公开(公告)号：US5937066A

公开(公告)日：1999-08-10

申请号：US725102

申请日：1996-10-02

申请人： Rosario Gennaro ,  Donald Byron Johnson ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Rosario Gennaro ,  Donald Byron Johnson ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04L9/08 ,  H04L9/00

CPC分类号： H04L9/0841 ,  H04L9/085 ,  H04L9/0897

摘要： A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value. To recover the secret value, the party seeking recovery presents the encrypted key-generating values and public recovery information to the key recovery agents, who decrypt the key-generating values, regenerate the key-encrypting keys from the corresponding key-generating values, and provide the regenerated key-encrypting keys to the recovering party. The recovering party uses the key-encrypting keys to recover the secret value. Since the key-generating values cannot be derived from the key-encrypting keys, they may be used over a period spanning multiple cryptographic sessions without requiring new values or new public key encryptions.

摘要翻译： 一个加密密钥恢复系统，分两个阶段运行。 在第一阶段，发送者与接收者建立秘密值。 对于每个密钥恢复代理，发送者生成密钥生成值作为秘密值的单向函数，并用密钥恢复代理的公钥加密密钥生成值。 在针对特定加密会话执行的第二阶段中，发送者针对每个密钥恢复代理生成密钥加密密钥作为对应的密钥生成值的单向函数，并且将密钥加密密钥乘以加密密钥 的关键回收剂。 加密的密钥生成值和乘法加密的会话密钥与其他恢复信息一起被发送，以允许由寻求恢复秘密值的一方拦截的方式。 为了恢复秘密值，寻求恢复方向密钥恢复代理提供加密的密钥生成值和公共恢复信息，密钥恢复代理解密密钥生成值，从相应的密钥生成值重新生成密钥加密密钥， 向恢复方提供重新生成的密钥加密密钥。 恢复方使用密钥加密密钥来恢复秘密值。 由于密钥生成值不能从密钥加密密钥导出，所以它们可以在跨越多个加密会话的时间段内使用，而不需要新的值或新的公钥加密。

公开(公告)号：US5796830A

公开(公告)日：1998-08-18

申请号：US681679

申请日：1996-07-29

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

摘要翻译： 可与现有系统互通的加密密钥恢复系统，用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P，Q和（可选地）R作为会话密钥和公共信息的函数，使得会话密钥可以从密钥恢复值P，Q和（ 如果生成）R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值（如果生成的话）不提供给密钥恢复代理，而是使用标准密码分析技术来确定，以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头，以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时，接收方才能解密接收的消息。

公开(公告)号：US6052469A

公开(公告)日：2000-04-18

申请号：US133877

申请日：1998-08-14

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  David Robert Safford ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： G09C1/00 ,  H04K1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/28 ,  H04L9/32

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

摘要翻译： 可与现有系统互通的加密密钥恢复系统，用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P，Q和（可选地）R作为会话密钥和公共信息的函数，使得会话密钥可以从密钥恢复值P，Q和（ 如果生成）R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值（如果生成的话）不提供给密钥恢复代理，而是使用标准密码分析技术来确定，以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头，以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时，接收方才能解密接收的消息。

公开(公告)号：US5907618A

公开(公告)日：1999-05-25

申请号：US775348

申请日：1997-01-03

申请人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

发明人： Rosario Gennaro ,  Paul Ashley Karger ,  Stephen Michael Matyas, Jr. ,  Mohammad Peyravian ,  David Robert Safford ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/00

CPC分类号： H04L9/0841 ,  H04L9/0894

摘要： A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message. Each trustee can decrypt its recovery information by regenerating its additional shared secret value from its own secret value and the public value of the first shared Diffie-Hellman key pair. The receiver can verify the correctness of the recovery information for each trustee by decrypting the information using the additional shared secret value for that trustee, without having to recreate the recovery information or perform computationally expensive public key operations.

