公开(公告)号：US20070283426A1

公开(公告)日：2007-12-06

申请号：US11660543

申请日：2005-08-05

申请人： Loic Houssier ,  Laurent Frisch ,  David Arditti

发明人： Loic Houssier ,  Laurent Frisch ,  David Arditti

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  H04L63/0421 ,  H04L63/0861

摘要： This method provides for electronic certificate assignment in a certificate assignment infrastructure distributed in a network. The infrastructure includes at least one certificate server, an identity server and a registration server linked to the network. Prior to a certificate application request, information relating to the identity of a certificate applicant is stored in the identity server, the identity information being accessible by way of an identifier. In this method, an applicant requests a certificate from the registration server; the identifier is dispatched to the identity server; after verification of the identifier, the identity server dispatches the previously registered identity of the applicant, said identity being provided to the registration server; after receipt of the identity, the registration server dispatches a certificate request including the identity of the applicant to the certificate server, and the certificate server dispatches the certificate destined for the applicant.

摘要翻译： 该方法提供分布在网络中的证书分配基础中的电子证书分配。 基础设施包括至少一个证书服务器，身份服务器和链接到网络的注册服务器。 在证书申请请求之前，与证书申请人的身份有关的信息存储在身份服务器中，身份信息可通过标识符来访问。 在该方法中，申请人从注册服务器请求证书; 标识符被分派到身份服务器; 身份服务器在验证了该标识符之后，发送申请人先前注册的身份，所述身份被提供给注册服务器; 在收到身份后，注册服务器将包含申请人身份的证书请求发送到证书服务器，证书服务器发送发往申请人的证书。

公开(公告)号：US20080250246A1

公开(公告)日：2008-10-09

申请号：US11996179

申请日：2006-07-18

申请人： David Arditti ,  Sidonie Caron ,  Laurent Frisch

发明人： David Arditti ,  Sidonie Caron ,  Laurent Frisch

IPC分类号： H04L9/06

CPC分类号： H04L9/3263 ,  H04L2209/56

摘要： A device is provided for controlling secure transactions using a physical device held by a user and bearing at least one first pair of asymmetric keys, including a first device public key and a first corresponding device private key. The control includes, prior to implementing the device, certifying a first device public key and characteristics data of the physical device by signing with a first certification key, delivering a factory certificate, after verifying that the device private key is housed in a tamper-proof zone of the physical device. At least one second pair of asymmetric keys is generated, including a second device public key and a second device private key housed in a tamper-proof zone of the device. A second device public key is certified by signing with at least the first device private key, delivering a provisional certificate. The factory and provisional certificate are verified using, respectively, a second certification key corresponding to the first certification key, and the first device public key. In case of positive verification, the method includes delivering by a trusted third party a device certificate corresponding to the signature by the provider at least the second device public key and an identifier of the user and the characteristic data of the device.

摘要翻译： 提供了一种用于使用由用户持有的物理设备来控制安全事务并且承载至少一个第一对非对称密钥（包括第一设备公钥和第一对应设备私钥）的设备。 该控制包括在实施该设备之前，在验证设备私钥被容纳在防篡改中之后，通过使用第一认证密钥进行签名来验证物理设备的第一设备公钥和特征数据，以交付工厂证书 物理设备的区域。 产生至少一个第二对非对称密钥，包括第二设备公钥和容纳在设备的防篡改区域中的第二设备私钥。 第二个设备公钥通过至少使用第一个设备私钥进行签名，提供临时证书。 分别使用与第一认证密钥对应的第二认证密钥和第一设备公钥来验证工厂和临时证书。 在正确验证的情况下，该方法包括至少由第二设备公钥和用户的标识符以及设备的特征数据来由可信任的第三方递送与提供者的签名相对应的设备证书。

公开(公告)号：US07526651B2

公开(公告)日：2009-04-28

申请号：US10848943

申请日：2004-05-19

申请人： David Arditti Modiano ,  Laurent Frisch ,  Dimitri Mouton

发明人： David Arditti Modiano ,  Laurent Frisch ,  Dimitri Mouton

IPC分类号： H04L9/00

CPC分类号： H04L9/3255 ,  H04L2209/42

摘要： A ring-signature scheme is adapted so that at least one of the variability parameter values used is an identity trace of the anonymous signatory, determined as a function of anonymity withdrawal data stored and held secret by an anonymity withdrawal entity in connection with an identification of the anonymous signatory. This provides a subsequent controlled capacity of withdrawing the anonymity of the signatory, either by an authority, or by the signatory himself.

