Ci at the storage service provider Oi in association with the file identifier ID′i, for i=1, . . . , n,—storing the file identifier ID′i and the provider identifier Oi, for i=1, . . . , n, in a file descriptor corresponding to the file (F), this file descriptor being stored in a local memory (LM),—storing the set of coefficients ai,1, . . . , ain so that it can be re-associated with the combination Ci, for i=1, n;—randomly choosing n super-coefficients a′1, . . . , a′j, . . . , a′n for j=1, . . . , n,—computing a linear over-combination OC′=a′1-C1+ . . . +a′j·Cj+ . . . +a′n·Cn,—and storing the over-combination OC′ and the coefficients a′1, . . . , a′j, . . . , a′n for j=1, . . . , n.
Abstract translation: 该方法包括以下步骤: - 选择(1)安全参数n, - 分割(2)n个块S1中的文件。 。 。 ,Sn,随机选择(3)i = 1的n2系数aij。 。 。 ,n和j = 1,。 。 。 ,n, - 验证(3)向量ai1,。 。 。 对于i = 1,ain。 。 。 ,n是线性独立的,否则再次产生系数,计算(4)n个线性组合Ci = ai1S1 +。 。 。 + aijSj +。 。 。 + ain·Sn,对于i = 1,n,选择(5)n个存储服务提供商Oi。 。 。 在所述多个存储服务提供商中,生成(6a; 6b; 6c)n个文件标识符ID'1。 。 。 ,指定所述文件(F)的ID, - 对于i = 1,将与所述文件标识符ID'i相关联的组合Ci存储在存储服务提供商Oi上(6a; 6b; 6c)。 。 。 对于i = 1,n,存储文件标识符ID'i和提供者标识符Oi。 。 。 ,n,在与文件(F)对应的文件描述符中,该文件描述符被存储在本地存储器(LM)中, - 存储该组系数ai,1,...。 。 。 ain,使得它可以与组合Ci重新相关联,对于i = 1,n; - 随机选择n个超系数a'1。 。 。 ,a'j,。 。 。 ,a'n为j = 1,。 。 。 ,n, - 计算线性过组合OC'= a'1-C1 +。 。 。 + a'j·Cj +。 。 。 + a'n·Cn,并存储过组合OC'和系数a'1。 。 。 ,a'j,。 。 。 ,a'n为j = 1,。 。 。 ,n。
-
Patent Agency Ranking
公开(公告)号:US09203615B2
公开(公告)日:2015-12-01
申请号:US14027438
申请日:2013-09-16
Applicant: Alcatel Lucent
Inventor: Serge Papillon , Haithem El Abed , Antony Martin , Abdullatif Shikfa
CPC classification number: H04L9/0838 , H04L9/0844 , H04L9/0891 , H04W4/60 , H04W4/70 , H04W8/205 , H04W12/04
Abstract: A method and apparatus for personalizing a smart card coupled with a communication device of a user who is a subscriber of a first telecommunication network and wishes to become a subscriber of a second telecommunication network is disclosed. A first authentication key is stored in both the smart card and in an first application server included in the first telecommunication network. A secure session is established with a second application server included in the second telecommunication network via the first telecommunication network by negotiating with the first application server and the second application server in order that the smart card and the second application server agree on an second authentication key. Shared values and shared functions according to a secure multiparty computation protocol are used to compute a second authentication key which replaces the first authentication key in the smart card.
Abstract translation: 公开了一种用于个性化与作为第一电信网络的订户并且希望成为第二电信网络的订户的用户的通信设备相结合的智能卡的方法和装置。 第一认证密钥存储在智能卡和包括在第一电信网络中的第一应用服务器中。 通过与第一应用服务器和第二应用服务器协商来使通过第一电信网络包括在第二电信网络中的第二应用服务器建立安全会话,以便智能卡和第二应用服务器同意第二认证密钥 。 使用根据安全多方计算协议的共享值和共享功能来计算替代智能卡中的第一认证密钥的第二认证密钥。
-
7.发明授权公开(公告)号:US09178704B2
公开(公告)日:2015-11-03
申请号:US13630533
申请日:2012-09-28
Applicant: Alcatel-Lucent USA Inc.
Inventor: Vladimir Y. Kolesnikov , Ranjit Kumaresan , Abdullatif Shikfa
CPC classification number: H04L9/32 , H04L9/3218 , H04L2209/12 , H04L2209/46 , H04L2209/50
Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.
Abstract translation: 服务器辅助安全功能评估(SFE)是通过输入一致性验证来执行的,这两个方面都是希望评估一个功能的两方。 服务器计算与功能相对应的乱码电路。 混乱电路中的线i的0密码的预定义位被设置为随机比特bi,并且乱码电路中线i的1秘密的预定义位被设置为bi。 服务器与各方通过使用Oblivious Transfer(OT)进行通信,以提供各方输入的加密版本。 每一方接收对方的加密有线秘密和用于计算相应输出的乱码电路,并存储另一方感兴趣的线的预定位。 给定方可以通过将至少两个执行中给定方所存储的值与从服务器获得的对应值进行比较,来验证另一方对至少两个执行的输入一致性。
-
公开(公告)号:US09135454B2
公开(公告)日:2015-09-15
申请号:US13907044
申请日:2013-05-31
Applicant: Alcatel-Lucent
Inventor: Abdullatif Shikfa , Serge Papillon
CPC classification number: G06F21/602 , G06F21/6227
Abstract: A system and method for enabling searchable encryption of encrypted documents stored by a client on one or more storage providers includes a broker server in communication with the client and the one or more storage providers. The broker server is adapted to transfer the encrypted documents between the client and the one or more storage providers and to maintain information indicating where the encrypted documents are transferred. The broker server further stores information for at least one encrypted index for the encrypted documents and a test function for a searchable encryption mechanism used to encrypt the at least one encrypted index.
