-
公开(公告)号:USRE38375E1
公开(公告)日:2003-12-30
申请号:US09560334
申请日:2000-04-27
申请人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
发明人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
IPC分类号: H04L900
CPC分类号: G06F21/10 , G06F2211/007 , G06F2211/008
摘要: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
公开(公告)号:US5745678A
公开(公告)日:1998-04-28
申请号:US914911
申请日:1997-08-18
申请人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
发明人: Amir Herzberg , Hugo Mario Krawczyk , Shay Kutten , An Van Le , Stephen Michael Matyas , Marcel Mordechay Yung
CPC分类号: G06F21/10 , G06F2211/007 , G06F2211/008
摘要: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
摘要翻译: 一种用于检测数据处理系统内的授权程序的方法和系统。 本发明创建用于验证程序的验证结构。 验证结构嵌入在程序中并且响应于程序的启动,确定程序是否是授权程序。 确定使用验证结构。
-
3.发明授权Method and system for key distribution and authentication in a data communication network 失效数据通信网络中密钥分发和认证的方法和系统
公开(公告)号:US5539824A
公开(公告)日:1996-07-23
申请号:US348656
申请日:1994-12-02
CPC分类号: H04L9/0836 , H04L9/321 , H04L2209/80
摘要: This invention deals with a safe key distribution and authentication in a data communication network (e.g. wireless LAN type of network).The network includes a network manager to which are connected, via a LAN wired circuit, one or more base stations. Individual remote stations are, in turn, wirelessly connected to an installed base station.One essential function for achieving security in such a network, is a mechanism to reliably authenticate the exchanges of data between communicating parties. This involves the establishment of session keys, which keys need to be distributed safely to the network components. An original and safe method is provided with this invention for key distribution and authentication during network installation, said method including using the first installed base station for generating a network key and a backbone key, and then using said first installed base station for subsequent remote station or additional base station installations while avoiding communicating said network key.
摘要翻译: 本发明涉及数据通信网络(例如,无线LAN类型的网络)中的安全密钥分发和认证。 该网络包括经由LAN有线电路连接到一个或多个基站的网络管理器。 反过来,各个远程站无线连接到已安装的基站。 在这种网络中实现安全性的一个基本功能是可靠地认证通信方之间数据交换的机制。 这涉及建立会话密钥,这些密钥需要安全地分发给网络组件。 本发明提供了一种用于网络安装期间的密钥分发和认证的原始和安全的方法,所述方法包括使用第一安装的基站生成网络密钥和骨干密钥,然后使用所述第一安装的基站用于后续的远程站 或附加的基站安装,同时避免通信所述网络密钥。
-
公开(公告)号:US5515439A
公开(公告)日:1996-05-07
申请号:US336605
申请日:1994-11-09
申请人: David Bantz , Frederic Bauchot , Eliane D. Bello , Shay Kutten , Hugo Krawczyk , Amir Herzberg , Yishay Mansour
发明人: David Bantz , Frederic Bauchot , Eliane D. Bello , Shay Kutten , Hugo Krawczyk , Amir Herzberg , Yishay Mansour
CPC分类号: H04L9/0844 , H04L9/0891 , H04L2209/80
摘要: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.
摘要翻译: 在通信系统中,描述了允许两个用户已经建立了通过唯一会话新鲜度证明来识别的通信会话的方法,通过使用组合以下元素的交换证书来发送和验证变量的新值:新值 所述变量,两个用户已知的公用秘密密钥,表示在当前通信会话期间在两个用户之间传送的所述变量的值的数量的交换计数器和会话新鲜度证明。 通过加密地组合交换证书的元素来提供对潜在窃听者和入侵者的保护。 当交换计数器达到最大值时,通过中断当前通信会话并打开一个新特性的新特性会话新鲜度证明来获得进一步的保护; 从而避免当交换计数器重置为其初始值时会话新鲜度相同的值被使用的风险。 因此,会话新鲜度证明和交换计数器的一对给定的值将永远不会被使用一次以上,从而使得窃听和重播来自入侵者的攻击更加困难。 优选地,用于打开新的通信会话的方法使用已知的基于公用秘密密钥的认证方法。
-
公开(公告)号:US5369705A
公开(公告)日:1994-11-29
申请号:US892852
申请日:1992-06-03
申请人: Raymond F. Bird , Amir Herzberg , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
发明人: Raymond F. Bird , Amir Herzberg , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
CPC分类号: H04L9/0833
摘要: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.