摘要翻译： 环形签名方案被改编成使得所使用的可变性参数值中的至少一个是匿名签名者的身份痕迹，该身份痕迹被确定为由匿名提款实体存储和保密的匿名提取数据的函数， 匿名签字人 这提供了随后由管理机构或签字人本人撤回签字人匿名的受控能力。

公开(公告)号：US20090106548A1

公开(公告)日：2009-04-23

申请号：US11996181

申请日：2006-07-18

申请人： David Arditti ,  Laurent Frisch ,  Herve Sibert

发明人： David Arditti ,  Laurent Frisch ,  Herve Sibert

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L2209/56

摘要： A method is provided for controlling secure transactions using a physical device held by a user and bearing at least one pair of asymmetric keys, including a device public key and a corresponding device private key. The method includes, prior to implementing the physical device, certifying the device public key with a first certification key of a particular certifying authority, delivering a device certificate after verifying that the device private key is housed in a tamper-proof zone of the physical device; verifying the device certificate by a second certification key corresponding to the first certification key; and in case of a positive verification, registering the user with a provider delivering a provider certificate corresponding to the signature by the provider of the device public key and an identifier of the user.

摘要翻译： 提供了一种用于使用由用户持有的物理设备来控制安全交易并且承载至少一对非对称密钥（包括设备公钥和对应的设备私钥）的方法。 该方法包括：在实现物理设备之前，用特定认证机构的第一认证密钥证明设备公钥，在验证设备专用密钥被容纳在物理设备的防篡改区域之后传递设备证书 ; 通过对应于第一认证密钥的第二认证密钥验证设备证书; 并且在正确验证的情况下，向用户注册提供者提供与设备公钥的提供者签名相对应的提供者证书的提供者和用户的标识符。

公开(公告)号：US20060050885A1

公开(公告)日：2006-03-09

申请号：US10514385

申请日：2003-05-16

申请人： Sylvie Camus ,  Laurent Frisch ,  Dimitri Mouton

发明人： Sylvie Camus ,  Laurent Frisch ,  Dimitri Mouton

IPC分类号： H04K1/00

CPC分类号： G06F9/52 ,  G06F21/602

摘要： A computer application is provided with a cryptographic toolbox with having a modular architecture. The toolbox has a module for manipulating data formats used in the performance of cryptographic functions, a module for executing algorithms involved in cryptographic operations, a module for accessing cryptographic resources, and a functional module supervising the data format manipulation, algorithm execution and cryptographic resource access modules. The functional module has a functional interface with the rest of the application.

摘要翻译： 计算机应用程序提供有具有模块化架构的加密工具箱。 该工具箱具有用于操纵用于执行加密功能的数据格式的模块，用于执行加密操作涉及的算法的模块，用于访问密码资源的模块以及监督数据格式操纵，算法执行和加密资源访问的功能模块 模块。 功能模块具有与应用程序其余部分的功能接口。

公开(公告)号：US20080159543A1

公开(公告)日：2008-07-03

申请号：US11663991

申请日：2005-09-28

申请人： Laurent Frisch ,  Gilles Macario-Rat

发明人： Laurent Frisch ,  Gilles Macario-Rat

IPC分类号： H04L9/06

CPC分类号： H04L9/3263

摘要： The invention relates to a public key cryptographic method and system, a certification server and memories adapted for said system. In said public key cryptographic system, there is insufficient information contained in an electronic public key certificate alone to retrieve the public key. The inventive system comprises at least a second memory (52, 72) in which complementary information is stored, which can be used to retrieve the public key when used together with the information contained in the certificate. According to the invention, access to said complementary information is reserved to a limited number of authorised terminals among the group of terminals that can verify the certificate signature.

摘要翻译： 本发明涉及公钥密码方法和系统，认证服务器和适用于所述系统的存储器。 在所述公钥密码系统中，只有电子公开密钥证书中包含的信息不足才能检索公开密钥。 本发明的系统至少包括其中存储有互补信息的第二存储器（52,72），当与证书中包含的信息一起使用时，可以使用该第二存储器来检索公共密钥。 根据本发明，对可以验证证书签名的终端组中的有限数量的授权终端保留对所述补充信息的访问。

公开(公告)号：US20050039043A1

公开(公告)日：2005-02-17

申请号：US10900886

申请日：2004-07-28

申请人： Benoit De Boursetty ,  Laurent Frisch ,  Franck Veysset

发明人： Benoit De Boursetty ,  Laurent Frisch ,  Franck Veysset

IPC分类号： H04L12/14 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L9/00

CPC分类号： H04L12/1414 ,  H04L12/14 ,  H04L41/5051 ,  H04L63/10 ,  H04L63/168 ,  H04L67/34 ,  H04L67/36 ,  H04L69/329 ,  H04W12/0023 ,  H04W12/08 ,  H04W88/02

摘要： A method of securing requests for access to services from a terminal (1) able to communicate with a plurality of service operators (A; B) delivering respective services, comprising the following steps: furnishing the terminal with at least one software component (6; 7) provided by an operator delivering at least one service with a particular access condition, upon a request for access to the said service from the terminal by way of a communications network, executing the software component provided by the operator locally in the terminal, the execution of the software component comprising at least the presentation to a user of the terminal of an indication defined by the operator in the component in relation to the particular access condition of the service.

