公开(公告)号：US11343096B2

公开(公告)日：2022-05-24

申请号：US16352490

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US11044105B2

公开(公告)日：2021-06-22

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US20200295939A1

公开(公告)日：2020-09-17

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20180013566A1

公开(公告)日：2018-01-11

申请号：US15202447

申请日：2016-07-05

Applicant: Dark Matter L.L.C.

Inventor： Alexander Sherkin ,  Ravi Singh ,  Michael Matovsky

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3242 ,  H04L9/0631 ,  H04L9/0662 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/123 ,  H04L2209/601 ,  H04L2209/80

Abstract: An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

公开(公告)号：US20200295938A1

公开(公告)日：2020-09-17

申请号：US16352490

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US10333766B2

公开(公告)日：2019-06-25

申请号：US15180901

申请日：2016-06-13

Applicant: DARK MATTER L.L.C.

Inventor： Alexander Sherkin ,  Ravi Singh ,  Michael Matovsky ,  Eugene Chin

IPC: H04L29/06 ,  H04L29/00 ,  H04W12/00 ,  H04W40/24 ,  H04L29/08

Abstract: A communication system is provided for enabling secure communications between at least a sender communication device and at least a recipient communication device or point-of-presence, wherein the then current recipient communication device(s) or point(s)-of-presence for the recipient(s) can vary over time. The communication system includes a network server component configured to maintain a current set of identification information elements for communicating with communication device(s) or points-of-presence associated with the one or more recipients; and if applicable provide up to date one or more identifiers or identification information elements for the one or more recipients to a sender communication device thereby prompting the sender communication device to send the secure communication based on the updated one or more identifiers or identification information elements. A related method is provided for exchanging secure communications between senders and recipients, where the communication device(s) or point(s)-of-presence associated with the recipients can vary over time.

公开(公告)号：US11159325B2

公开(公告)日：2021-10-26

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20200295950A1

公开(公告)日：2020-09-17

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US20190058760A1

公开(公告)日：2019-02-21

申请号：US15681237

申请日：2017-08-18

Applicant: Dark Matter L.L.C.

Inventor： Alexander Sherkin ,  Michael Matovsky

IPC: H04L29/08 ,  H04W76/02

Abstract: A system, method, and computer program product are provided for peer-to-peer event ordering using a two part event identifier. In use, a peer-to-peer communication channel is established by a first peer device with a second peer device. A current event identifier is initialized at the first peer device, and the second peer device initializes a different current event identifier at the second peer device. A plurality of events are communicated between the first peer device and the second peer device, where the events are each configured to include an event identifier that is the current event identifier of a sender of the event, and where the current event identifier includes two portions that are updated differently when sending and receiving events. Further, the events are ordered by the first peer device, using the event identifier included with each of the events.

公开(公告)号：US20190044896A1

公开(公告)日：2019-02-07

申请号：US15668442

申请日：2017-08-03

Applicant: Dark Matter L.L.C.

Inventor： Alexander Sherkin ,  Ravi Singh ,  Michael Matovsky

IPC: H04L12/58 ,  H04L29/06 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for end-to-end security of centrally accessible group membership information. In use, membership information defining a user group in a messaging system is accessed from a central server, where the membership information includes (1) at least one change to members of the user group, and (2) for each change of the at least one change, a digital signature of a user that made the change. Additionally, a verification process on the membership information is performed, including: for each change of the at least one change, verifying the digital signature of the user that made the change. Further, members of the user group are determined, as a result of the verification process, and at least one action is performed in association with the members of the user group.