公开(公告)号：US09008624B2

公开(公告)日：2015-04-14

申请号：US13977872

申请日：2011-12-22

Applicant: Benoit Michau ,  Matthew Robshaw

Inventor： Benoit Michau ,  Matthew Robshaw

IPC: H04M1/66 ,  H04W12/06 ,  H04L9/32 ,  H04W88/02

CPC classification number: H04W12/06 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3271 ,  H04L2209/805 ,  H04W88/02

Abstract: A method is provided for authenticating a first entity and a second entity at a third entity. The first and third entities share a first secret key, and the second and third entities share a second secret key. The method includes steps of: dispatching by the third entity to the first entity of a challenge, calculation by the first entity, using the first secret key, of an authentication value; dispatching by the first entity to the second entity the authentication value, calculation by the second entity, using the second secret key, of an authentication response; dispatching by the second entity to the third entity of the authentication response; calculation by the third entity of an expected authentication response; and comparison of the authentication response received with the expected calculated authentication response.

Abstract translation: 提供了一种用于在第三实体处认证第一实体和第二实体的方法。 第一和第三实体共享第一秘密密钥，第二和第三实体共享第二秘密密钥。 该方法包括以下步骤：由第三实体向第一实体发送质询，由第一实体使用第一秘密密钥计算认证值; 由第一实体向第二实体发送认证值，由第二实体使用第二秘密密钥计算认证响应; 由第二实体向第三实体发送认证响应; 由第三实体计算预期认证响应; 以及接收的认证响应与预期计算的认证响应的比较。

公开(公告)号：US20140057601A1

公开(公告)日：2014-02-27

申请号：US13977872

申请日：2011-12-22

Applicant: Benoit Michau ,  Matthew Robshaw

Inventor： Benoit Michau ,  Matthew Robshaw

IPC: H04W12/06

CPC classification number: H04W12/06 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3271 ,  H04L2209/805 ,  H04W88/02

Abstract: A method is provided for authenticating a first entity and a second entity at a third entity. The first and third entities share a first secret key, and the second and third entities share a second secret key. The method includes steps of: dispatching by the third entity to the first entity of a challenge, calculation by the first entity, using the first secret key, of an authentication value; dispatching by the first entity to the second entity the authentication value, calculation by the second entity, using the second secret key, of an authentication response; dispatching by the second entity to the third entity of the authentication response; calculation by the third entity of an expected authentication response; and comparison of the authentication response received with the expected calculated authentication response.

Abstract translation: 提供了一种用于在第三实体处认证第一实体和第二实体的方法。 第一和第三实体共享第一秘密密钥，第二和第三实体共享第二秘密密钥。 该方法包括以下步骤：由第三实体向第一实体发送质询，由第一实体使用第一秘密密钥计算认证值; 由第一实体向第二实体发送认证值，由第二实体使用第二秘密密钥计算认证响应; 由第二实体向第三实体发送认证响应; 由第三实体计算预期认证响应; 以及接收的认证响应与预期计算的认证响应的比较。

公开(公告)号：US06240184B1

公开(公告)日：2001-05-29

申请号：US09145845

申请日：1998-09-02

Applicant: Dung Huynh ,  Matthew Robshaw ,  Ari Juels ,  Burton Kaliski, Jr.

Inventor： Dung Huynh ,  Matthew Robshaw ,  Ari Juels ,  Burton Kaliski, Jr.

IPC: G06F1214

CPC classification number: G06F21/31

Abstract: A system, method, and data structure provide for securely synchronizing passwords and/or other information between systems. The password-related information is stored in the systems in a secure manner, and a user or some other, external agent participates actively in the transmission of a new password between systems. A password update file is communicated or shared between systems to synchronize passwords.

