公开(公告)号：US07003499B2

公开(公告)日：2006-02-21

申请号：US10182182

申请日：2001-01-30

申请人： David Arditti ,  Gilles Macario-Rat ,  Dimitri Mouton ,  Nicolas Bugault

发明人： David Arditti ,  Gilles Macario-Rat ,  Dimitri Mouton ,  Nicolas Bugault

IPC分类号： G06F17/60

CPC分类号： G07F7/1008 ,  G06Q20/027 ,  G06Q20/0855 ,  G06Q20/10 ,  G06Q20/28 ,  G06Q20/305 ,  G06Q20/341 ,  G06Q20/342 ,  G06Q20/355 ,  G06Q20/367 ,  G06Q20/3674 ,  G06Q20/3821 ,  G06Q20/383 ,  G06Q20/401 ,  G07F7/025

摘要： In order to prevent the use of a virtual prepaid card illegitimately acquired and transmitting only one identification code, for example read after the card has been scratched, to a service provision server, a second code is delivered on paying for the card, and the two codes have to be authenticated so that the user-purchaser of the card can subsequently use the service concerned in the server still using only the first code.

公开(公告)号：US20080250246A1

公开(公告)日：2008-10-09

申请号：US11996179

申请日：2006-07-18

申请人： David Arditti ,  Sidonie Caron ,  Laurent Frisch

发明人： David Arditti ,  Sidonie Caron ,  Laurent Frisch

IPC分类号： H04L9/06

CPC分类号： H04L9/3263 ,  H04L2209/56

摘要： A device is provided for controlling secure transactions using a physical device held by a user and bearing at least one first pair of asymmetric keys, including a first device public key and a first corresponding device private key. The control includes, prior to implementing the device, certifying a first device public key and characteristics data of the physical device by signing with a first certification key, delivering a factory certificate, after verifying that the device private key is housed in a tamper-proof zone of the physical device. At least one second pair of asymmetric keys is generated, including a second device public key and a second device private key housed in a tamper-proof zone of the device. A second device public key is certified by signing with at least the first device private key, delivering a provisional certificate. The factory and provisional certificate are verified using, respectively, a second certification key corresponding to the first certification key, and the first device public key. In case of positive verification, the method includes delivering by a trusted third party a device certificate corresponding to the signature by the provider at least the second device public key and an identifier of the user and the characteristic data of the device.

摘要翻译： 提供了一种用于使用由用户持有的物理设备来控制安全事务并且承载至少一个第一对非对称密钥（包括第一设备公钥和第一对应设备私钥）的设备。 该控制包括在实施该设备之前，在验证设备私钥被容纳在防篡改中之后，通过使用第一认证密钥进行签名来验证物理设备的第一设备公钥和特征数据，以交付工厂证书 物理设备的区域。 产生至少一个第二对非对称密钥，包括第二设备公钥和容纳在设备的防篡改区域中的第二设备私钥。 第二个设备公钥通过至少使用第一个设备私钥进行签名，提供临时证书。 分别使用与第一认证密钥对应的第二认证密钥和第一设备公钥来验证工厂和临时证书。 在正确验证的情况下，该方法包括至少由第二设备公钥和用户的标识符以及设备的特征数据来由可信任的第三方递送与提供者的签名相对应的设备证书。

公开(公告)号：US5347650A

公开(公告)日：1994-09-13

申请号：US672649

申请日：1991-03-21

申请人： David Arditti ,  Mireille Campana ,  Henri Gilbert

发明人： David Arditti ,  Mireille Campana ,  Henri Gilbert

IPC分类号： G09C1/00 ,  H04L9/10 ,  H04L9/32 ,  G06F7/14 ,  G06F9/355 ,  G06F9/42 ,  G06F15/40

CPC分类号： H04L9/0618 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/20

摘要： An electronic device for processing digital data has an input for receiving data to be processed and processor means suitable for transforming the input data in non-falsifiable manner into a result condensed data block. The processor means tools that are simple and fast, such as arrays and logic operators, to provide an elementary anti-collision operation for use in condensing the digital data.

摘要翻译： 用于处理数字数据的电子设备具有用于接收要处理的数据的输入和适于将输入数据以不可伪造的方式变换成结果浓缩数据块的处理器装置。 处理器是指简单快速的工具，例如阵列和逻辑运算符，用于提供用于冷凝数字数据的基本防冲突操作。

公开(公告)号：US20080292104A1

公开(公告)日：2008-11-27

申请号：US12096426

申请日：2006-12-05

申请人： Julie H. Loc'H ,  David Arditti ,  Sylvie Camus

发明人： Julie H. Loc'H ,  David Arditti ,  Sylvie Camus

IPC分类号： H04L9/14

CPC分类号： H04L9/0894

摘要： At least one expired decryption key intended to be used for asymmetrical decryption of encrypted data is recovered in a terminal after generation of a cryptographic encryption key/decryption key pair stored in a cryptographic medium such as a microchip card. The expired decryption key is stored in a database accessible to a user of the terminal and encrypted beforehand as a function of the new generated encryption key. In the terminal connected to the cryptographic medium, the encrypted expired encryption key is decrypted as a function of the decryption key stored in the cryptographic medium so that the encrypted data is decrypted as a function of the thus decrypted expired decryption key.