摘要翻译： 一种确保从能够与传送相应服务的多个服务运营商（A; B）进行通信的终端（1）的服务访问请求的方法，包括以下步骤：向终端提供至少一个软件组件（6; 7）由运营商提供的具有特定访问条件的至少一个服务，在通过通信网络从终端访问所述服务的请求时，在终端中执行由操作者本地提供的软件组件， 所述软件组件的执行至少包括向所述终端的用户呈现由所述组件中的所述操作者在所述服务的所述特定访问条件中定义的指示。

公开(公告)号：US07581109B2

公开(公告)日：2009-08-25

申请号：US10732808

申请日：2003-12-11

申请人： Benoît De Boursetty ,  Laurent Frisch ,  Dimitri Mouton

发明人： Benoît De Boursetty ,  Laurent Frisch ,  Dimitri Mouton

IPC分类号： H04L9/00

CPC分类号： H04L9/3263 ,  H04L9/3255 ,  H04L2209/42 ,  H04L2209/80

摘要： For signing of data by a given one of M delegates mandated by N titleholders, where M≧2 and N=1 or M=1 and N≧2, the terminal of the given delegate reads in a delegation server information on the delegates and the titleholders of the group thus constituted. The data and the information read and a private key of the given delegate are applied to a cryptographic algorithm to produce a signature which therefore carries a cryptographic delegation mark. The data, information, and signature are transmitted to a user terminal that can trace the characteristics of the signature delegation.

摘要翻译： 对于由N个标题持有人授权的M个代表中的一个给定的一个代表进行的数据签名，其中M> = 2和N = 1或M = 1且N> = 2，给定委托的终端读取委托服务器中关于代表的信息 以及该组织的所有权人。 读取的数据和信息以及给定委托的私钥被应用于加密算法以产生签名，由此携带密码授权标记。 数据，信息和签名被发送到可以跟踪签名委托的特征的用户终端。

公开(公告)号：US07496199B2

公开(公告)日：2009-02-24

申请号：US10513074

申请日：2003-05-16

申请人： Sylvie Camus ,  Laurent Frisch ,  Dimitri Mouton

发明人： Sylvie Camus ,  Laurent Frisch ,  Dimitri Mouton

IPC分类号： H04K1/00 ,  H04L9/00 ,  G06F1/00 ,  G06F9/46

CPC分类号： G06F21/602

摘要： The cryptographic resources are supplied by at least one cryptographic source having a specific access interface. The application is presented with a mutualized interface substantially independent of the cryptographic sources and of their respective access interfaces. A translation module is placed between the mutualized interface and each interface for accessing a cryptographic source to provide access to the cryptographic resources from the application via the mutualized interface.

摘要翻译： 密码资源由具有特定访问接口的至少一个加密源提供。 该应用程序呈现出基本上独立于密码源和它们各自的访问接口的互相接口。 翻译模块被放置在互相接口和每个接口之间，用于访问加密源，以通过互动界面从应用程序提供对加密资源的访问。

公开(公告)号：US07398396B2

公开(公告)日：2008-07-08

申请号：US10659796

申请日：2003-09-11

申请人： David Arditi ,  Laurent Frisch ,  Dimitri Mouton

发明人： David Arditi ,  Laurent Frisch ,  Dimitri Mouton

IPC分类号： H04L9/00

CPC分类号： H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L9/3297 ,  H04L2209/68 ,  H04L2209/80

摘要： In order to apply an electronic signature from a client station having authentication resources at a server, the following steps are carried out: the client station is authenticated at the server, thus establishing an authenticated communication channel; a private key/public key pair is generated at the client station; a signature certificate request generated by means of at least the public key is transmitted from the client station to the server via the authenticated channel; a signature certificate obtained in response to the request is returned via the authenticated channel; this certificate is verified at the client station; an electronic signature is calculated at the client station by means of the private key, after which this private key is destroyed; and the calculated signature is formatted with the aid of the signature certificate received via the authenticated channel.

摘要翻译： 为了从具有服务器认证资源的客户站应用电子签名，执行以下步骤：在服务器处认证客户端站，从而建立认证通信信道; 在客户端生成私钥/公钥对; 至少通过公钥生成的签名证书请求经由认证信道从客户端发送到服务器; 通过认证通道返回响应请求而获得的签名证书; 该证书在客户站进行验证; 在客户端通过私钥计算电子签名，之后该私钥被销毁; 并借助于通过认证信道接收的签名证书格式化计算出的签名。