Method and device for providing digital security
    1.
    发明授权
    Method and device for providing digital security 有权
    提供数字安全的方法和设备

    公开(公告)号:US08446250B2

    公开(公告)日:2013-05-21

    申请号:US12602567

    申请日:2008-06-10

    IPC分类号: H04L9/38

    摘要: This invention relates to a method and system for providing digital security by means of a reconfigurable physical uncloneable function, RPUF. The RPUF comprises a physical system constituted by distributed components arranged to generate a first response when receiving a first challenge at a point of the physical system. The physical reconfiguring of the RPUF comprises redistributing the components such that they generate a second response, which differs from said first response, when again applying the first challenge at the point. The reconfiguration step is further utilized in providing secure storage for digital items. The digital item is data of any kind, including data that needs to be accessed and updated, i.e. which is dynamic in nature. The method is exemplified by implementations such as secure storage of a key, a secure counter and a seed generator.

    摘要翻译: 本发明涉及通过可重新配置的物理不可克隆功能RPUF提供数字安全的方法和系统。 RPUF包括由分布式组件构成的物理系统,其被布置成在物理系统的某一点接收到第一挑战时产生第一响应。 RPUF的物理重新配置包括重新分配组件,使得当在该点再次应用第一挑战时,它们产生与所述第一响应不同的第二响应。 重新配置步骤进一步用于为数字项提供安全存储。 数字项目是任何类型的数据,包括需要被访问和更新的数据,即本质上是动态的。 该方法由诸如密钥的安全存储,安全计数器和种子发生器的实现来示例。

    METHOD AND DEVICE FOR PROVIDING DIGITAL SECURITY
    2.
    发明申请
    METHOD AND DEVICE FOR PROVIDING DIGITAL SECURITY 有权
    用于提供数字安全的方法和设备

    公开(公告)号:US20100176920A1

    公开(公告)日:2010-07-15

    申请号:US12602567

    申请日:2008-06-10

    IPC分类号: H04L9/32 G06F21/02

    摘要: This invention relates to a method and system for providing digital security by means of a reconfigurable physical uncloneable function, RPUF. The RPUF comprises a physical system constituted by distributed components arranged to generate a first response when receiving a first challenge at a point of the physical system. The physical reconfiguring of the RPUF comprises redistributing the components such that they generate a second response, which differs from said first response, when again applying the first challenge at the point. The reconfiguration step is further utilized in providing secure storage for digital items. The digital item is data of any kind, including data that needs to be accessed and updated, i.e. which is dynamic in nature. The method is exemplified by implementations such as secure storage of a key, a secure counter and a seed generator.

    摘要翻译: 本发明涉及通过可重新配置的物理不可克隆功能RPUF提供数字安全的方法和系统。 RPUF包括由分布式组件构成的物理系统,其被布置成在物理系统的某一点接收到第一挑战时产生第一响应。 RPUF的物理重新配置包括重新分配组件,使得当在该点再次应用第一挑战时,它们产生与所述第一响应不同的第二响应。 重新配置步骤进一步用于为数字项提供安全存储。 数字项目是任何类型的数据,包括需要被访问和更新的数据,即本质上是动态的。 该方法由诸如密钥的安全存储,安全计数器和种子发生器的实现来示例。

    RESOURCE METERING SYSTEM AND METHOD USING SUCH A SYSTEM FOR SMART ENERGY CONSUMPTION
    3.
    发明申请
    RESOURCE METERING SYSTEM AND METHOD USING SUCH A SYSTEM FOR SMART ENERGY CONSUMPTION 审中-公开
    资源计量系统和使用这种系统进行智能能源消耗的方法

    公开(公告)号:US20130297087A1

    公开(公告)日:2013-11-07

    申请号:US13884286

    申请日:2011-10-24

    IPC分类号: G06F1/32

    摘要: The resource metering system comprises: an end-point device (25) consuming a resource, in particular for usage in a building (2) or in an outdoor lighting system, said device comprising a detection unit that produces status information and an indicator of usefulness; a smart meter (20) comprising: a communication circuitry provided with an interface adapted for receiving from said device status information and said indicator of usefulness; a metrology device connected to a medium (17) that provides the resource to said device; and a control circuitry connected to the metrology device for collecting resource consumption data, the control circuitry being connected to the communication circuitry and adapted to produce monitoring data to be securely transmitted to a server (10) after processing the status information and said indicator. Monitoring data are used when determining consumption tariffs, so as to encourage energy efficient usage of the device.