摘要翻译： 在生成存储在诸如微芯片卡的密码介质中的密码加密密钥/解密密钥对之后，在终端中恢复旨在用于加密数据的非对称解密的至少一个到期的解密密钥。 过期的解密密钥存储在可由终端的用户访问的数据库中，作为新生成的加密密钥的函数预先加密。 在连接到密码介质的终端中，根据存储在密码介质中的解密密钥，加密的过期加密密钥被解密，从而根据这样解密的过期解密密钥对加密数据进行解密。

公开(公告)号：US20070283426A1

公开(公告)日：2007-12-06

申请号：US11660543

申请日：2005-08-05

申请人： Loic Houssier ,  Laurent Frisch ,  David Arditti

发明人： Loic Houssier ,  Laurent Frisch ,  David Arditti

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  H04L63/0421 ,  H04L63/0861

摘要： This method provides for electronic certificate assignment in a certificate assignment infrastructure distributed in a network. The infrastructure includes at least one certificate server, an identity server and a registration server linked to the network. Prior to a certificate application request, information relating to the identity of a certificate applicant is stored in the identity server, the identity information being accessible by way of an identifier. In this method, an applicant requests a certificate from the registration server; the identifier is dispatched to the identity server; after verification of the identifier, the identity server dispatches the previously registered identity of the applicant, said identity being provided to the registration server; after receipt of the identity, the registration server dispatches a certificate request including the identity of the applicant to the certificate server, and the certificate server dispatches the certificate destined for the applicant.

摘要翻译： 该方法提供分布在网络中的证书分配基础中的电子证书分配。 基础设施包括至少一个证书服务器，身份服务器和链接到网络的注册服务器。 在证书申请请求之前，与证书申请人的身份有关的信息存储在身份服务器中，身份信息可通过标识符来访问。 在该方法中，申请人从注册服务器请求证书; 标识符被分派到身份服务器; 身份服务器在验证了该标识符之后，发送申请人先前注册的身份，所述身份被提供给注册服务器; 在收到身份后，注册服务器将包含申请人身份的证书请求发送到证书服务器，证书服务器发送发往申请人的证书。

公开(公告)号：US6125445A

公开(公告)日：2000-09-26

申请号：US76818

申请日：1998-05-13

申请人： David Arditti ,  Henri Gilbert ,  Jacques Stern ,  David Pointcheval

发明人： David Arditti ,  Henri Gilbert ,  Jacques Stern ,  David Pointcheval

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L9/3236 ,  H04L9/3218

摘要： A process for the identification of a claimant by a verifier. The process is of the public key type, where the public exponent is equal to 3. The claimant draws at random a first exponent .alpha., calculates r=g.sup..alpha. mod n and transmits R=r.sup.3. The verifier draws at random a second exponent .beta., calculates t=g.sup..beta. mod n, calculates T=t.sup.3 mod n and h=H.sub.1 (Z), where H.sub.1 is a hash function, and calculates Z=R.sup.3 mod n. The verifier transmits to the claimant the numbers T and h. The claimant calculates Y=T.sup..alpha. mod n, verifies the result H.sub.1 (Y), calculates H=H.sub.2 (Y), where H.sub.2 is another hash function, calculates z=rS mod n, and transmits z and H. The claimant also has a secret number S equal to the modulo n cubic root of a number I deduced from its identity so that the number S verifies S.sup.3 =I mod n. The verifier verifies that H received is equal to H.sub.2 (Z) and that z.sup.3 is equal to RI mod n.

摘要翻译： 验证者识别索赔人的过程。 该过程是公钥类型，其中公共指数等于3.索赔人随机抽取第一指数α，计算r = g alpha mod n并发送R = r3。 验证者随机抽取第二指数β，计算t = g beta mod n，计算T = t3 mod n和h = H1（Z），其中H1是散列函数，并计算Z = R3 mod n。 验证者向索赔人传送号码T和h。 索赔人计算Y = Tαmod n，验证结果H1（Y），计算H = H2（Y），其中H2是另一个哈希函数，计算z = rS mod n，并发送z和H.索赔人也有 秘密数S等于从其身份推断的数字的模n立方根，使得数S验证S3 = I mod n。 验证者验证H接收等于H2（Z），并且z3等于RI mod n。

公开(公告)号：US5894519A

公开(公告)日：1999-04-13

申请号：US838646

申请日：1997-04-09

申请人： Olivier Clemot ,  Mireille Campana ,  David Arditti

发明人： Olivier Clemot ,  Mireille Campana ,  David Arditti

IPC分类号： G06F1/00 ,  G06F21/31 ,  G06F21/34 ,  H04L9/32 ,  H04K1/00

CPC分类号： H04L9/3234 ,  G06F21/31 ,  G06F21/34 ,  G06F2221/2107

摘要： A process for the dissimulation of concealment of a secret code in a data authentication device by encrypting the secret code by an encrypting function for forming an image of the secret code and storing the secret code image in the authentication device. Beforehand, an encrypting function is chosen such that with each stored secret code image corresponds a plurality of antecedent codes all differing from the secret code, but which, once encrypted by the encrypting function have an image identical to that of the secret code. The secret code of a user has an authentication device in which is stored the secret code image.

