利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

89 条记录 (耗时 0.031 秒)

    Two-phase cryptographic key recovery system
    1.
    发明授权
    Two-phase cryptographic key recovery system 失效
    两相加密密钥恢复系统

    公开(公告)号:US5937066A

    公开(公告)日:1999-08-10

    申请号:US725102

    申请日:1996-10-02

    申请人: Rosario Gennaro Donald Byron Johnson Paul Ashley Karger Stephen Michael Matyas, Jr. Mohammad Peyravian David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    发明人: Rosario Gennaro Donald Byron Johnson Paul Ashley Karger Stephen Michael Matyas, Jr. Mohammad Peyravian David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    IPC分类号: G09C1/00 H04L9/08 H04L9/00

    CPC分类号: H04L9/0841 H04L9/085 H04L9/0897

    摘要: A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with a public key of the key recovery agent. In the second phase, performed for a particular cryptographic session, the sender generates for each key recovery agent a key-encrypting key as a one-way function of the corresponding key-generating value and multiply encrypts the session key with the key-encrypting keys of the key recovery agents. The encrypted key-generating values and the multiply encrypted session key are transmitted together with other recovery information in a manner permitting their interception by a party seeking to recover the secret value. To recover the secret value, the party seeking recovery presents the encrypted key-generating values and public recovery information to the key recovery agents, who decrypt the key-generating values, regenerate the key-encrypting keys from the corresponding key-generating values, and provide the regenerated key-encrypting keys to the recovering party. The recovering party uses the key-encrypting keys to recover the secret value. Since the key-generating values cannot be derived from the key-encrypting keys, they may be used over a period spanning multiple cryptographic sessions without requiring new values or new public key encryptions.

    摘要翻译: 一个加密密钥恢复系统,分两个阶段运行。 在第一阶段,发送者与接收者建立秘密值。 对于每个密钥恢复代理,发送者生成密钥生成值作为秘密值的单向函数,并用密钥恢复代理的公钥加密密钥生成值。 在针对特定加密会话执行的第二阶段中,发送者针对每个密钥恢复代理生成密钥加密密钥作为对应的密钥生成值的单向函数,并且将密钥加密密钥乘以加密密钥 的关键回收剂。 加密的密钥生成值和乘法加密的会话密钥与其他恢复信息一起被发送,以允许由寻求恢复秘密值的一方拦截的方式。 为了恢复秘密值,寻求恢复方向密钥恢复代理提供加密的密钥生成值和公共恢复信息,密钥恢复代理解密密钥生成值,从相应的密钥生成值重新生成密钥加密密钥, 向恢复方提供重新生成的密钥加密密钥。 恢复方使用密钥加密密钥来恢复秘密值。 由于密钥生成值不能从密钥加密密钥导出,所以它们可以在跨越多个加密会话的时间段内使用,而不需要新的值或新的公钥加密。

    Method and apparatus for verifiably providing key recovery information in a cryptographic system
    2.
    发明授权
    Method and apparatus for verifiably providing key recovery information in a cryptographic system 失效
    用于在加密系统中可验证地提供密钥恢复信息的方法和装置

    公开(公告)号:US5907618A

    公开(公告)日:1999-05-25

    申请号:US775348

    申请日:1997-01-03

    申请人: Rosario Gennaro Paul Ashley Karger Stephen Michael Matyas, Jr. Mohammad Peyravian David Robert Safford Nevenko Zunic

    发明人: Rosario Gennaro Paul Ashley Karger Stephen Michael Matyas, Jr. Mohammad Peyravian David Robert Safford Nevenko Zunic