    摘要翻译: 资源计费系统包括:消耗资源的终点设备(25),特别是用于建筑物(2)或户外照明系统中的使用,所述设备包括产生状态信息的检测单元和有用性指标 ; 一种智能电表(20),包括:通信电路,其具有适于从所述设备接收状态信息和所述有用指标的接口; 连接到向所述设备提供资源的介质(17)的计量设备; 以及控制电路,连接到所述计量装置以收集资源消耗数据,所述控制电路连接到所述通信电路,并且适于在处理所述状态信息和所述指示符之后产生要被安全地发送到服务器(10)的监视数据。 在确定消费关税时使用监控数据,以鼓励设备的节能使用。

    METHOD FOR SECURING COMMUNICATIONS IN A WIRELESS NETWORK, AND RESOURCE-RESTRICTED DEVICE THEREFOR
    4.
    发明申请
    METHOD FOR SECURING COMMUNICATIONS IN A WIRELESS NETWORK, AND RESOURCE-RESTRICTED DEVICE THEREFOR 审中-公开
    无线网络中通信安全的方法及其资源限制的设备

    公开(公告)号:US20120047361A1

    公开(公告)日:2012-02-23

    申请号:US13318690

    申请日:2010-04-26

    IPC分类号: H04L9/00 H04L29/06 H04W12/02

    CPC分类号: H04W12/02 H04L63/0428

    摘要: The present invention relates to a method for securing communications between a resource-restricted device (1) and a receiving device (2) according to a wireless protocol, the method comprising the following steps: -storing, in a first part (11) of a non-volatile memory of the resource-restricted device (1), at least one encrypted payload, -storing, in a second part (12) of the non-volatile memory of the resource-restricted device (1), a pointer pointing towards an encrypted payload stored in the memory, -when a transmission is to be performed by the resource-restricted device (1), sending the encrypted payload indicated by the pointer, and storing, in the second part (12) of the non-volatile memory an updated pointer indicating a next-to-be-used encrypted payload stored in the memory.

    摘要翻译: 本发明涉及一种根据无线协议来确保资源受限设备(1)和接收设备(2)之间的通信的方法,所述方法包括以下步骤: - 在第一部分(11)中, 资源受限设备(1)的非易失性存储器的非易失性存储器,在资源受限设备(1)的非易失性存储器的第二部分(12)中的至少一个加密有效载荷,指向指向 朝向存储在存储器中的加密有效载荷, - 当由资源受限设备(1)执行传输时,发送由指针指示的加密有效载荷,并存储在非易失性存储器的第二部分(12)中, 易失性存储器,指示存储在存储器中的下一个要使用的加密有效载荷的更新指针。

    Method of generating arbitrary numbers given a seed
    5.
    发明授权
    Method of generating arbitrary numbers given a seed 有权
    产生给种子的任意数字的方法

    公开(公告)号:US08594326B2

    公开(公告)日:2013-11-26

    申请号:US12515814

    申请日:2007-11-26

    IPC分类号: H04L9/00

    摘要: The invention provides a method of generating arbitrary numbers given a seed, characterized by providing a challenge derived from the seed to a physical token, receiving an initial response from the physical token, combining the initial response with helper data associated with the challenge to produce a stable response, and generating the arbitrary numbers using a pseudo-random number generator using the stable response as a seed for the generator. Preferably one or more of these pseudo-random permutations are used as one or more round function(s) in a Feistel block cipher. The generated arbitrary numbers may also be used to create a cryptographic key.