摘要翻译： 一种用于通过用于形成秘密码的图像的加密功能加密秘密码并将该秘密码图像存储在认证装置中来隐藏数据认证装置中的秘密码的隐藏的过程。 之前，选择加密功能，使得每个存储的密码图像对应于与密码不同的多个先行代码，但是一旦由加密函数加密，其具有与密码相同的图像。 用户的秘密码具有存储秘密码图像的认证装置。

公开(公告)号：US5862224A

公开(公告)日：1999-01-19

申请号：US731488

申请日：1996-10-16

申请人： Henri Gilbert ,  David Arditti

发明人： Henri Gilbert ,  David Arditti

IPC分类号： G07F7/10 ,  H04L9/00

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/367 ,  G06Q20/3678 ,  G06Q20/40975

摘要： A cryptographic process is for protection against fraud. An allocation of a secret key K is made to a card and to an application and an input value R is defined. The card and application calculate the modulo 2 scalar product of binary vectors constituted by words of R and words of K. The application checks whether the result obtained by the card is in agreement with its own result. An exemplary application is low cost cards.

摘要翻译： 加密过程是防止欺诈。 对卡和应用进行秘密密钥K的分配，并且定义输入值R. 卡和应用程序计算由R的单词和K组成的二进制向量的模2标量乘积。应用程序检查卡获得的结果是否与其自身的结果一致。 示例性应用是低成本卡。

公开(公告)号：US20090106548A1

公开(公告)日：2009-04-23

申请号：US11996181

申请日：2006-07-18

申请人： David Arditti ,  Laurent Frisch ,  Herve Sibert

发明人： David Arditti ,  Laurent Frisch ,  Herve Sibert

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L2209/56

摘要： A method is provided for controlling secure transactions using a physical device held by a user and bearing at least one pair of asymmetric keys, including a device public key and a corresponding device private key. The method includes, prior to implementing the physical device, certifying the device public key with a first certification key of a particular certifying authority, delivering a device certificate after verifying that the device private key is housed in a tamper-proof zone of the physical device; verifying the device certificate by a second certification key corresponding to the first certification key; and in case of a positive verification, registering the user with a provider delivering a provider certificate corresponding to the signature by the provider of the device public key and an identifier of the user.

摘要翻译： 提供了一种用于使用由用户持有的物理设备来控制安全交易并且承载至少一对非对称密钥（包括设备公钥和对应的设备私钥）的方法。 该方法包括：在实现物理设备之前，用特定认证机构的第一认证密钥证明设备公钥，在验证设备专用密钥被容纳在物理设备的防篡改区域之后传递设备证书 ; 通过对应于第一认证密钥的第二认证密钥验证设备证书; 并且在正确验证的情况下，向用户注册提供者提供与设备公钥的提供者签名相对应的提供者证书的提供者和用户的标识符。

公开(公告)号：US20090019282A1

公开(公告)日：2009-01-15

申请号：US11659296

申请日：2005-07-20

申请人： David Arditti ,  Olivier Charles ,  Sebastien Nguyen Ngoc

发明人： David Arditti ,  Olivier Charles ,  Sebastien Nguyen Ngoc

IPC分类号： H04L9/00

CPC分类号： H04L9/3236 ,  H04L2209/42

摘要： A method for authenticating at least one client entity (A) by means of an authentication entity (B) based on a public key encryption (ASYM(PB,R))/decryption (ASYM(SB,R′)) algorithm, implemented on the client entity side and authentication entity side, respectively, including, on the client entity side: generation of a cryptogram (R′) by encryption of a message (R) containing identification data (idA) of said entity, secret data (KA), and an authentication counter value (CA, CB), guaranteeing that said authentication is not replayed, sending of the cryptogram to the authentication entity and, on the authentication entity side: decryption of said cryptogram, from a data base (DB) storing, for each client entity capable of being authenticated, a record containing at least the identification data for said client entity, determination of the record of said data base corresponding to the decrypted identification data, and verification of the correspondence between the decrypted secret data and the secret data of said client entity, obtained from said record.

摘要翻译： 一种用于基于公钥加密（ASYM（PB，R））/解密（ASYM（SB，R'））算法借助于认证实体（B）来认证至少一个客户端实体（A）的方法， 客户实体侧和认证实体侧分别包括在客户端实体侧：通过加密包含所述实体的标识数据（idA）的消息（R）生成密码（R'），秘密数据（KA） ，以及认证计数器值（CA，CB），保证不重放所述认证，将密码发送给认证实体，并且在认证实体侧：从所述密码的数据库（DB）中解密所述密码， 对于能够被认证的每个客户端实体，至少包含用于所述客户端实体的识别数据的记录，对与解密的识别数据相对应的所述数据库的记录的确定，以及验证所解密的秘密数据a 找出从所述记录获得的所述客户实体的秘密数据。