    IPC分类号: H04L9/08 H04L9/00

    CPC分类号: H04L9/0841 H04L9/0894

    摘要: A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each trustee The sender non-interactively generates from its own secret value and the public value held by the receiver a first shared Diffie-Hellman key pair comprising a first shared secret value, shared with the receiver but not with any trustee, and a corresponding public value. For each trustee, the sender then non-interactively generates an additional shared secret value, shared with the receiver and the trustee, from the first shared secret value and the public value corresponding to the secret value held by the trustee. The sender uses the additional shared secret value to encrypt recovery information for each trustee, which is transmitted to the receiver along with the encrypted message. Each trustee can decrypt its recovery information by regenerating its additional shared secret value from its own secret value and the public value of the first shared Diffie-Hellman key pair. The receiver can verify the correctness of the recovery information for each trustee by decrypting the information using the additional shared secret value for that trustee, without having to recreate the recovery information or perform computationally expensive public key operations.

    摘要翻译: 一种用于在具有发送者和接收者的密码通信系统中可验证地向一个或多个受托人提供密钥恢复信息的方法和装置。每个通信方都有自己的Diffie-Hellman密钥对,包括秘密值和对应的公共价值,每个受托人 发送方从其自己的秘密值和由接收者持有的公开值不交互地生成包括与接收者共享但不与任何受托人共享的第一共享秘密值的第一共享Diffie-Hellman密钥对以及相应的公共值。 对于每个受托人,发件人然后从第一共享秘密值和与受托人​​所持有的秘密值相对应的公共价值非交互地生成与接收方和受托人共享的附加共享秘密值。 发送方使用额外的共享秘密值来加密每个受信任者的恢复信息,这些信息与加密消息一起发送到接收者。 每个受托人可以通过从其自己的秘密值和第一个共享的Diffie-Hellman密钥对的公共值重新生成其附加的共享秘密值来解密其恢复信息。 接收方可以通过使用该受托人的附加共享秘密值解密信息来验证每个受托人的恢复信息的正确性,而无需重新创建恢复信息或执行计算上昂贵的公钥操作。

    Interoperable cryptographic key recovery system
    3.
    发明授权
    Interoperable cryptographic key recovery system 失效
    互操作密码恢复系统

    公开(公告)号:US5796830A

    公开(公告)日:1998-08-18

    申请号:US681679

    申请日:1996-07-29

    申请人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    发明人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    IPC分类号: G09C1/00 H04K1/00 H04L9/08 H04L9/14 H04L9/28 H04L9/32

    CPC分类号: H04L9/0894

    摘要: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

    摘要翻译: 可与现有系统互通的加密密钥恢复系统,用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P,Q和(可选地)R作为会话密钥和公共信息的函数,使得会话密钥可以从密钥恢复值P,Q和( 如果生成)R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值(如果生成的话)不提供给密钥恢复代理,而是使用标准密码分析技术来确定,以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头,以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时,接收方才能解密接收的消息。

    Interoperable cryptographic key recovery system with verification by comparison
    4.
    发明授权
    Interoperable cryptographic key recovery system with verification by comparison 有权
    可互操作的加密密钥恢复系统,通过比较验证

    公开(公告)号:US6052469A

    公开(公告)日:2000-04-18

    申请号:US133877

    申请日:1998-08-14

    申请人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    发明人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. David Robert Safford Marcel Mordechay Yung Nevenko Zunic

    IPC分类号: G09C1/00 H04K1/00 H04L9/08 H04L9/14 H04L9/28 H04L9/32

    CPC分类号: H04L9/0894

    摘要: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if generated, is not made available to the key recovery agents, but is ascertained using standard cryptanalytic techniques in order to provide a nontrivial work factor for law enforcement agents. The receiver checks the session header of a received message to ensure that the sender has included valid recovery information. Only when the receiver has verified that the sender has included valid recovery information does the receiver decrypt the received message.

