公开(公告)号：US20070288768A1

公开(公告)日：2007-12-13

申请号：US11547711

申请日：2004-04-06

申请人： Pasquale Nesta ,  Luigi Nesta ,  Miranda Aurigemma ,  Giovanna Nesta ,  Pier Zaccone ,  Paolo Dal Checco ,  Davide Cavagnino ,  Francesco Bergadano ,  Michele Miraglia

发明人： Pasquale Nesta ,  Luigi Nesta ,  Miranda Aurigemma ,  Giovanna Nesta ,  Pier Zaccone ,  Paolo Dal Checco ,  Davide Cavagnino ,  Francesco Bergadano ,  Michele Miraglia

IPC分类号： G06F1/00

CPC分类号： G06F21/6209 ,  G06F2221/2101 ,  H04L9/0833 ,  H04L9/0891

摘要： A method for protecting sensitive data in an entry of a log file for later audit, which includes encrypting the sensitive data in the log entry by using a random cryptographic key for each auditor authorized to access the log entry, encrypting the random cryptographic key by using an auditor's personal cryptographic key, and for each auditor not authorized to access the log entry, encrypting a fake cryptographic key having the same properties as the random cryptographic key by using an auditor's personal cryptographic key.

摘要翻译： 一种用于保护日志文件的条目中的敏感数据以供稍后审核的方法，其包括通过使用被授权访问日志条目的每个审核员使用随机加密密钥对日志条目中的敏感数据进行加密，使用 审核员的个人加密密钥，对于每个没有授权访问日志条目的审核员，通过使用审核员的个人密码密钥加密具有与随机加密密钥相同属性的伪密码密钥。

公开(公告)号：US07770032B2

公开(公告)日：2010-08-03

申请号：US11547711

申请日：2004-04-06

申请人： Pasquale Andrea Nesta ,  Luigi Nesta, legal representative ,  Miranda Aurigemma, legal representative ,  Giovanna Patrizia Nesta, legal representative ,  Pier Luigi Zaccone ,  Paolo Dal Checco ,  Davide Cavagnino ,  Francesco Bergadano ,  Michele Miraglia

发明人： Pasquale Andrea Nesta ,  Pier Luigi Zaccone ,  Paolo Dal Checco ,  Davide Cavagnino ,  Francesco Bergadano ,  Michele Miraglia

IPC分类号： G06F21/00

CPC分类号： G06F21/6209 ,  G06F2221/2101 ,  H04L9/0833 ,  H04L9/0891

摘要： A method for protecting sensitive data in an entry of a log file for later audit, which includes encrypting the sensitive data in the log entry by using a random cryptographic key for each auditor authorized to access the log entry, encrypting the random cryptographic key by using an auditor's personal cryptographic key, and for each auditor not authorized to access the log entry, encrypting a fake cryptographic key having the same properties as the random cryptographic key by using an auditor's personal cryptographic key.

摘要翻译： 一种用于保护日志文件的条目中的敏感数据以供稍后审核的方法，其包括通过使用被授权访问日志条目的每个审核员使用随机加密密钥对日志条目中的敏感数据进行加密，使用 审核员的个人加密密钥，对于每个没有授权访问日志条目的审核员，通过使用审核员的个人密码密钥加密具有与随机加密密钥相同属性的伪密码密钥。

公开(公告)号：US08245047B2

公开(公告)日：2012-08-14

申请号：US12086688

申请日：2005-12-19

申请人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

发明人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

IPC分类号： H04L29/06

CPC分类号： H04L9/3239 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/3218 ,  H04L9/3255

摘要： A method for managing a group signature scheme includes in a setup procedure for group initialization, generating, by a group manager, a group public key. In a join procedure for the group manager to add a new member to the group, the method includes generating by the new member, user information, and providing the generated user information to the group manager, and computing, by the group manager, membership information for the new member based on the user information received by the new member and on the group public key, and providing to the new member the computed membership information. In particular, the membership information is computed, by the group manager, as a function of the inverse of a given hash function of the user information. In a signing procedure for a group member to sign a message on behalf of the group, the method includes: using, by the group member, the membership information and the user information. The method further includes the use of digital certificates, in order for the group member to prove to the group manager the possession of said user information.

