公开(公告)号：US5625692A

公开(公告)日：1997-04-29

申请号：US376580

申请日：1995-01-23

申请人： Amir Herzberg ,  Stanislaw M. Jarecki ,  Hugo M. Krawczyk ,  Marcel M. Yung

发明人： Amir Herzberg ,  Stanislaw M. Jarecki ,  Hugo M. Krawczyk ,  Marcel M. Yung

IPC分类号： C04B28/06 ,  G09C1/00 ,  H04L9/08 ,  H04L9/30 ,  H04L9/00

CPC分类号： H04L9/0891 ,  H04L9/085 ,  H04L9/3252

摘要： A proactive threshold secret sharing cryptosystem using a set of servers. The cryptosystem is a threshold cryptosystem, in the sense that service is maintained if at least (k+1) out of n servers are active and honest. The secret signature key is compromised only if the adversary breaks into at least (k+1) servers. It is robust in the sense that the honest servers detect faulty ones and the service is not disrupted. It is recoverable, because if the adversary erases all the local information on the server it compromised, the information can be restored as soon as the server comes back to performing the correct protocol. The method and system has proactiveness, which means that in order to learn the secret, the adversary has to break into (k+1) servers during the same round of the algorithm because the shares of the secret are periodically redistributed and rerandomized. The present invention uses a verifiable secret sharing mechanism to get the security requirements during the update between two rounds. The security of the scheme depends on the assumption of intractability of computing logarithms in a field of a big prime order and the EIGamal signature scheme.

摘要翻译： 使用一组服务器的主动阈值秘密共享密码系统。 密码系统是阈值密码系统，在服务维护的意义上，如果服务器中的至少（k + 1）个服务器是活跃且诚实的。 只有当对手至少打入（k + 1）服务器时，秘密签名密钥才会受到影响。 在诚实的服务器检测到错误的服务器并且服务不被中断的意义上，它是健壮的。 这是可以恢复的，因为如果对手擦除服务器上的所有本地信息，它将被破坏，一旦服务器返回执行正确的协议，就可以恢复该信息。 该方法和系统具有主动性，这意味着为了学习秘密，对手必须在同一轮算法中进入（k + 1）服务器，因为秘密的份额被定期重新分配和重新归类。 本发明使用可验证的秘密共享机制来在两轮之间的更新期间获得安全性要求。 该方案的安全性取决于在大素数阶段和EIGamal签名方案中的计算对数的难处理性的假设。

公开(公告)号：US5345507A

公开(公告)日：1994-09-06

申请号：US118080

申请日：1993-09-08

申请人： Amir Herzberg ,  Hugo M. Krawczyk ,  Shay Kutten ,  Yishay Mansour

发明人： Amir Herzberg ,  Hugo M. Krawczyk ,  Shay Kutten ,  Yishay Mansour

IPC分类号： G09C1/00 ,  G06F21/20 ,  H04L9/20 ,  H04L9/22 ,  H04L9/30 ,  H04L9/32 ,  H04L9/28

CPC分类号： H04L9/32 ,  H04L9/0631 ,  H04L9/0662 ,  H04L9/3026 ,  H04L9/3242 ,  H04L2209/125 ,  H04L2209/20

摘要： A method of verifying the authenticity of a message transmitted from a sender to a receiver in a communication system is partitioned into three stages. In the first stage, a key is secretly exchanged between the sender and receiver. This key is a binary irreducible polynomial p(x) of degree n. In addition, the sender and receiver share an encryption key composed of a stream of secret random, or pseudo-random bits. In the second stage, the sender appends a leading non-zero string of bits, which, in the simplest case, may be a single "1" bit, and n tail bits "0" to M to generate an augmented message, this augmented message considered as a polynomial having coefficients corresponding to the message bits. If the length of the message is known and cryptographically verified, then there is no need for a leading "1". The sender then computes a polynomial residue resulting from the division of the augmented message polynomial generated by the key polynomial p(x) exchanged by the sender and receiver. The sender encrypts the computed residue. Preferably, the encryption is done by performing a bitwise Exclusive OR operation between the bits of the residue and the stream of secret bits shared by the sender and receiver. The sender then transmits the message M and the encrypted residue. The third stage is performed by the receiver by decrypting the transmitted encrypted residue at the time of reception. The receiver then appends the decrypted residue to the end of the received message M to obtain a combined bit stream M'. The receiver computes the residue of the division between the binary polynomial represented by the bit stream M' and the key polynomial p(x) exchanged by the sender and receiver. The receiver accepts a received message M as authentic only if the residue computed is zero.