Abstract translation: 系统，方法和数据结构提供在系统之间安全地同步密码和/或其他信息。 密码相关信息以安全的方式存储在系统中，并且用户或其他外部代理主动参与在系统之间传输新密码。 在系统之间传送或共享密码更新文件以同步密码。

公开(公告)号：US08543812B2

公开(公告)日：2013-09-24

申请号：US12666873

申请日：2008-06-26

Applicant: Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

Inventor： Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

IPC: H04L29/06

CPC classification number: H04L9/3271 ,  H04L9/3236 ,  H04L2209/805

Abstract: A system and a method for cryptographic reduced-coupon reloading are provided, where a coupon includes a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and a “reduced-coupon” xi=ƒ(ri), where ƒ is a predetermined one-way function, where: a candidate device and a second device acquire a common value of a token T, the candidate device transmits a verification value vT to the second device, the second device verifies whether the verification value is equal to PRF′Q(T), where PRF′ is a predetermined keyed pseudo-random function identical to, or derived from, the pseudo-random function PRF, where Q is an authentication key owned by the second device and known to the candidate device provided the candidate device is a legitimate reloading device, and if the verification is positive, one or several reduced-coupon(s) provided by the candidate device are stored in the second device.

Abstract translation: 提供了一种用于密码缩减优惠券重新加载的系统和方法，其中优惠券包括伪随机数ri = PRFK（i），其中i是用于标记优惠券的索引，PRF是预定的伪随机函数，K 是再生密钥和“减价券”xi = f（ri），其中f是预定的单向函数，其中：候选设备和第二设备获取令牌T的公共值，候选设备 向第二设备发送验证值vT，第二设备验证验证值是否等于PRF'Q（T），其中PRF'是与伪随机的相同或衍生的预定的键控伪随机函数 功能PRF，其中Q是由第二设备拥有并且候选设备已知的认证密钥，只要候选设备是合法的重新加载设备，并且如果验证是肯定的，则候选者提供的一个或几个减费券 设备存储在第二设备中。

公开(公告)号：US20130043982A1

公开(公告)日：2013-02-21

申请号：US13576586

申请日：2011-01-26

Applicant: Matthew Robshaw ,  Henri Gilbert

Inventor： Matthew Robshaw ,  Henri Gilbert

IPC: G06K7/01

CPC classification number: H04W12/06

Abstract: A method and apparatus are provided for identifying and authenticating a radio tag by a radio reader. The tag forms part of a set of tags in a radio range of the reader and has selected a time slot from a set of available time slots. The method includes: a step of the reader sending a query message during the selected time slot; and a step of the reader receiving a reply message from the tag that selected the time slot. The reply message includes a random value selected by the tag. The tag stores authentication coupons and the reply from the tag received by the reader during the time slot contains, as a random value selected by the tag, a value that is a function of one of the coupons.

Abstract translation: 提供了一种用于通过无线电读取器识别和认证无线电标签的方法和装置。 标签形成读取器的无线电范围内的一组标签的一部分，并且从一组可用时隙中选择了时隙。 该方法包括：读取器在所选择的时隙期间发送查询消息的步骤; 以及读取器从选择时隙的标签接收回复消息的步骤。 回复消息包括由标签选择的随机值。 标签存储认证优惠券，并且在时隙期间由读者接收的标签的答复作为由标签选择的随机值，包含作为优惠券之一的函数的值。

公开(公告)号：US20100185851A1

公开(公告)日：2010-07-22

申请号：US12666873

申请日：2008-06-26

Applicant: Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

Inventor： Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/3236 ,  H04L2209/805

Abstract: A system and a method for cryptographic coupon reloading are provided for, wherein a coupon comprises, on one hand, a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and, on the other hand, a “reduced-coupon” xi such that xi=ƒ(ri), where ƒ is a predetermined one-way function, characterized in that it comprises the following steps: a candidate device (1) and a second device (2) acquire a common value of a token T, said candidate device (1) transmits a verification value vT to the second device (2), the second device (2) verifies whether said verification value vT is given by vT=PRF′Q(T), where PRF′ is a predetermined keyed pseudo-random function identical to, or derived from, said pseudo-random function PRF, and where Q is an authentication key owned by the second device (2) and known to the candidate device (1) provided the candidate device (1) is a legitimate reloading device (1), and if the verification is positive, one or several reduced-coupon(s) provided by the reloading device (1) are stored in the second device (2). Application to second devices contained in RFID tags.