摘要翻译： 一种用于在具有发送者和接收者的密码通信系统中可验证地向一个或多个受托人提供密钥恢复信息的方法和装置。每个通信方都有自己的Diffie-Hellman密钥对，包括秘密值和对应的公共价值，每个受托人 发送方从其自己的秘密值和由接收者持有的公开值不交互地生成包括与接收者共享但不与任何受托人共享的第一共享秘密值的第一共享Diffie-Hellman密钥对以及相应的公共值。 对于每个受托人，发件人然后从第一共享秘密值和与受托人​​所持有的秘密值相对应的公共价值非交互地生成与接收方和受托人共享的附加共享秘密值。 发送方使用额外的共享秘密值来加密每个受信任者的恢复信息，这些信息与加密消息一起发送到接收者。 每个受托人可以通过从其自己的秘密值和第一个共享的Diffie-Hellman密钥对的公共值重新生成其附加的共享秘密值来解密其恢复信息。 接收方可以通过使用该受托人的附加共享秘密值解密信息来验证每个受托人的恢复信息的正确性，而无需重新创建恢复信息或执行计算上昂贵的公钥操作。

公开(公告)号：US5815573A

公开(公告)日：1998-09-29

申请号：US629815

申请日：1996-04-10

申请人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  Marcel Mordechay Yung ,  Nevenko Zunic

发明人： Donald Byron Johnson ,  Paul Ashley Karger ,  Charles William Kaufman, Jr. ,  Stephen Michael Matyas, Jr. ,  Marcel Mordechay Yung ,  Nevenko Zunic

IPC分类号： H04L9/08 ,  H04L9/10 ,  H04K1/00

CPC分类号： H04L9/0894

摘要： A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypted communications using the thus generated key.

摘要翻译： 一种加密密钥恢复系统，用于生成密钥，供一对通信方使用，同时使用一个或多个密钥恢复代理提供其恢复。 生成与各个密钥恢复代理共享的多个m位共享密钥部分（P，Q），而生成不与任何密钥恢复代理共享的n位非共享密钥部分（R）。 共享密钥部分（P，Q）被组合以产生与非共享密钥部分（R）连接的m比特值，以生成从其生成加密密钥的（m + n）比特值。 加密系统对所有主要恢复代理人具有一致的n位密钥的有效工作因子，但具有（m + n）位到任何其他第三方组合的有效工作因子。 选择数量n使授权密钥恢复成为可行，但不允许允许例行解密截取的通信，同时选择数量m以使得未经授权的第三方解密不可行。 提供了用于在使用由此产生的密钥进行加密通信之前验证共享密钥部分已经与密钥恢复代理共享的手段。

公开(公告)号：US06430561B1

公开(公告)日：2002-08-06

申请号：US09429963

申请日：1999-10-29

申请人： Vernon Ralph Austel ,  Paul Ashley Karger ,  David Claude Toll

发明人： Vernon Ralph Austel ,  Paul Ashley Karger ,  David Claude Toll

IPC分类号： G06F1730

CPC分类号： G07F7/1008 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/64 ,  G06Q20/341 ,  G06Q20/35765 ,  Y10S707/99939

摘要： Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprises rules governing modification of data contained in files and a security access class comprises rules governing disclosure of data contained in files. An integrity access class comprises a set of rules for allowing the performance of a read function, and another set of rules for allowing the performance of write/execute function. An execute function comprises transferring and chaining, where chaining comprises starting another process running at potentially different secrecy and integrity access classes. A secrecy access class comprises a set of rules for allowing the performance of a write function, and another set of rules for allowing the performance of read/execute function. The respective access classes of the target file, target program, and accessing program are compared. If the comparison results meet the security requirements, the function is performed.

摘要翻译： 通过访问程序访问文件，其中文件包含其他文件，程序和数据。 初始访问类被分配给每个文件和每个访问程序。 访问类包括完整性访问类和保密访问类。 完整性访问类包括管理文件中包含的数据的修改的规则，并且安全访问类包括管理文件中包含的数据的公开的规则。 完整性访问类包括用于允许执行读取功能的一组规则，以及用于允许执行写/执行功能的另一组规则。 执行功能包括传送和链接，其中链接包括以潜在的不同的秘密和完整性访问类别启动另一个进程。 保密访问类包括用于允许执行写入功能的一组规则，以及用于允许执行读取/执行功能的另一组规则。 比较目标文件，目标程序和访问程序的各个访问类别。 如果比较结果符合安全要求，则执行该功能。

公开(公告)号：US08099781B2

公开(公告)日：2012-01-17

申请号：US12508327

申请日：2009-07-23

申请人： Kay S. Anderson ,  Pau-Chen Cheng ,  Mark D. Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent R. Jaeger ,  Paul Ashley Karger ,  Zhen Liu ,  Ronald Perez ,  Anton V. Riabov ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

发明人： Kay S. Anderson ,  Pau-Chen Cheng ,  Mark D. Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent R. Jaeger ,  Paul Ashley Karger ,  Zhen Liu ,  Ronald Perez ,  Anton V. Riabov ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