摘要翻译： 用于管理组签名方案的方法包括在组初始化的设置过程中，由组管理器生成组公钥。 在组管理者向组中添加新成员的加入过程中，该方法包括由新成员生成用户信息，并向组管理者提供生成的用户信息，以及由组管理器计算会员信息 基于新成员接收的用户信息和组公钥，为新成员提供计算的成员资格信息。 特别地，由组管理者根据用户信息的给定散列函数的倒数来计算会员信息。 在组成员代表组签署消息的签名过程中，该方法包括：由组成员使用成员资格和用户信息。 该方法还包括使用数字证书，以便小组成员向组管理员证明拥有所述用户信息。

公开(公告)号：US20090222668A1

公开(公告)日：2009-09-03

申请号：US12086688

申请日：2005-12-19

申请人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

发明人： Pier Luigi Zaccone ,  Manuel Leone ,  Ettore Caprella ,  Francesco Bergadano ,  Davide Cavagnino ,  Paolo Dal Checco

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L9/14

CPC分类号： H04L9/3239 ,  H04L9/0833 ,  H04L9/0891 ,  H04L9/3218 ,  H04L9/3255

摘要： A method for managing a group signature scheme includes in a setup procedure for group initialization, generating, by a group manager, a group public key. In a join procedure for the group manager to add a new member to the group, the method includes generating by the new member, user information, and providing the generated user information to the group manager, and computing, by the group manager, membership information for the new member based on the user information received by the new member and on the group public key, and providing to the new member the computed membership information. In particular, the membership information is computed, by the group manager, as a function of the inverse of a given hash function of the user information. In a signing procedure for a group member to sign a message on behalf of the group, the method includes: using, by the group member, the membership information and the user information. The method further includes the use of digital certificates, in order for the group member to prove to the group manager the possession of said user information.

摘要翻译： 用于管理组签名方案的方法包括在组初始化的设置过程中，由组管理器生成组公钥。 在组管理者向组中添加新成员的加入过程中，该方法包括由新成员生成用户信息，并向组管理者提供生成的用户信息，以及由组管理器计算会员信息 基于新成员接收的用户信息和组公钥，为新成员提供计算的成员资格信息。 特别地，由组管理者根据用户信息的给定散列函数的倒数来计算会员信息。 在组成员代表组签署消息的签名过程中，该方法包括：由组成员使用成员资格和用户信息。 该方法还包括使用数字证书，以便小组成员向组管理员证明拥有所述用户信息。

公开(公告)号：US06574627B1

公开(公告)日：2003-06-03

申请号：US09256417

申请日：1999-02-24

申请人： Francesco Bergadano ,  Pancrazio De Mauro

发明人： Francesco Bergadano ,  Pancrazio De Mauro

IPC分类号： G06F15163

CPC分类号： H04L63/126 ,  H04L29/06 ,  H04L43/00 ,  H04L63/1425 ,  H04L67/02 ,  H04L67/22 ,  H04L69/329 ,  Y10S707/99939 ,  Y10S707/99952 ,  Y10S707/99953

摘要： A method and apparatus for verifying the correctness of server access logs. The server is required to transfer the relevant log information for each client request to, an authentication device. In a preferred embodiment, the device has to be tamper-evident and responds with a Message Authentication Code (MAC) and a binary digit B. The MAC is stored on an accessible medium by the server. If B=0, the request is processed normally. If B=1 (this happens with a small probability), the server is required to issue a “redirect” response to the client, instructing it to connect to a different server, controlled by a certification agency. The agency's server logs this request and redirects it back to the original server, where it is eventually serviced. The certification agency periodically verifies each MAC and checks whether requests where B=1 correspond to an associated client log entry on its server. If this does not happen in a high number of cases, certification of the log file could be denied, based on the agency's policy. A preferred embodiment of this invention is with the HTTP protocol, for the auditing of Web site popularity.

摘要翻译： 一种用于验证服务器访问日志的正确性的方法和装置。 服务器需要将每个客户端请求的相关日志信息传送到认证设备。 在优选实施例中，设备必须是防窃启的，并且用消息认证码（MAC）和二进制数字B进行响应。MAC由服务器存储在可访问的媒体上。 如果B = 0，请求被正常处理。 如果B = 1（这样发生的概率很小），则服务器需要向客户端发出“重定向”响应，指示它连接到由认证机构控制的其他服务器。 代理商的服务器记录此请求并将其重定向到最终服务的原始服务器。 认证机构定期验证每个MAC，并检查B = 1的请求是否对应于其服务器上的关联客户端日志条目。 如果在大量情况下不会发生这种情况，则可以根据机构的政策拒绝日志文件的认证。 本发明的优选实施例是HTTP协议，用于审计网站的流行度。