-
公开(公告)号:US5369705A
公开(公告)日:1994-11-29
申请号:US892852
申请日:1992-06-03
申请人: Raymond F. Bird , Amir Herzberg , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
发明人: Raymond F. Bird , Amir Herzberg , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
CPC分类号: H04L9/0833
摘要: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.
摘要翻译: 一种在具有动态变化的网络拓扑的通信系统中的动态选择的用户组之间提供认证的方法和装置。 利用本发明,使用网络中的可用路径从组中的每个用户发送新鲜度信息和所指称的身份信息。 然后生成组密钥,并将从组密钥和上述发送的信息导出的编码信息发送给每个用户。 编码信息的每个单元都附有识别标签,以便识别哪个用户使用适当的编码信息单元。 然后,每个被指称的用户只有在与服务器共享适当的秘密时,才从相应的编码信息单元中提取组密钥。 不知道组密钥,用户不能被认证。
-
公开(公告)号:US5148479A
公开(公告)日:1992-09-15
申请号:US672226
申请日:1991-03-20
申请人: Raymond F. Bird , Inder S. Gopal , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
发明人: Raymond F. Bird , Inder S. Gopal , Philippe A. Janson , Shay Kutten , Refik A. Molva , Marcel M. Yung
CPC分类号: H04L63/08 , G06F21/445 , H04L9/002 , H04L9/3218 , H04L9/3271 , G06F2221/2103
摘要: An arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B transmits a first response and second challenge N2 to A. A verifies the first response. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum formf(S1, N1, . . . ),and the second response must be of the minimum formg(S2, N2, . . . ).S1 and S2 are shared secrets between A and B. f() and g() are selected such that the equationf'(s1,N1', . . . )=g(S2, N2)cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of the flow of the message containing f(), as in f(s1, N1, D1, . . . ). In such a case, f() is selected such that the equationf'(S,N1',D1', . . . )=f(S, N2, D1, . . . )cannot be solved for N1' without knowledge of S1 and S2 and D1' is the flow direction indicator of the message containing f'() on the reference connection.
-
3.发明授权Method and apparatus for authenticating users of a communication system to each other 失效用于将每个其他通信系统的用户认证的方法和装置
公开(公告)号:US5202921A
公开(公告)日:1993-04-13
申请号:US678474
申请日:1991-04-01
申请人: Amir Herzberg , Shay Kutten , Marcel M. Yung
发明人: Amir Herzberg , Shay Kutten , Marcel M. Yung
CPC分类号: H04L9/0836 , H04L63/062 , H04L63/08 , H04L9/0866 , H04L9/3273
摘要: Method and apparatus for authenticating users (entities) of a computer network based on the entity's identification is described. Keys for each party of a potential session are derived by projections stored at each party's location. The projections are based on a partially computed function which can be in encryption by some key of the user identification or a multivariable polynomial or other function which is partially evaluated for one user's identification. Each user evaluates his projection with the other user/party's identification. The evaluated quantities are compared using a validation routine. The method requires only one basic piece of information, the projection to be distributed to each user, and does not need specific keys for specific users (or other users' information stored in one user's memory or global network). The method enables adding users to the system directory in a flexible way, without having to notify users of the addition. The method applies to communication heirarchies and inter-domain communication, as well.
-
4.发明授权Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing 失效具有主动,稳健和可恢复的分布式阈值秘密共享的公钥密码系统的方法和系统
公开(公告)号:US5625692A
公开(公告)日:1997-04-29
申请号:US376580
申请日:1995-01-23
CPC分类号: H04L9/0891 , H04L9/085 , H04L9/3252
摘要: A proactive threshold secret sharing cryptosystem using a set of servers. The cryptosystem is a threshold cryptosystem, in the sense that service is maintained if at least (k+1) out of n servers are active and honest. The secret signature key is compromised only if the adversary breaks into at least (k+1) servers. It is robust in the sense that the honest servers detect faulty ones and the service is not disrupted. It is recoverable, because if the adversary erases all the local information on the server it compromised, the information can be restored as soon as the server comes back to performing the correct protocol. The method and system has proactiveness, which means that in order to learn the secret, the adversary has to break into (k+1) servers during the same round of the algorithm because the shares of the secret are periodically redistributed and rerandomized. The present invention uses a verifiable secret sharing mechanism to get the security requirements during the update between two rounds. The security of the scheme depends on the assumption of intractability of computing logarithms in a field of a big prime order and the EIGamal signature scheme.