摘要翻译： 在通信系统中验证从发送方发送到接收方的消息的真实性的方法被划分为三个阶段。 在第一阶段，密钥在发送方和接收方之间秘密交换。 该密钥是度数n的二进制不可约多项式p（x）。 此外，发送方和接收方共享由秘密随机或伪随机比特流组成的加密密钥。 在第二阶段，发送方附加一个前导的非零字符串比特，最简单的情况是，它们可以是单个“1”比特，并且n个尾比特“0”到M以产生增强的消息， 消息被认为是具有对应于消息比特的系数的多项式。 如果消息的长度已知且经密码验证，则不需要引导“1”。 然后，发送者计算由由发送者和接收者交换的密钥多项式p（x）生成的增强消息多项式的除法产生的多项式残差。 发送方加密计算的残差。 优选地，通过在残差的比特和由发送者和接收者共享的秘密比特流之间执行按位异或运算来完成加密。 然后，发送者发送消息M和加密的残留。 第三级由接收机通过在接收时对发送的加密残留进行解密来执行。 然后，接收器将解密后的残差附加到接收到的消息M的结尾，以获得组合比特流M'。 接收机计算由比特流M'表示的二进制多项式与由发送方和接收方交换的密钥多项式p（x）之间的除法余数。 只有当计算的残差为零时，接收方才接收接收到的消息M。

公开(公告)号：US20120036362A1

公开(公告)日：2012-02-09

申请号：US12850948

申请日：2010-08-05

申请人： Dakshi Agrawal ,  Chatschik Bisdikiant ,  Cagatay Capar ,  Rosario Gennaro ,  Hugo M. Krawczyk ,  Tal Rabin ,  Murtaza Zafer

发明人： Dakshi Agrawal ,  Chatschik Bisdikiant ,  Cagatay Capar ,  Rosario Gennaro ,  Hugo M. Krawczyk ,  Tal Rabin ,  Murtaza Zafer

IPC分类号： H04W12/04 ,  H04W12/06 ,  H04L9/00

CPC分类号： H04L9/0844 ,  H04L2209/805 ,  H04W12/04 ,  H04W84/18

摘要： A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input.

摘要翻译： 提供了一种用于建立用于无线网络中的节点之间的安全通信的共享秘密密钥的机制。 无线网络中的第一节点向无线网络的第二节点提供扩展码。 第二节点使用通过扩展码编码的通信，向第一节点提供用于密钥建立的第一输入。 响应于从第二节点获得第一输入，第一节点使用利用扩展码编码的通信，向第二节点提供用于密钥建立的第二输入。 然后，第一节点和第二节点使用第一输入和第二输入建立共享密钥。

公开(公告)号：US20090225986A1

公开(公告)日：2009-09-10

申请号：US12043755

申请日：2008-03-06

申请人： Rosario Gennaro ,  Shai Halevi ,  Hugo M. Krawczyk ,  Tal Rabin

发明人： Rosario Gennaro ,  Shai Halevi ,  Hugo M. Krawczyk ,  Tal Rabin

IPC分类号： H04L9/08

CPC分类号： H04L9/0847 ,  H04L9/0836 ,  H04L2209/80

摘要： A pairwise key-agreement scheme is provided for creating key agreements non-interactively between pairs of nodes disposed in a hierarchy of nodes. The scheme is non-interactive so that any two nodes can agree on a shared secret key without interaction. In addition, the scheme is identity-based so that any given node only needs to know the identity of peer nodes to compute the shared secret key. All of the nodes are arranged in a hierarchy where an intermediate node in the hierarchy can derive the secret keys for each of its children from its own secret key and the identity of the child. Accordingly, the scheme is fully resilient against compromise of any number of leaves in the hierarchy and of a threshold number of nodes in the upper levels of the hierarchy. The scheme is well-suited for environments such as mobile ad-hoc networks (MANETs), which are very dynamic, have acute bandwidth-constraints and have many nodes are vulnerable to compromise.

摘要翻译： 提供了成对密钥协商方案，用于在节点层次结构中的成对节点之间非交互地创建密钥协议。 该方案是非交互式的，因此任何两个节点都可以在没有交互的情况下对共享秘密密钥达成一致。 此外，该方案是基于身份的，使得任何给定节点仅需要知道对等节点的身份来计算共享密钥。 所有的节点被排列在层次结构中，其中层次结构中的中间节点可以从其自己的秘密密钥和孩子的身份导出其每个子项的秘密密钥。 因此，该方案完全可抵御层次结构中任何数量的叶片和层次结构的较高层中的阈值数量的节点的折中。 该方案非常适合诸如移动自组织网络（MANET）这样非常动态的环境，具有严格的带宽限制，并且许多节点容易受到折中。