Abstract translation: 用于对客户端在一个或多个存储提供商上存储的加密文件进行可搜索加密的系统和方法包括与客户机和一个或多个存储提供商通信的代理服务器。 代理服务器适于在客户机和一个或多个存储提供商之间传送加密的文档,并且维护指示加密的文档被传送到哪里的信息。 代理服务器还存储用于加密文档的至少一个加密索引的信息和用于加密至少一个加密索引的可搜索加密机制的测试功能。
-
公开(公告)号:US20150215121A1
公开(公告)日:2015-07-30
申请号:US14417572
申请日:2013-08-14
Applicant: Alcatel Lucent
Inventor: Yacine El Mghazli , Abdullatif Shikfa
CPC classification number: H04L9/0844 , H04L2209/80 , H04W12/04 , H04W12/08
Abstract: For personalizing a smart card (SC) coupled with a communication device (CD) of a user being a subscriber of a first telecommunication network (TN1) and wishing to become a subscriber of a second telecommunication network (TN2), a first international identity (IMSI—1) and a first authentication key (AK—1) being stored in the smart card (SC), the smart card receives a message (MesP) from an application server (AS) connected to the first telecommunication network and the second telecommunication network, the message (MesN) comprising a personalization command (ComP) and an admin code (ACas), after that the application server has received a request (Req) of subscription change comprising an identifier (1dMNO2) of the second telecommunication network (TN2) and has established a secured session with a personalization server (PS) of the second telecommunication network (TN2) identified by the identifier (1dMNO2), LR2 and interprets the personalization command (ComP) to establish a secure session with the personalization server (PS) via the application server (AS), if the admin code (ACas) is valid. The smart card negotiates with the personalization server to agree on an second authentication key, by exchanging messages containing values derived from random secrets, receives a message (Mes3) containing an second international identity (IMSI—2) from the personalization server (PS), and replaces the first international identity (IMSI—1) and the first authentication key (AK—1) by the second international identity and the second authentication key.
Abstract translation: 为了个性化与作为第一电信网络(TN1)的订户并且希望成为第二电信网络(TN2)的订户的用户的通信设备(CD))耦合的智能卡(SC),第一国际标识( IMSI-1)和存储在智能卡(SC)中的第一认证密钥(AK-1),智能卡从连接到第一电信网络和第二电信网络的应用服务器(AS)接收消息(MesP) 网络,包括个性化命令(ComP)和管理代码(ACas)的消息(MesN),之后应用服务器已经接收到包括第二电信网络(TN2)的标识符(1DMNO2)的订阅改变的请求(Req) ),并且已经与由标识符(1DMNO2),LR2标识的第二电信网络(TN2)的个性化服务器(PS)建立安全会话,并且解释个性化命令(ComP)以建立安全 如果管理代码(ACas)有效,则通过应用服务器(AS)与个人化服务器(PS)进行会话。 智能卡与个性化服务器协商,通过交换包含从随机秘密得到的值的消息来同意第二认证密钥,从个性化服务器(PS)接收包含第二国际标识(IMSI-2)的消息(Mes3) 并且通过第二国际身份和第二认证密钥替换第一国际身份(IMSI-1)和第一认证密钥(AK-1)。
-
公开(公告)号:US20150105048A1
公开(公告)日:2015-04-16
申请号:US14396425
申请日:2013-06-11
Applicant: Alcatel Lucent
Inventor: Yacine El Mghazli , Abdullatif Shikfa
CPC classification number: H04W60/005 , H04W4/14 , H04W4/60 , H04W8/04 , H04W8/186 , H04W8/205 , H04W12/04 , H04W12/06
Abstract: A method and apparatus for personalizing a smart card (SC) in a communication device of a subscriber of a first telecommunication network (TN), who wishes to become a subscriber of a second TN, is disclosed. A first identity and authentication key (AK) are stored in the SC. A first application server (AS) in the first TN receives a request of subscription change comprising an identifier of the second TN, establishes a secured session with a second AS of the second TN, and sends a message comprising the first identity and AK to the second AS so the SC can access the second TN. The second AS sends a second message including a personalization command, admin code, second identity and second AK to the communication device, which executes the personalization command to replace the first identity and AK with the second identity and the second AK if the admin code is valid.
Abstract translation: 公开了一种用于个性化希望成为第二TN的用户的第一电信网络(TN)的用户的通信设备中的智能卡(SC)的方法和装置。 第一身份认证密钥(AK)存储在SC中。 第一TN中的第一应用服务器(AS)接收包括第二TN的标识符的订阅改变请求,与第二TN的第二AS建立安全会话,并将包括第一身份和AK的消息发送到 第二AS,所以SC可以访问第二个TN。 第二AS向通信设备发送包括个性化命令,管理代码,第二身份和第二AK的第二消息,其执行个性化命令以用第二身份替换第一身份和AK,而如果管理代码为 有效。
-
-
-
-
-
-
-
-
-
Search Results
18
records
(took 0.016 seconds)