IPC分类号： H04L29/00

CPC分类号： G06F21/577

摘要： An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

摘要翻译： 提供了一种示范性的方法来通过规划来管理和减轻安全风险。 收到所请求产品的第一个安全相关信息。 接收到可用于生成请求的产品的资源的第二个安全相关信息。 执行由第一安全相关信息和第二安全相关信息管理的具有安全风险的多阶段过程以产生所请求的产品。

公开(公告)号：US07832007B2

公开(公告)日：2010-11-09

申请号：US11328589

申请日：2006-01-10

申请人： Kay S. Anderson ,  Pau-Chen Cheng ,  Mark D. Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent R. Jaeger ,  Paul Ashley Karger ,  Zhen Liu ,  Ronald Perez ,  Anton V. Riabov ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

发明人： Kay S. Anderson ,  Pau-Chen Cheng ,  Mark D. Feblowitz ,  Genady Grabarnik ,  Shai Halevi ,  Nagui Halim ,  Trent R. Jaeger ,  Paul Ashley Karger ,  Zhen Liu ,  Ronald Perez ,  Anton V. Riabov ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

IPC分类号： H04L29/00

CPC分类号： G06F21/577

摘要： An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

摘要翻译： 提供了一种示范性的方法来通过规划来管理和减轻安全风险。 收到所请求产品的第一个安全相关信息。 接收到可用于生成请求的产品的资源的第二个安全相关信息。 执行由第一安全相关信息和第二安全相关信息管理的具有安全风险的多阶段过程以产生所请求的产品。

公开(公告)号：US20090049111A1

公开(公告)日：2009-02-19

申请号：US12131201

申请日：2008-06-02

申请人： Suresh Narayana Chari ,  Vincenzo Valentino Diluoffo ,  Paul Ashley Karger ,  Elaine Rivette Palmer ,  Tal Rabin ,  Josyula Ramachandra Rao ,  Pankaj Rohatgi ,  Helmut Scherzer ,  Michael Steiner ,  David Claude Toll

发明人： Suresh Narayana Chari ,  Vincenzo Valentino Diluoffo ,  Paul Ashley Karger ,  Elaine Rivette Palmer ,  Tal Rabin ,  Josyula Ramachandra Rao ,  Pankaj Rohatgi ,  Helmut Scherzer ,  Michael Steiner ,  David Claude Toll

IPC分类号： G06F7/58

CPC分类号： G06F7/582 ,  H04L9/003 ,  H04L9/0662

摘要： A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second seed input, which receives the next seed and a random data output, which outputs random data in accordance with the next seed. An input seed memory is connected to the activation seed input and a feedback connection from the activation output so that the next seed is stored in the input seed memory to be used by the APRNG as the activation seed input at a next startup cycle.

摘要翻译： 具有抗侧向信道攻击的随机数发生器（RNG）包括具有连接到激活种子输入的激活输出的激活伪随机数生成器（APRNG），以向激活种子输入提供下一种子。 第二随机数生成器包括第二种子输入，其接收下一个种子和随机数据输出，其根据下一种子输出随机数据。 输入种子存储器连接到激活种子输入和来自激活输出的反馈连接，使得下一种子存储在输入种子存储器中，以供APRNG使用，作为下一个启动周期的激活种子输入。

公开(公告)号：US08087090B2

公开(公告)日：2011-12-27

申请号：US12131206

申请日：2008-06-02

申请人： Pau-Chen Cheng ,  Shai Halevi ,  Trent Ray Jaeger ,  Paul Ashley Karger ,  Ronald Perez ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

发明人： Pau-Chen Cheng ,  Shai Halevi ,  Trent Ray Jaeger ,  Paul Ashley Karger ,  Ronald Perez ,  Pankaj Rohatgi ,  Angela Marie Schuett ,  Michael Steiner ,  Grant M. Wagner

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G06F7/04 ,  G08B23/00

CPC分类号： G06N7/023 ,  G06F21/577 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/105

摘要： An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range by mapping the effectiveness of performing the mitigation measures to determine a residual risk after a mitigation measure has been implemented.

摘要翻译： 访问控制系统和方法包括风险指数模块，其计算用于风险的维度的风险指数。 为表示每个风险指数的参数定义的边界范围，使得高于该范围的参数是不可接受的，低于该范围是可接受的，并且在该范围内可以用缓解措施来接受。 缓解模块通过绘制执行缓解措施的有效性来确定缓解措施实施后的剩余风险，确定减少范围内的参数的缓解措施。