公开(公告)号：US08934630B2

公开(公告)日：2015-01-13

申请号：US12610754

申请日：2009-11-02

申请人： Camit Hazay ,  Ashish Jagmohan ,  Demijan Klinc ,  Hugo M. Krawczyk ,  Tal Rabin

发明人： Camit Hazay ,  Ashish Jagmohan ,  Demijan Klinc ,  Hugo M. Krawczyk ,  Tal Rabin

IPC分类号： H04K1/00 ,  H04N19/12 ,  H04L29/06 ,  H04L9/06

CPC分类号： H04L9/0637 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0819 ,  H04L9/32 ,  H04L63/0428 ,  H04L69/04 ,  H04L2209/24 ,  H04L2209/30

摘要： A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.

摘要翻译： 公开了一种用于压缩加密数据的方法，系统和计算机程序产品，其中通过使用链式操作模式中的块加密算法来加密数据，并且加密数据由一组N个加密块C1组成。 。 。 CN。 在一个实施例中，该方法包括将块CN未压缩，并压缩所有块C1。 。 。 CN以定义的顺序使用Slepian-Wolf代码。 在一个实施例中，使用加密密钥K对数据进行加密，并且压缩包括压缩所有块C1。 。 。 CN，而不使用加密密钥。 在一个实施例中，压缩包括输出块C1。 。 。 CN作为一组压缩块CmprC1。 。 。 CmprCN-1，并且所述方法还包括解密CN以生成重构块{（t）），并且使用{tilde over（X）} n来解密和解压缩该组压缩块。

公开(公告)号：US07747865B2

公开(公告)日：2010-06-29

申请号：US11348304

申请日：2006-02-07

申请人： Hugo M. Krawczyk

发明人： Hugo M. Krawczyk

IPC分类号： H04L9/32 ,  G06Q20/00

CPC分类号： H04L9/0844 ,  G06Q20/3678 ,  H04L9/0643 ,  H04L9/0833 ,  H04L9/3066 ,  H04L9/321 ,  H04L9/3218 ,  H04L9/3247 ,  H04L9/3271

摘要： A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3. There exists a fourth predetermined function F4(x,Y,B) to calculate a value s′, F4 having at least three arguments: the value x, the value Y, and the public key B being three arguments of the at least three arguments of F4, but the value s is not an argument of F4. There exists no secret shared between the verifier and the signer that serves as a basis for any argument in any of the functions F1, F2, F3, and F4. The verifier can consider the values s and s′ as valid authenticators if value s′ is determined to be related in a predetermined manner to value s.

摘要翻译： 通过设备或网络互连的双方之间交换的方法（和结构）。 接收方（验证者）选择用于计算值X = F1（x）的秘密值x，其中F1包括具有至少一个参数的第一预定函数，值x是F1的至少一个参数之一。 签名方（签名者）选择用于计算值Y = F2（y）的秘密值y，其中，F2包括具有至少一个参数的第二预定函数，值y是F2的至少一个参数之一。 签名者获得值X，签名者具有私钥b和公开密钥B.签名者计算值s = F3（y，b，X），其中，F3包括具有至少三个参数的第三预定函数： 值y，私钥b和值X是F3的至少三个参数的三个参数。 存在第四预定函数F4（x，Y，B）来计算具有至少三个参数的值s'，F4：值x，值Y和公钥B是至少三个参数的三个参数 的F4，但是值不是F4的参数。 在验证者和签名者之间不存在用作任何功能F1，F2，F3和F4中任何参数的基础的秘密。 如果确定值s'以预定方式与值s相关联，则验证者可以将值s和s'视为有效的认证者。

公开(公告)号：US20080281966A1

公开(公告)日：2008-11-13

申请号：US11745053

申请日：2007-05-07

申请人： Raymond B. Jennings, III ,  Hugo M. Krawczyk ,  Debanjan Saha

发明人： Raymond B. Jennings, III ,  Hugo M. Krawczyk ,  Debanjan Saha

IPC分类号： G06F15/173

CPC分类号： H04L63/0272 ,  H04L29/12273 ,  H04L29/12283 ,  H04L29/12339 ,  H04L61/2015 ,  H04L61/2053 ,  H04L61/2061 ,  H04L61/2503 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/06 ,  H04L63/1458

摘要： A method for network communication privacy between network devices includes communicating first and second network enabled devices with a network, the first and second network devices in communication via a main communication channel. Respective network addresses of the first and second network enabled devices are dynamically and automatically changed while maintaining the main communication channel between the first and second network enabled devices. Subsequent network addresses of the first and second network enabled devices are created in one of a symmetric manner using a secret key or predetermined list shared between the first and second network enabled devices or created in an asymmetric manner. The asymmetric manner includes communicating the subsequent network addresses of the first and second network enabled devices over a back channel separate from the main communication channel.