摘要翻译: 一种在具有动态变化的网络拓扑的通信系统中的动态选择的用户组之间提供认证的方法和装置。 利用本发明,使用网络中的可用路径从组中的每个用户发送新鲜度信息和所指称的身份信息。 然后生成组密钥,并将从组密钥和上述发送的信息导出的编码信息发送给每个用户。 编码信息的每个单元都附有识别标签,以便识别哪个用户使用适当的编码信息单元。 然后,每个被指称的用户只有在与服务器共享适当的秘密时,才从相应的编码信息单元中提取组密钥。 不知道组密钥,用户不能被认证。
-
6.发明授权
公开(公告)号:US5345507A
公开(公告)日:1994-09-06
申请号:US118080
申请日:1993-09-08
申请人: Amir Herzberg , Hugo M. Krawczyk , Shay Kutten , Yishay Mansour
发明人: Amir Herzberg , Hugo M. Krawczyk , Shay Kutten , Yishay Mansour
CPC分类号: H04L9/32 , H04L9/0631 , H04L9/0662 , H04L9/3026 , H04L9/3242 , H04L2209/125 , H04L2209/20
摘要: A method of verifying the authenticity of a message transmitted from a sender to a receiver in a communication system is partitioned into three stages. In the first stage, a key is secretly exchanged between the sender and receiver. This key is a binary irreducible polynomial p(x) of degree n. In addition, the sender and receiver share an encryption key composed of a stream of secret random, or pseudo-random bits. In the second stage, the sender appends a leading non-zero string of bits, which, in the simplest case, may be a single "1" bit, and n tail bits "0" to M to generate an augmented message, this augmented message considered as a polynomial having coefficients corresponding to the message bits. If the length of the message is known and cryptographically verified, then there is no need for a leading "1". The sender then computes a polynomial residue resulting from the division of the augmented message polynomial generated by the key polynomial p(x) exchanged by the sender and receiver. The sender encrypts the computed residue. Preferably, the encryption is done by performing a bitwise Exclusive OR operation between the bits of the residue and the stream of secret bits shared by the sender and receiver. The sender then transmits the message M and the encrypted residue. The third stage is performed by the receiver by decrypting the transmitted encrypted residue at the time of reception. The receiver then appends the decrypted residue to the end of the received message M to obtain a combined bit stream M'. The receiver computes the residue of the division between the binary polynomial represented by the bit stream M' and the key polynomial p(x) exchanged by the sender and receiver. The receiver accepts a received message M as authentic only if the residue computed is zero.
摘要翻译: 在通信系统中验证从发送方发送到接收方的消息的真实性的方法被划分为三个阶段。 在第一阶段,密钥在发送方和接收方之间秘密交换。 该密钥是度数n的二进制不可约多项式p(x)。 此外,发送方和接收方共享由秘密随机或伪随机比特流组成的加密密钥。 在第二阶段,发送方附加一个前导的非零字符串比特,最简单的情况是,它们可以是单个“1”比特,并且n个尾比特“0”到M以产生增强的消息, 消息被认为是具有对应于消息比特的系数的多项式。 如果消息的长度已知且经密码验证,则不需要引导“1”。 然后,发送者计算由由发送者和接收者交换的密钥多项式p(x)生成的增强消息多项式的除法产生的多项式残差。 发送方加密计算的残差。 优选地,通过在残差的比特和由发送者和接收者共享的秘密比特流之间执行按位异或运算来完成加密。 然后,发送者发送消息M和加密的残留。 第三级由接收机通过在接收时对发送的加密残留进行解密来执行。 然后,接收器将解密后的残差附加到接收到的消息M的结尾,以获得组合比特流M'。 接收机计算由比特流M'表示的二进制多项式与由发送方和接收方交换的密钥多项式p(x)之间的除法余数。 只有当计算的残差为零时,接收方才接收接收到的消息M。
-
7.发明授权Method and apparatus for authenticating users of a communication system to each other 失效用于将每个其他通信系统的用户认证的方法和装置
公开(公告)号:US5202921A
公开(公告)日:1993-04-13
申请号:US678474
申请日:1991-04-01
申请人: Amir Herzberg , Shay Kutten , Marcel M. Yung
发明人: Amir Herzberg , Shay Kutten , Marcel M. Yung
CPC分类号: H04L9/0836 , H04L63/062 , H04L63/08 , H04L9/0866 , H04L9/3273
摘要: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
公开(公告)号:US5469507A
公开(公告)日:1995-11-21
申请号:US203965
申请日:1994-03-01
申请人: Ran Canetti , Amir Herzberg
发明人: Ran Canetti , Amir Herzberg
CPC分类号: H04L9/004 , H04L9/0891 , H04L9/3247 , H04L2209/80
摘要: A mechanism which secures the communication and computation between processors in an insecure distributed environment implements efficient "compilers" for a protocol between processors. The protocol is one that assures some input-output relation when executed by processors which are not all trusted but with secret and authenticated communication links between every two processors. This protocol is transformed by a compiler into a protocol that guarantees essentially the same input-output relations in the presence of (the same type of) insecure processors and insecure communication links. Additionally, a method maintains secret values for a sequence of periods, each secret value being shared by two or more processors for one or several periods, where the processors are connected by a communication network.Another mechanism establishes different cryptographic keys established for each period of communication. Essentially, the effect of exposures is contained to the period in which they occur, or to a minimal number of following periods, and the effect of exposures is contained to the processors exposed. At each period a processor is called nonfaulty if the adversary does not control it. A processor is called secure at a given period if it is non-faulty and also has a secret key, unknown to the adversary.