Abstract translation: 提供一种用于加密优惠券重新加载的系统和方法，其中优惠券一方面包括伪随机数ri = PRFK（i），其中i是用于标记优惠券的索引，PRF是预定的伪随机数， 随机函数和K是再生密钥，另一方面，“减价券”xi使得xi =ƒ（ri），其中ƒ是预定的单向函数，其特征在于它包括以下步骤 ：候选设备（1）和第二设备（2）获取令牌T的公共值，所述候选设备（1）向第二设备（2）发送验证值vT，第二设备（2）验证是否 所述验证值vT由vT = PRF'Q（T）给出，其中PRF'是与所述伪随机函数PRF相同或衍生的预定的键控伪随机函数，并且其中Q是由 第二设备（2）并且候选设备（1）已知，提供候选设备（1）是合法的重新加载 （1），并且如果验证是肯定的，则由所述重新加载装置（1）提供的一个或多个减价券存储在所述第二装置（2）中。 应用于RFID标签中的第二个设备。

公开(公告)号：US09332430B2

公开(公告)日：2016-05-03

申请号：US13576586

申请日：2011-01-26

Applicant: Matthew Robshaw ,  Henri Gilbert

Inventor： Matthew Robshaw ,  Henri Gilbert

IPC: G06K7/01 ,  G05B19/00 ,  H04W12/06

CPC classification number: H04W12/06

Abstract: A method and apparatus are provided for identifying and authenticating a radio tag by a radio reader. The tag forms part of a set of tags in a radio range of the reader and has selected a time slot from a set of available time slots. The method includes: a step of the reader sending a query message during the selected time slot; and a step of the reader receiving a reply message from the tag that selected the time slot. The reply message includes a random value selected by the tag. The tag stores authentication coupons and the reply from the tag received by the reader during the time slot contains, as a random value selected by the tag, a value that is a function of one of the coupons.

Abstract translation: 提供了一种用于通过无线电读取器识别和认证无线电标签的方法和装置。 标签形成读取器的无线电范围内的一组标签的一部分，并且从一组可用时隙中选择了时隙。 该方法包括：读取器在所选择的时隙期间发送查询消息的步骤; 以及读取器从选择时隙的标签接收回复消息的步骤。 回复消息包括由标签选择的随机值。 标签存储认证优惠券，并且在时隙期间由读者接收的标签的答复作为由标签选择的随机值，包含作为优惠券之一的函数的值。

公开(公告)号：US08595506B2

公开(公告)日：2013-11-26

申请号：US12741638

申请日：2008-11-21

Applicant: Matthew Robshaw ,  Henri Gilbert

Inventor： Matthew Robshaw ,  Henri Gilbert

IPC: G06F21/00

CPC classification number: H04L9/3271 ,  G06F21/10 ,  G06F21/445 ,  G06F2221/2103 ,  G06F2221/2129 ,  G11B20/00086 ,  G11B20/00876 ,  H04L9/0827 ,  H04L2209/603 ,  H04L2209/805

Abstract: An authentication method of a prover device by a verifier device using cryptographic coupons is provided, where a coupon includes a pseudo-random number ri, where i is an index for labeling the coupon, and a reduced-coupon xi such that xi=ƒ(ri), where ƒ is a predetermined one-way function, the method including the following steps: the verifier device sends a challenge consisting of a random value c to the prover device; the prover device sends to the verifier device a response y calculated by using the pseudo-random number ri, the challenge c, and a secret key s belonging to the prover device; and the verifier device checks the validity of the response y based on the challenge c, the reduced-coupon xi corresponding to the pseudo-random number ri, and a public key V corresponding to the secret key s, the reduced-coupon xi being received by the verifier device from a source external to the prover device.