    摘要翻译: 可与现有系统互通的加密密钥恢复系统,用于在通信方之间建立密钥。 发送方使用可逆密钥反转功能来产生密钥恢复值P,Q和(可选地)R作为会话密钥和公共信息的函数,使得会话密钥可以从密钥恢复值P,Q和( 如果生成)R.密钥恢复值P和Q使用一对密钥恢复代理的相应的公共恢复密钥进行加密。 加密的P和Q值与伴随从发送方发送到接收方的加密消息的会话报头中的其他恢复信息一起被包括。 密钥恢复代理可以通过使用它们对应于公钥的各自的私有恢复密钥来解密会话报头中的加密的P和Q值来恢复执法代理的P和Q值。 R值(如果生成的话)不提供给密钥恢复代理,而是使用标准密码分析技术来确定,以便为执法人员提供一个非常重要的工作因素。 接收机检查接收到的消息的会话报头,以确保发送方已经包括有效的恢复信息。 只有当接收方已经验证发送方已经包括有效的恢复信息时,接收方才能解密接收的消息。

    Cryptographic key recovery system
    5.
    发明授权
    Cryptographic key recovery system 失效
    加密密钥恢复系统

    公开(公告)号:US5815573A

    公开(公告)日:1998-09-29

    申请号:US629815

    申请日:1996-04-10

    申请人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. Marcel Mordechay Yung Nevenko Zunic

    发明人: Donald Byron Johnson Paul Ashley Karger Charles William Kaufman, Jr. Stephen Michael Matyas, Jr. Marcel Mordechay Yung Nevenko Zunic

    IPC分类号: H04L9/08 H04L9/10 H04K1/00

    CPC分类号: H04L9/0894

    摘要: A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m+n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m+n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypted communications using the thus generated key.

    摘要翻译: 一种加密密钥恢复系统,用于生成密钥,供一对通信方使用,同时使用一个或多个密钥恢复代理提供其恢复。 生成与各个密钥恢复代理共享的多个m位共享密钥部分(P,Q),而生成不与任何密钥恢复代理共享的n位非共享密钥部分(R)。 共享密钥部分(P,Q)被组合以产生与非共享密钥部分(R)连接的m比特值,以生成从其生成加密密钥的(m + n)比特值。 加密系统对所有主要恢复代理人具有一致的n位密钥的有效工作因子,但具有(m + n)位到任何其他第三方组合的有效工作因子。 选择数量n使授权密钥恢复成为可行,但不允许允许例行解密截取的通信,同时选择数量m以使得未经授权的第三方解密不可行。 提供了用于在使用由此产生的密钥进行加密通信之前验证共享密钥部分已经与密钥恢复代理共享的手段。

    Systems, methods and computer program products for reducing effective key length of ciphers using one-way cryptographic functions and an initial key
    8.
    发明授权
    Systems, methods and computer program products for reducing effective key length of ciphers using one-way cryptographic functions and an initial key 失效
    使用单向加密功能和初始密钥降低密码的有效密钥长度的系统,方法和计算机程序产品

    公开(公告)号:US06560337B1

    公开(公告)日:2003-05-06

    申请号:US09181464

    申请日:1998-10-28

    申请人: Mohammad Peyravian Stephen Michael Matyas, Jr. Nevenko Zunic

    发明人: Mohammad Peyravian Stephen Michael Matyas, Jr. Nevenko Zunic

    IPC分类号: H04L908

    CPC分类号: H04L9/0643 H04L2209/20

    摘要: Systems, methods and computer program products reduce effective key length of a symmetric key cipher by deriving an intermediate value from an initial key, using a one-way cryptographic function. Predetermined bit locations of the intermediate value are selected to obtain an intermediate key. An intermediate shortened key is derived from the intermediate key by setting predetermined bit locations of the intermediate key to predetermined values. A diffused intermediate shortened key is derived from the intermediate shortened key using the one-way cryptographic function. Predetermined bit locations of the diffused intermediate shortened key are then selected to obtain a shortened key. In first embodiments, the one-way cryptographic function is a one-way hash function. Second embodiments use the symmetric key cipher itself to perform the one-way cryptographic function.

