公开(公告)号：US20090316907A1

公开(公告)日：2009-12-24

申请号：US12142009

申请日：2008-06-19

申请人： Christian Cachin ,  Timothy J. Hahn ,  Robert Haas ,  Xiaoyu Hu ,  Ilias Iliadis ,  Rene Pawlitzek ,  John T. Peck

发明人： Christian Cachin ,  Timothy J. Hahn ,  Robert Haas ,  Xiaoyu Hu ,  Ilias Iliadis ,  Rene Pawlitzek ,  John T. Peck

IPC分类号： H04L9/08

CPC分类号： H04L9/083 ,  H04L9/0891

摘要： A method for automated validation and execution of cryptographic key and certificate deployment and distribution includes providing one or more keys; providing one or more key deployment points; and distributing the one or more keys to the one or more key deployment points in an automated manner based on a matrix or pattern mapping of each of the one or more keys to be distributed to each of the one or more key deployment points.

摘要翻译： 用于自动验证和执行加密密钥和证书部署和分发的方法包括提供一个或多个密钥; 提供一个或多个关键部署点; 以及基于要分配给所述一个或多个关键部署点中的每一个的所述一个或多个密钥中的每一个的矩阵或模式映射，以自动方式将所述一个或多个密钥分发到所述一个或多个密钥部署点。

公开(公告)号：US08422686B2

公开(公告)日：2013-04-16

申请号：US12142009

申请日：2008-06-19

申请人： Christian Cachin ,  Robert Haas ,  Timothy J. Hahn ,  Xiaoyu Hu ,  Ilias Iliadis ,  Rene Pawlitzek ,  John T. Peck

发明人： Christian Cachin ,  Robert Haas ,  Timothy J. Hahn ,  Xiaoyu Hu ,  Ilias Iliadis ,  Rene Pawlitzek ,  John T. Peck

IPC分类号： H04L29/06

CPC分类号： H04L9/083 ,  H04L9/0891

摘要： A method for automated validation and execution of cryptographic key and certificate deployment and distribution includes providing one or more keys; providing one or more key deployment points; and distributing the one or more keys to the one or more key deployment points in an automated manner based on a matrix or pattern mapping of each of the one or more keys to be distributed to each of the one or more key deployment points.

摘要翻译： 用于自动验证和执行加密密钥和证书部署和分发的方法包括提供一个或多个密钥; 提供一个或多个关键部署点; 以及基于要分配给所述一个或多个关键部署点中的每一个的所述一个或多个密钥中的每一个的矩阵或模式映射，以自动方式将所述一个或多个密钥分发到所述一个或多个密钥部署点。

公开(公告)号：US20090245519A1

公开(公告)日：2009-10-01

申请号：US12411791

申请日：2009-03-26

申请人： Christian Cachin ,  Patrick Droz ,  Robert Haas ,  Xiao-Yu Hu ,  Ilias Iliadis ,  Rene A. Pawlitzek

发明人： Christian Cachin ,  Patrick Droz ,  Robert Haas ,  Xiao-Yu Hu ,  Ilias Iliadis ,  Rene A. Pawlitzek

IPC分类号： H04L9/06 ,  G06F17/30 ,  G06F12/14

CPC分类号： H04L9/0891 ,  G06F11/1461 ,  G06F21/6209 ,  G06F2221/2151

摘要： A system, method apparatus, and computer readable medium for managing renewal of a dynamic set of data items. Each data item has an associated renewal deadline, in a data item management system. A renewal schedule allocates to each data item a renewal interval for renewal of the data item. On addition of a new data item, if a potential renewal interval having a duration required for renewal of the data item, and having an ending at the renewal deadline for that item does not overlap a time period in the schedule during which the system is busy, the renewal schedule is automatically updated by allocating the potential renewal interval to the new data item. If the potential renewal interval does overlap a busy period, the renewal schedule is automatically updated by selecting an earlier renewal interval for at least one data item in the set.

摘要翻译： 一种用于管理动态数据项集的更新的系统，方法装置和计算机可读介质。 在数据项管理系统中，每个数据项具有关联的更新期限。 更新计划为每个数据项分配更新数据项的更新间隔。 在添加新数据项时，如果具有更新数据项所需的持续时间并且在该项目的更新期限结束的潜在更新间隔与系统正忙的时间表中的时间段不重叠 ，通过将潜在的更新间隔分配给新的数据项来自动更新更新计划。 如果潜在的更新间隔与繁忙期间重叠，则通过为集合中的至少一个数据项选择较早的更新间隔来自动更新更新计划。

公开(公告)号：US08681990B2

公开(公告)日：2014-03-25

申请号：US12411791

申请日：2009-03-26

申请人： Christian Cachin ,  Patrick Droz ,  Robert Haas ,  Xiao-Yu Hu ,  Ilias Iliadis ,  René A. Pawlitzek