Abstract translation: 提供了使用加密优惠券的验证器设备的验证器设备的验证方法，其中优惠券包括伪随机数ri，其中i是用于标记优惠券的索引，以及减价券xi，使得xi = f（ ri），其中f是预定的单向功能，该方法包括以下步骤：验证器设备将由随机值c组成的挑战发送到证明器设备; 证明者设备通过使用伪随机数ri，质询c和属于证明者设备的秘密密钥s向验证者设备发送响应y; 并且验证器设备基于挑战c来检查响应y的有效性，对应于伪随机数ri的缩减优惠券xi和对应于秘密密钥s的公开密钥V，被接收的优惠券xi 通过验证器设备从证明器设备外部的源。

公开(公告)号：US08588408B2

公开(公告)日：2013-11-19

申请号：US13139637

申请日：2009-12-16

Applicant: Matthew Robshaw ,  Henri Gilbert

Inventor： Matthew Robshaw ,  Henri Gilbert

IPC: H04K1/00

CPC classification number: H04L9/0637 ,  H04L2209/805

Abstract: A method of implementing a block cipher algorithm by a device storing a fixed initialization datum includes determining, before execution of a first iteration of the algorithm in the course of a session, a modified initialization datum by way of a determined function supplied as input with the fixed initialization datum and a state value specific to the session. The state value may be stored in the device. The modified initialization datum may be used to implement the first iteration of the algorithm.

Abstract translation: 一种通过存储固定的初始化数据的设备实现块密码算法的方法包括：在会话过程中，在执行算法的第一迭代之前，通过确定的功能确定修改的初始化数据，该确定的函数作为输入提供作为输入， 固定的初始化数据和特定于会话的状态值。 状态值可以存储在设备中。 修改的初始化数据可以用于实现算法的第一次迭代。

公开(公告)号：US20100161988A1

公开(公告)日：2010-06-24

申请号：US12600304

申请日：2008-05-21

Applicant: Matthew Robshaw ,  Henri Gilbert

Inventor： Matthew Robshaw ,  Henri Gilbert

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L2209/805

Abstract: A method of authenticating an entity by a verification entity, said entities sharing a pair of secret keys X and Y. According to the invention said secret keys X and Y are n×m (n, m>1) binary matrices, said method comprising steps repeated r times (r≧1) of: the entity (1) to be authenticated and the verification entity (2) exchanging binary vectors a and b of n bits respectively drawn at random by the verification entity (2) and the entity (1) to be authenticated and the entity (1) to be authenticated drawing at random a noise binary vector c of m bits, each of said m bits being equal to 1 with a probability η less than ½, and calculating and sending to the verification entity (2) a response vector z of m bits equal to z=aX⊕bY⊕c; the verification entity calculating the Hamming weight (220′) of an error vector e=z⊕aX⊕bY; and then accepting (240′) the authentication if the Hamming weights of the r error vectors e satisfy a relationship of comparison (230′) to a parameter (T, t) that is a function of the probability η. Application to cryptographic protocols for authenticating electronic chips of very low cost.

Abstract translation: 根据本发明，所述秘密密钥X和Y是n×m（n，m> 1）个二进制矩阵，所述方法包括： 步骤重复r次（r≥1）：要认证的实体（1）和验证实体（2）交换由验证实体（2）和实体（2）分别随机绘制的n位的二进制向量a和b， 1）被认证，并且被认证的实体（1）被随机绘制一个m比特的噪声二进制向量c，每个所述m比特以概率等于1; 小于1/2，并且向验证实体（2）计算并发送m比特等于z =aX⊕bY⊕c的响应向量z; 所述验证实体计算误差向量的所述汉明权重（220'）e =z⊕aX⊕bY; 然后如果r个误差向量e的汉明权重满足比较（230'）与作为概率的函数的参数（T，t）的关系，则接受认证（240'）。 应用于非常低成本的认证电子芯片的加密协议。