摘要翻译: 使用一组服务器的主动阈值秘密共享密码系统。 密码系统是阈值密码系统,在服务维护的意义上,如果服务器中的至少(k + 1)个服务器是活跃且诚实的。 只有当对手至少打入(k + 1)服务器时,秘密签名密钥才会受到影响。 在诚实的服务器检测到错误的服务器并且服务不被中断的意义上,它是健壮的。 这是可以恢复的,因为如果对手擦除服务器上的所有本地信息,它将被破坏,一旦服务器返回执行正确的协议,就可以恢复该信息。 该方法和系统具有主动性,这意味着为了学习秘密,对手必须在同一轮算法中进入(k + 1)服务器,因为秘密的份额被定期重新分配和重新归类。 本发明使用可验证的秘密共享机制来在两轮之间的更新期间获得安全性要求。 该方案的安全性取决于在大素数阶段和EIGamal签名方案中的计算对数的难处理性的假设。
-
公开(公告)号:US20190158468A1
公开(公告)日:2019-05-23
申请号:US15818685
申请日:2017-11-20
摘要: Systems, devices, media, and methods are presented for device independent secure messaging. The systems and methods generate an encrypted message by encrypting message content, designated for a specified recipient, with an encryption key. The systems and methods select a set of recipient keys, associated with the specified recipient, from a plurality of member keys. For each recipient key, the systems and methods encrypt the encryption key to generate a set of encrypted keys and transmit the encrypted message and an encrypted key of the set of encrypted keys to one or more client devices associated with the specified recipient. The systems and methods then receive an acknowledgement indicating a termination status of the encrypted message.
-
6.发明授权
公开(公告)号:US6035041A
公开(公告)日:2000-03-07
申请号:US842080
申请日:1997-04-28
申请人: Yair Frankel , Marcel M. Yung
发明人: Yair Frankel , Marcel M. Yung
CPC分类号: H04L9/302 , H04L9/002 , H04L9/085 , H04L9/3247
摘要: Proactive robust threshold schemes are presented for general "homomorphic-type" public key systems, as well as optimized systems for the RSA function. Proactive security employs dynamic memory refreshing and enables us to tolerate a "mobile adversary" that dynamically corrupts the components of the systems (perhaps all of them) as long as the number of corruptions (faults) is bounded within a time period. The systems are optimal-resilience. Namely they withstand any corruption of minority of servers at any time-period by an active (malicious) adversary (i.e., any subset less than half. Also disclosed are general optimal-resilience public key systems which are "robust threshold" schemes (against stationary adversary), and are extended to "proactive" systems (against the mobile one). The added advantage of proactivization in practical situations is the fact that, in a long-lived threshold system, an adversary has a long time (e.g., years) to break into any t out of the l servers. In contrast, the adversary in a proactive systems has only a short period of time (e.g., a week) to break into any t servers. The model of mobile adversary seems to be crucial to such "long-lived" systems that are expected to span the secure network and electronic commerce infrastructure.
摘要翻译: 提出了一般的“同态”公钥系统的主动鲁棒阈值方案,以及用于RSA功能的优化系统。 主动安全性使用动态内存刷新,使我们能够容忍一个“移动对手”,只要在一段时间内限制了损坏(故障)的数量,就会动态地破坏系统的组件(可能都是这些)。 这些系统具有最佳的弹性。 也就是说,它们在任何时间段都能够承受任何时间段内的少数服务器的任何破坏(主动(恶意))对手(即,任何小于一半的子集),还公开了一般的最佳弹性公钥系统,它们是“鲁棒阈值”方案 对手),并扩展到“主动”系统(针对移动的系统)。在实际情况下,预激活的附加优点是,在长期的门槛系统中,对手具有很长的时间(例如,年数) 相比之下,主动系统中的对手只有很短的时间(例如一周)才能进入任何t服务器,移动对手的模式似乎对于 这种“长寿命”系统预计将跨越安全网络和电子商务基础设施。
-
7.发明申请CRYPTOGRAPHIC CONTROL AND MAINTENANCE OF ORGANIZATIONAL STRUCTURE AND FUNCTIONS 审中-公开组织控制和维护组织结构和功能公开(公告)号:US20100011208A1
公开(公告)日:2010-01-14
申请号:US12564709
申请日:2009-09-22
申请人: Yair FRANKEL , Charies Montgomery , Marcel M. Yung
发明人: Yair FRANKEL , Charies Montgomery , Marcel M. Yung
IPC分类号: H04L9/32
CPC分类号: H04L63/0442 , G06F21/6218 , G06F2211/008 , H04L9/007 , H04L9/3268 , H04L63/08 , H04L2209/42 , H04L2209/56
摘要: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.