摘要翻译： 网络设备之间的网络通信隐私的方法包括：通过第一和第二网络使能设备与网络通信，第一和第二网络设备经由主通信信道进行通信。 第一和第二网络使能设备的相应网络地址在维持第一和第二网络使能设备之间的主通信信道的同时被动态地和自动地改变。 使用秘密密钥或在第一和第二网络使能设备之间共享或以不对称方式创建的预定列表以对称方式创建第一和第二网络使能设备的后续网络地址。 不对称方式包括通过与主通信信道分离的后向信道来传送第一和第二网络使能设备的后续网络地址。

公开(公告)号：US08646062B2

公开(公告)日：2014-02-04

申请号：US12942187

申请日：2010-11-09

申请人： Firas Bouz ,  Terry D. Escamilla ,  Hugo M. Krawczyk ,  Tal D. Rabin

发明人： Firas Bouz ,  Terry D. Escamilla ,  Hugo M. Krawczyk ,  Tal D. Rabin

IPC分类号： H04L29/06

CPC分类号： G06F21/31 ,  G06F21/33 ,  G06F2221/2103 ,  G06F2221/2137 ,  G06F2221/2151 ,  H04L63/0823

摘要： Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends.

摘要翻译： 本发明的实施例提供了通过呈现先前获取的签名数字签名来认证基于web的应用的用户。 示例在客户端和用户之间建立安全的用户会话，以响应客户端对用户的标识的验证，客户端为用户创建唯一的用户名，并且解锁用户访问客户端数字签名以便与 从第三方Web服务器请求服务。 在客户端和第三方网络服务器之间建立安全的促进者会话，其中用唯一用户名交换的消息和由解锁的数字签名签名的安全促进者会话的唯一会话标识标记导致由服务标识符数据请求的执行处理 如果消息在没有客户端要求用户验证任何消息的用户标识的情况下被验证，直到安全的促进者会话结束为止。

公开(公告)号：US20120117639A1

公开(公告)日：2012-05-10

申请号：US12942187

申请日：2010-11-09

申请人： Firas Bouz ,  Terry D. Escamilla ,  Hugo M. Krawczyk ,  Tal D. Rabin

发明人： Firas Bouz ,  Terry D. Escamilla ,  Hugo M. Krawczyk ,  Tal D. Rabin

IPC分类号： G06F21/20

CPC分类号： G06F21/31 ,  G06F21/33 ,  G06F2221/2103 ,  G06F2221/2137 ,  G06F2221/2151 ,  H04L63/0823

摘要： Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends.

摘要翻译： 本发明的实施例提供了通过呈现先前获取的签名的数字签名来认证基于web的应用的用户。 示例在客户端和用户之间建立安全的用户会话，以响应客户端对用户的标识的验证，客户端为用户创建唯一的用户名，并且解锁用户访问客户端数字签名以便与 从第三方Web服务器请求服务。 在客户端和第三方网络服务器之间建立安全的促进者会话，其中用唯一用户名交换的消息和由解锁的数字签名签名的安全促进者会话的唯一会话标识标记导致由服务标识符数据请求的执行处理 如果消息在没有客户端要求用户验证任何消息的用户标识的情况下被验证，直到安全的促进者会话结束为止。

公开(公告)号：US08522029B2

公开(公告)日：2013-08-27

申请号：US12850948

申请日：2010-08-05

申请人： Dakshi Agrawal ,  Chatschik Bisdikian ,  Cagatay Capar ,  Rosario Gennaro ,  Hugo M. Krawczyk ,  Tal Rabin ,  Murtaza Zafer

发明人： Dakshi Agrawal ,  Chatschik Bisdikian ,  Cagatay Capar ,  Rosario Gennaro ,  Hugo M. Krawczyk ,  Tal Rabin ,  Murtaza Zafer

IPC分类号： H04L9/32

CPC分类号： H04L9/0844 ,  H04L2209/805 ,  H04W12/04 ,  H04W84/18

摘要： A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input.

摘要翻译： 提供了一种用于建立用于无线网络中的节点之间的安全通信的共享秘密密钥的机制。 无线网络中的第一节点向无线网络的第二节点提供扩展码。 第二节点使用通过扩展码编码的通信，向第一节点提供用于密钥建立的第一输入。 响应于从第二节点获得第一输入，第一节点使用利用扩展码编码的通信，向第二节点提供用于密钥建立的第二输入。 然后，第一节点和第二节点使用第一输入和第二输入建立共享密钥。