发明人： Christian Cachin ,  Patrick Droz ,  Robert Haas ,  Xiao-Yu Hu ,  Ilias Iliadis ,  René A. Pawlitzek

IPC分类号： H04L9/00

CPC分类号： H04L9/0891 ,  G06F11/1461 ,  G06F21/6209 ,  G06F2221/2151

摘要： A system, method apparatus, and computer readable medium for managing renewal of a dynamic set of data items. Each data item has an associated renewal deadline, in a data item management system. A renewal schedule allocates to each data item a renewal interval for renewal of the data item. On addition of a new data item, if a potential renewal interval having a duration required for renewal of the data item, and having an ending at the renewal deadline for that item does not overlap a time period in the schedule during which the system is busy, the renewal schedule is automatically updated by allocating the potential renewal interval to the new data item. If the potential renewal interval does overlap a busy period, the renewal schedule is automatically updated by selecting an earlier renewal interval for at least one data item in the set.

摘要翻译： 一种用于管理动态数据项集的更新的系统，方法装置和计算机可读介质。 在数据项管理系统中，每个数据项具有关联的更新期限。 更新计划为每个数据项分配更新数据项的更新间隔。 在添加新数据项时，如果具有更新数据项所需的持续时间并且在该项目的更新期限结束的潜在更新间隔与系统正忙期间的调度中的时间段不重叠 ，通过将潜在的更新间隔分配给新的数据项来自动更新更新计划。 如果潜在的更新间隔与繁忙期间重叠，则通过为集合中的至少一个数据项选择较早的更新间隔来自动更新更新计划。

公开(公告)号：US20120323851A1

公开(公告)日：2012-12-20

申请号：US13596682

申请日：2012-08-28

申请人： Cristina Basescu ,  Christian Cachin ,  Ittay Eyal ,  Robert Haas ,  Marko Vukolic

发明人： Cristina Basescu ,  Christian Cachin ,  Ittay Eyal ,  Robert Haas ,  Marko Vukolic

IPC分类号： G06F7/00

CPC分类号： G06F16/1873 ,  G06F16/219 ,  G06F16/27

摘要： Methods and systems for reading from and writing to a distributed, asynchronous and fault-tolerant storage system. The storage system includes storage nodes communicating with clients. The method includes a first client writing an object to the storage system and a second client reading the object from the storage system. For the first client, previous transient metadata relating to a previously written version of the object is retrieved and a new version of the object together with new transient metadata is stored. For the second client, a set of transient metadata from a third set of nodes amongst storage nodes is retrieved, a specific version of the object as stored on the storage system is determined, and a specific version of the corresponding object from a fourth set of nodes amongst storage nodes is retrieved. Two sets of nodes amongst all sets have at least one node in common.

公开(公告)号：US20120284231A1

公开(公告)日：2012-11-08

申请号：US13463933

申请日：2012-05-04

申请人： Cristina Basescu ,  Christian Cachin ,  Ittay Eyal ,  Robert Haas ,  Marko Vukolic

发明人： Cristina Basescu ,  Christian Cachin ,  Ittay Eyal ,  Robert Haas ,  Marko Vukolic

IPC分类号： G06F17/30

CPC分类号： G06F16/1873 ,  G06F16/219 ,  G06F16/27

摘要： Methods and systems for reading from and writing to a distributed, asynchronous and fault-tolerant storage system. The storage system includes storage nodes communicating with clients. The method includes a first client writing an object to the storage system and a second client reading the object from the storage system. For the first client, previous transient metadata relating to a previously written version of the object is retrieved and a new version of the object together with new transient metadata is stored. For the second client, a set of transient metadata from a third set of nodes amongst storage nodes is retrieved, a specific version of the object as stored on the storage system is determined, and a specific version of the corresponding object from a fourth set of nodes amongst storage nodes is retrieved. Two sets of nodes amongst all sets have at least one node in common.

摘要翻译： 用于读写分布式，异步和容错存储系统的方法和系统。 存储系统包括与客户端通信的存储节点。 该方法包括：第一客户机将对象写入存储系统;以及第二客户机，从存储系统读取对象。 对于第一个客户端，检索与先前写入的对象版本相关的先前的瞬时元数据，并存储新版本的对象以及新的瞬时元数据。 对于第二客户端，检索来自存储节点中的第三组节点的一组瞬时元数据，确定存储在存储系统上的对象的特定版本，以及来自第四组的对应对象的特定版本 检索存储节点之间的节点。 所有集合中的两组节点至少有一个共同的节点。