摘要翻译: 在不安全的分布式环境中确保处理器之间的通信和计算的机制为处理器之间的协议实现有效的“编译器”。 该协议是当处理器执行时确保一些输入 - 输出关系,这些处理器不是全部受信任的,而是在每两个处理器之间具有秘密和经过认证的通信链路。 该协议由编译器转换成协议,该协议在存在(相同类型的)不安全处理器和不安全的通信链路的情况下保证基本相同的输入 - 输出关系。 此外,一种方法维护一系列周期的秘密值,每个秘密值由两个或多个处理器共享一个或多个周期,其中处理器由通信网络连接。 另一种机制为每个通信周期建立不同的加密密钥。 基本上,曝光的影响包含在它们发生的时期或最少数量的后续期间,并且暴露的影响被包含在暴露的处理器中。 在每个时期,如果对手没有控制它,处理器被称为非故障的。 处理器在给定的时间段被称为安全的,如果它是无故障的,并且还具有对手未知的秘密密钥。
-
公开(公告)号:US07124115B1
公开(公告)日:2006-10-17
申请号:US09625006
申请日:2000-07-25
申请人: Amir Herzberg , Yehiel Yochai , Eldad Shai , Boaz Binnun
发明人: Amir Herzberg , Yehiel Yochai , Eldad Shai , Boaz Binnun
CPC分类号: G06Q30/06 , G06Q20/12 , G06Q20/29 , G06Q20/382 , G06Q30/02 , G06Q30/0273 , G06Q30/0277 , G06Q30/0601
摘要: A method for electronic advertising by an advertiser includes posting an advertisement for an item offered to a buyer for purchase from a merchant on a page per fee basis at a predetermined price via a network link to a network address represented in the advertisement by an alias, which conceals the network address from the buyer. Upon receiving an invocation of the link from the buyer, an order is transmitted to the merchant for supply of the item to the buyer in exchange for payment of the price by the buyer. The item is conveyed, responsive to the order, from the merchant to the buyer, and the advertiser receives a predefined portion of the price paid by the buyer in consideration for posting the advertisement.
摘要翻译: 一种广告商的电子广告方法包括:通过网络链接以一个别名的广告中的网络地址的方式,以预定的价格,以费用为单位,以商业页面的方式向商家发布提供给买方的商品的广告, 这隐藏了买家的网络地址。 在收到来自买方的链接的调用后,向买方发送订单以向买方提供货物以交换买方支付的价格。 该项目响应于订单从商家传递给买方,并且广告商接收买方支付的价格的预定义部分以考虑发布广告。
-
公开(公告)号:US20050022132A1
公开(公告)日:2005-01-27
申请号:US10833303
申请日:2004-04-28
申请人: Amir Herzberg , Yiftach Ravid
发明人: Amir Herzberg , Yiftach Ravid
CPC分类号: G06F16/30 , G06F16/152 , G06F16/192 , G06F16/9562
摘要: A method for managing objects for users including providing a set of attributes and a set of containers each having attributes from the set. The method further provides a user interface for dynamically assigning attributes to the objects. The method further provides for selectively displaying, through a user interface, containers and objects in the containers. An object is displayed in a container if a condition is met. The condition is applied to the attributes of the container and the attributes of the object.
摘要翻译: 一种用于管理用户的对象的方法,包括提供一组属性和一组容器,每个容器具有来自该组的属性。 该方法还提供用于向对象动态分配属性的用户界面。 该方法还提供了通过用户界面选择性地显示容器中的容器和物体。 如果满足条件,则在容器中显示一个对象。 条件应用于容器的属性和对象的属性。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.032 秒)