公开(公告)号：US11044105B2

公开(公告)日：2021-06-22

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US10862688B2

公开(公告)日：2020-12-08

申请号：US16352515

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/08 ,  H04L9/32

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret with a reduced message size. A receiver system receives from a sender system an encrypted message including encrypted message keys and a message MAC that is calculated and added for every sub-key. The receiver system determines if any one of the sub-keys is noiseless based on its corresponding message MAC. If none of the sub-keys are noiseless, the receiver system adjusts bits of the sub-keys until a sub-key with one noisy bit is found and corrected to form a noiseless sub-key. The noiseless sub-key is then processed to obtain a message key to decrypt the encrypted message.

公开(公告)号：US20200295939A1

公开(公告)日：2020-09-17

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20180013566A1

公开(公告)日：2018-01-11

申请号：US15202447

申请日：2016-07-05

Applicant: Dark Matter L.L.C.

Inventor： Alexander Sherkin ,  Ravi Singh ,  Michael Matovsky

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC classification number: H04L9/3242 ,  H04L9/0631 ,  H04L9/0662 ,  H04L9/0861 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/123 ,  H04L2209/601 ,  H04L2209/80

Abstract: An apparatus, computer program, and method are provided for securely broadcasting a message to a plurality of recipient devices. In operation, a message is identified, and the message is encrypted utilizing a first key. A message authentication code (MAC) is generated utilizing a second key that is mathematically coupled to the first key (that is utilized to encrypt the message). The encrypted message is caused to be broadcasted to a plurality of recipient devices, utilizing the MAC.

公开(公告)号：US11343096B2

公开(公告)日：2022-05-24

申请号：US16352490

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32

Abstract: A system, method, and computer program product are provided for performing hardware-backed password-based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US10951415B2

公开(公告)日：2021-03-16

申请号：US16352546

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/30

Abstract: Zero round trip secure communications is implemented based on noisy secrets with a polynomial secret sharing scheme. A sender identifies two negotiated noisy secrets associated with an encrypted message to send to a receiver system. The sender utilizes a first negotiated noisy secret for sub-key selection, and generates a secret polynomial using Shamir's polynomial-based secret sharing scheme with N positive integer points and a message key as a secret. The sender divides the first negotiated noisy secret into a plurality of sub-keys, and divides a second negotiated noisy secret into test blocks of a length equivalent to a length of a sub-key. The sender utilizes each of the plurality sub-keys for encrypting a corresponding test block along with one unique point of the secret polynomial. Moreover, the sender sends all encrypted test blocks and corresponding encrypted points of the secret polynomial to the receiver with the encrypted message.

公开(公告)号：US10892891B2

公开(公告)日：2021-01-12

申请号：US16352531

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08

Abstract: Zero round trip secure communications is implemented based on two noisy secrets. A sender system: calculates a required number of sub-keys to have at least one noiseless sub-key; for each first negotiated secret sub-key, uses the sub-key to encrypt a first half of a message key and test bytes, and adds the encrypted first half of the message key and the encrypted test bytes to the encrypted message; for each second negotiated secret sub-key, uses the sub-key to encrypt a second half of the message key and the test bytes, and adds the encrypted second half of the message key and the encrypted test bytes to the encrypted message; and sends the encrypted message, message MAC information, encrypted first halves of the message key with associated encrypted test bytes, and encrypted second halves of the message key with associated encrypted test bytes to a receiver.

公开(公告)号：US11159325B2

公开(公告)日：2021-10-26

申请号：US16352498

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08 ,  H04L29/06

Abstract: A system, method, and computer program product are provided for implementing hardware backed symmetric operations for password based authentication. In operation, a system receives a request to access software utilizing password-based authentication. Further, the system receives a password for the password-based authentication. The system computes a hash utilizing the password and a hardware-based authenticator associated with hardware of the system utilizing hardware backed symmetric encryption. Moreover, the system verifies that the hash computed utilizing the password and the hardware-based authenticator is correct for accessing the software.

公开(公告)号：US20200295950A1

公开(公告)日：2020-09-17

申请号：US16352482

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Michael Matovsky ,  Ravi Singh ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/00

Abstract: A system, method, and computer program product are provided for sensitive data recovery in high security systems. In operation, a client device receives a request by a user to initiate a data recovery process to recover data that is encrypted. The client device generates a new data recovery request key pair. The client device creates a data recovery request that includes a data recovery request public key. The client device signs the data recovery request using an identity private key that is associated with a certificate issued by a certification authority (CA). The client device sends the data recovery request to a server system storing the data. The server system accesses an offline data recovery subsystem (ODRS) storing a data recovery key pair to authenticate the user. The ODRS generates and stores a secret data recovery code. The client device receives the secret data recovery code that was communicated to the user. The client device sends the secret data recovery code along with the data recovery request to the server system. The server system verifies the received secret data recovery code against the stored secret data recovery code. The server system verifies a public key associated with the received data recovery request against a public key associated with a stored recovery request. The server system identifies the data recovery request as authenticated. The ODRS verifies a request signature associated with the data recovery request. The ODRS verifies the encrypted signature against encrypted and signed recovery data. The ODRS verifies that a user ID in a password reset request matches a user ID in a message encryption key signature. The ODRS decrypts the data recovery key pair and re-encrypts the data recovery key pair to the data recovery request public key. The ODRS stores the re-encrypted data recovery key pair associated with the data recovery request. The client device queries the server system to obtain the data. The server system returns the data to the client device. The client device decrypts the data using a data recovery private key.

公开(公告)号：US20200295945A1

公开(公告)日：2020-09-17

申请号：US16352515

申请日：2019-03-13

Applicant: Dark Matter L.L.C.

Inventor： Serguei Velikevitch ,  Alexander Sherkin

IPC: H04L9/32 ,  H04L9/08

Abstract: A system, method, and computer program product are provided for implementing zero round trip secure communications based on a noisy secret with a reduced message size, comprising: a) receiving, by a receiver system, an encrypted message including encrypted message keys, and message authentication code (MAC) information a message MAC that is calculated and added for every sub-key, from a sender system; b) obtaining, by the receiver system, a number of a plurality of sub-keys from the received encrypted message; c) obtaining, by the receiver system, a sub-key from the plurality of sub keys associated with the encrypted message; d) utilizing, by the receiver system, a key derivation function to derive a key encryption key and a key MAC key associated with the sub-key; e) calculating, by the receiver system, an encrypted message key MAC associated with the sub-key using the derived key MAC key; f) determining, by the receiver system, whether the calculated encrypted message key MAC matches a received MAC for the sub-key; g) determining, by the receiver system, that the sub-key does not have any noise if the calculated encrypted message key MAC matches the received MAC for the sub-key; h) determining, by the receiver system, that the sub-key has noise if the calculated encrypted message key MAC does not match the received MAC for the sub-key; i) repeating, by the receiver system, steps c though h until a noiseless sub-key is found or all of the plurality of sub-keys are determined to have noise; j) if all of the plurality of sub-keys are determined to have noise, adjusting, by the receiver system, bits of a selected sub-key one by one, for each of the plurality of sub-keys, until a sub-key with one noisy bit is found and corrected to a noiseless sub-key; k) deriving, by the receiver system, a key encryption key from the noiseless sub-key; l) utilizing, by the receiver system, the key encryption key derived from the noiseless sub-key to decrypt a message key associated with the encrypted message; and m) utilizing, by the receiver system, the message key to decrypt the encrypted message.