    摘要翻译: 本发明提供了一种产生给种子的任意数字的方法,其特征在于将从种子导出的挑战提供给物理标记,从物理标记接收初始响应,将初始响应与与挑战相关联的辅助数据组合以产生 稳定响应,并且使用使用稳定响应作为发生器的种子的伪随机数发生器来生成任意数。 优选地,这些伪随机排列中的一个或多个用作Feistel块密码中的一个或多个轮函数。 生成的任意数字也可以用于创建加密密钥。

    METHOD FOR OPERATING A NODE IN A WIRELESS SENSOR NETWORK
    6.
    发明申请
    METHOD FOR OPERATING A NODE IN A WIRELESS SENSOR NETWORK 审中-公开
    在无线传感器网络中操作节点的方法

    公开(公告)号:US20120195431A1

    公开(公告)日:2012-08-02

    申请号:US13499930

    申请日:2010-10-07

    IPC分类号: H04K1/00

    摘要: The present invention relates to a method for operating a first node in a network, the network including a plurality of nodes, the method comprising (a) the first node having a first identifier joining the network by transmitting the first identifier to a second node having a second identifier, (b) the first node generating a first key on the basis of the second identifier (c) the first node authenticating the second node by means of the first key, (d) the first node communicating with a third node if the first and second keys are equal.

    摘要翻译: 本发明涉及一种用于操作网络中的第一节点的方法,所述网络包括多个节点,所述方法包括(a)所述第一节点具有通过将所述第一标识符发送到具有 第二标识符,(b)第一节点基于第二标识符(c)生成第一密钥,第一节点通过第一密钥认证第二节点,(d)第一节点与第三节点通信,如果 第一和第二键是相等的。

    Encryption and decryption of a dataset in at least two dimensions
    9.
    发明授权
    Encryption and decryption of a dataset in at least two dimensions 有权
    至少二维数据集的加密和解密

    公开(公告)号:US09268918B2

    公开(公告)日:2016-02-23

    申请号:US12529796

    申请日:2008-03-11

    摘要: It is described a method for encrypting and a method for decrypting at least a portion (155) of a dataset being stored in a memory (150), wherein the dataset has at least two dimensions. The described multi-dimensional cryptographic methods comprise forming a first keystream (165) being assigned to a first dimension of the dataset and forming a second keystream (175) being assigned to a second dimension of the dataset. The encrypting method further comprises encrypting each data packet of the portion (155) of the dataset by using a combination of the first keystream (165) and the second keystream (175). The decrypting method further comprises decrypting each data packet of the portion (155) of the dataset by using a combination of the first keystream (165) and the second keystream (175). It is further described a method for temporarily storing at least a portion (155) of a dataset into a memory (150) and a device for handling a dataset, which method and which device take advantage of the above-described encrypting method and/or the above-described decrypting method.

    摘要翻译: 描述了一种用于加密的方法和用于解密存储在存储器(150)中的数据集的至少一部分(155)的方法,其中数据集具有至少两个维度。 描述的多维密码方法包括形成分配给数据集的第一维度的第一密钥流(165),并形成分配给数据集的第二维度的第二密钥流(175)。 加密方法还包括通过使用第一密钥流(165)和第二密钥流(175)的组合来加密数据集的部分(155)的每个数据分组。 解密方法还包括通过使用第一密钥流(165)和第二密钥流(175)的组合来解密数据集的部分(155)的每个数据分组。 进一步描述了一种用于将数据集的至少一部分(155)临时存储到存储器(150)和用于处理数据集的装置的方法,该方法和哪个装置利用上述加密方法和/或 上述解密方法。

    METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR
    10.
    发明申请
    METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR 有权
    网络通信安全的方法,通信设备,网络及其计算机程序

    公开(公告)号:US20110317838A1

    公开(公告)日:2011-12-29

    申请号:US13254462

    申请日:2010-03-16

    IPC分类号: H04L9/00

    摘要: A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.

    摘要翻译: 一种用于保护网络(1)中的第一节点(N1)和第二节点(N2)之间的通信的方法,还包括具有根密钥材料的管理设备(2),所述管理设备(2)包括以下步骤:所述管理设备生成 基于根密钥材料,第一节点密钥材料共享包括多个子元素,并且所述第一节点密钥资源共享被布置用于生成第一完整密钥,所述管理设备选择所述第一密钥的子元素的子集 选择的子元素的数量小于或等于第一密钥材料共享的子元素的总数的数量,以及形成第一节点部分密钥材料共享或对称密钥生成引擎的所选择的子元素, 所述第一节点基于所述第一节点对称密钥生成引擎和所述第二节点的标识符生成用于保护与所述第二节点的通信的第一密钥。