公开(公告)号：US07389416B2

公开(公告)日：2008-06-17

申请号：US10471667

申请日：2002-02-15

申请人： Christian Cachin ,  Klaus Kursawe ,  Anna Lysyanskaya ,  Reto Strobl

发明人： Christian Cachin ,  Klaus Kursawe ,  Anna Lysyanskaya ,  Reto Strobl

IPC分类号： H04L29/00

CPC分类号： H04L9/085 ,  H04L2209/601

摘要： In accordance with the present invention, there is provided a method for sharing a secret value x among n participating network devices via an asynchronous network. The n participating network devices comprises t faulty devices and k sub-devices capable of reconstructing the secret value x, wherein t

公开(公告)号：US20090037491A1

公开(公告)日：2009-02-05

申请号：US12171595

申请日：2008-07-11

申请人： Christian Cachin ,  Paul T. Hurley ,  Jan Kunigk ,  Roman A. Pletka

发明人： Christian Cachin ,  Paul T. Hurley ,  Jan Kunigk ,  Roman A. Pletka

IPC分类号： G06F12/00 ,  G06F17/30

CPC分类号： G06F21/64

摘要： A system and method is provided for updating a hash tree in a protected environment. An integrity protection controller is provided for observing one or more system parameters of a storage system and one or more hash tree parameters of the hash trees, and for updating a hash tree in dependence on the storage system parameter and the hash tree parameter.

摘要翻译： 提供了一种用于更新受保护环境中的散列树的系统和方法。 提供了一种完整性保护控制器，用于观察存储系统的一个或多个系统参数和散列树的一个或多个散列树参数，以及根据存储系统参数和散列树参数来更新散列树。

公开(公告)号：US20080304662A1

公开(公告)日：2008-12-11

申请号：US12191647

申请日：2008-08-14

申请人： Reto Strobl ,  Christian Cachin

发明人： Reto Strobl ,  Christian Cachin

IPC分类号： H04L9/06

CPC分类号： H04L9/0841 ,  H04L2209/16

摘要： A method for generating a session key on demand in a network among participating network devices, including choosing a private and public key according to a public key encryption scheme, and broadcasting the public key to each other participating network device; choosing a local contribution value from a multiplicative group of size q; encrypting the local contribution value under the received public key to an encrypted contribution value and sending the encrypted contribution value; receiving encrypted contribution values and deriving decrypted contribution values by applying the private key; deriving a blinded session key from the decrypted contribution values and the local contribution value; agreeing on one of the blinded session keys by using an agreement protocol; and deriving the session key from the agreed-on blinded session key by applying one of the decrypted contribution values and the contribution value A corresponding computer program element, computer program product, and computer device.

摘要翻译： 一种在参与的网络设备之间根据需要生成会话密钥的方法，包括根据公开密钥加密方案选择专用密钥和公开密钥，并将所述公共密钥广播到彼此参与的网络设备; 从大小为q的乘法组中选择局部贡献值; 将接收的公开密钥下的本地贡献值加密为加密贡献值，并发送加密的贡献值; 接收加密的贡献值并通过应用私钥来导出解密的贡献值; 从解密的贡献值和局部贡献值导出盲目会话密钥; 通过使用协议协议同意一个盲目会话密钥; 以及通过应用解密的贡献值和贡献值A中的一个相应的计算机程序元素，计算机程序产品和计算机设备，从约定的盲会话密钥中导出会话密钥。

公开(公告)号：US07802102B2

公开(公告)日：2010-09-21

申请号：US11552241

申请日：2006-10-24

申请人： Roman A. Pletka ,  Patrick Droz ,  Christian Cachin

发明人： Roman A. Pletka ,  Patrick Droz ,  Christian Cachin

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： G06F17/30079 ,  G06F21/6218

摘要： The present invention provides a method for transferring encrypted information from one storage area to other storage area wherein cryptographic data protection scheme having protection attributes are applied on the data. A crypto container having cryptographic properties represents cryptographically protected data. The attributes that have been attached to the container at the time when data is added or removed from the container determine the scheme of data protection being applied. Crypto container can be converted or serialized for storage or transmission, here the conversion spread only to the protected data parts which possibly includes crypto containers in protected form but may not the attached crypto attributes. These attributes must be stored or transmitted in another form.

摘要翻译： 本发明提供了一种将加密信息从一个存储区域传送到其他存储区域的方法，其中具有保护属性的密码数据保护方案被应用于该数据。 具有加密属性的加密容器表示密码保护的数据。 在从容器添加或删除数据时附加到容器的属性决定了正在应用的数据保护方案。 加密容器可以转换或序列化以进行存储或传输，这里的转换只能扩展到受保护的数据部分，这些数据部分可能包含受保护形式的加密容器，但不能附加附加的加密属性。 这些属性必须以其他形式存储或传输。