摘要翻译: 提供了用于加密控制和维护组织结构和功能的方法,系统和设备。 一种用于控制和维护操作组织结构的方法,所述方法包括将实体与加密能力相关联; 组织结构中的组织作为角色; 并在组织结构中保持角色。 该系统可以至少涉及公钥基础设施操作。 所述组织结构中的元素可以被分配给所述组织结构内的角色和/或组。
-
公开(公告)号:US07313701B2
公开(公告)日:2007-12-25
申请号:US09860441
申请日:2001-05-21
IPC分类号: H04L9/00
CPC分类号: G06Q20/382 , H04L9/3013 , H04L9/302 , H04L9/3093 , H04L63/065 , Y04S40/24 , Y04S50/12
摘要: The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e., distributed trust totally “from scratch”). The disclosed method involves new efficient “robustness assurance techniques” which guarantee “correct computations” by mutually distrusting parties with malicious minority.
摘要翻译: 本发明提供了鲁棒有效的分布式生成RSA密钥。 一个有效的协议是独立于原始测试“电路大小”的协议,而稳健的协议允许正确完成,即使存在少数任意行为不当的恶意方。 所公开的协议对任何少数的恶意方是安全的(这是最佳的)。 所公开的方法在建立敏感的分布式加密功能共享服务(认证机构,具有分布式信任的签名方案和密钥托管当局)以及RSA之外的其他应用(即:复合ElGamal,识别方案,同时位交换等) 。)。 所公开的方法可以与主动功能共享技术相结合,以建立第一个有效的,优化弹性,稳健和主动安全的基于RSA的分布式信任服务,其中密钥从不委托给单个实体(即,完全从“ 刮”)。 所公开的方法涉及新的有效的“鲁棒性保证技术”,其保证由恶意少数人相互不信任的各方的“正确计算”。
-
9.发明授权Methods for operating infrastructure and applications for cryptographically-supported services 有权运行基础设施和加密支持服务的应用程序的方法公开(公告)号:US07184988B1
公开(公告)日:2007-02-27
申请号:US09492534
申请日:2000-01-27
CPC分类号: G06Q20/02 , G06Q20/00 , G06Q20/10 , G06Q20/3674 , G06Q20/401 , G06Q30/018
摘要: In an infrastructure in which some of a plurality of entities provide cryptographically supported services, a method of registering a subscriber entity of a plurality of entities at a principal entity of a plurality of entities, the method comprising the subscriber entity requesting service from the principal entity by sending a request message to a registrar entity of the plurality of entities; the registrar entity verifying the subscriber entity and forwarding the request for service to the principal entity; the principal entity storing the forwarded request and transmitting an acknowledgement message to the registrar entity, the acknowledgement stating acceptance and authentication/authorization information that the subscriber entity requires for the requested service; and the registrar entity verifying the authenticity of the received acknowledgement message, and, if correct, forwarding the acknowledgement message to the subscriber entity.
摘要翻译: 在多个实体中的一些实体提供加密支持的服务的基础设施中,一种在多个实体的主实体处登记多个实体的订户实体的方法,该方法包括从主体实体请求服务的订户实体 通过向所述多个实体的注册器实体发送请求消息; 验证用户实体并向主体实体转发服务请求的注册实体; 主要实体存储转发的请求并向注册器实体发送确认消息,确认说明订户实体对所请求的服务的要求的接受和认证/授权信息; 以及验证接收到的确认消息的真实性的注册器实体,以及如果正确的话,将确认消息转发给订户实体。
-
10.发明授权公开(公告)号:US07610614B1
公开(公告)日:2009-10-27
申请号:US09503181
申请日:2000-02-14
IPC分类号: G06F21/00
CPC分类号: H04L63/0442 , G06F21/6218 , G06F2211/008 , H04L9/007 , H04L9/3268 , H04L63/08 , H04L2209/42 , H04L2209/56
摘要: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.
摘要翻译: 提供了用于加密控制和维护组织结构和功能的方法,系统和设备。 一种用于控制和维护操作组织结构的方法,所述方法包括将实体与加密能力相关联; 组织结构中的组织作为角色; 并在组织结构中保持角色。 该系统可以至少涉及公钥基础设施操作。 所述组织结构中的元素可以被分配给所述组织结构内的角色和/或组。
-
-
-
-
-
-
-
-
-
搜索结果
17 条记录 (耗时 0.034 秒)