    摘要翻译: 系统,方法和计算机程序产品通过使用单向密码函数从初始密钥导出中间值来减少对称密钥密码的有效密钥长度。 选择中间值的预定比特位置以获得中间密钥。 通过将中间密钥的预定比特位置设置为预定值,从中间密钥导出中间缩短密钥。 使用单向加密功能从中间缩短的密钥导出扩散的中间缩短密钥。 然后选择扩散中间缩短密钥的预定比特位置以获得缩短的密钥。 在第一实施例中,单向密码功能是单向散列函数。 第二实施例使用对称密钥密码本身来执行单向加密功能。

    Generating user-dependent keys and random numbers
    9.
    发明授权
    Generating user-dependent keys and random numbers 失效
    生成与用户相关的键和随机数

    公开(公告)号:US06687375B1

    公开(公告)日:2004-02-03

    申请号:US09324418

    申请日:1999-06-02

    申请人: Stephen Michael Matyas, Jr. Mohammad Peyravian Allen Leonid Roginsky Nevenko Zunic

    发明人: Stephen Michael Matyas, Jr. Mohammad Peyravian Allen Leonid Roginsky Nevenko Zunic

    IPC分类号: H04L900

    CPC分类号: H04L9/0866

    摘要: Methods, systems and computer program products are provided which generate a cryptographic key utilizing user specific information to generate a user dependent key. The user specific information may be a user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a key value is hashed with user specific information or user specific information is hashed and then combined with the key value to generate the user dependent key value. In still another embodiment of the present invention the space of potential key values is divided into subspaces and the subspaces assigned based on user specific information. A key value is then generated from the assigned subspace. Thus, the generated key values for different users are guaranteed to be disjoint.

    摘要翻译: 提供方法,系统和计算机程序产品,其产生利用用户特定信息生成用户依赖密钥的加密密钥。 用户特定信息可以是与用户相关联的用户标识或生物特征信息。 在本发明的特定实施例中,使用生物特征信息修改种子值以生成用户依赖关键值。 在替代实施例中,使用用户特定信息散布密钥值,或者将用户特定信息散列,然后与密钥值组合以生成用户依赖密钥值。 在本发明的另一个实施例中,潜在密钥值的空间被划分为子空间和基于用户特定信息分配的子空间。 然后从分配的子空间生成键值。 因此,不同用户的生成键值被保证是不相交的。

    Decentralized systems methods and computer program products for sending secure messages among a group of nodes
    10.
    发明授权
    Decentralized systems methods and computer program products for sending secure messages among a group of nodes 失效
    用于在一组节点之间发送安全消息的分布式系统方法和计算机程序产品

    公开(公告)号:US06363154B1

    公开(公告)日:2002-03-26

    申请号:US09181631

    申请日:1998-10-28

    申请人: Mohammad Peyravian Stephen Michael Matyas, Jr. Nevenko Zunic

    发明人: Mohammad Peyravian Stephen Michael Matyas, Jr. Nevenko Zunic

    IPC分类号: H04L908

    CPC分类号: H04L9/0869 H04L9/0822 H04L9/0827 H04L63/0428 H04L63/065 H04L63/0823

    摘要: Secure messages are sent among a group of nodes selected from a plurality of nodes that are connected to a communications network, by defining a random secret key at a first one of the group of nodes. The random secret key is sent from the first one of the group nodes to remaining ones of the group of nodes. A random number is generated at a second one of the group of nodes. A one-way hash of the random number and the random secret key is performed at the second one of the group of nodes to generate a working key. A message is encrypted at the second one of the group of nodes, using the working key. The encrypted message and the random number is sent from the second one of the group of nodes to remaining ones of the group of nodes. The encrypted message and the random number are received at the remaining ones of the group of nodes. Each of the remaining ones of the group of nodes performs a one-way hash of the random number and the random secret key, to regenerate the working key. The message is then decrypted using the regenerated working key. The secret key may be defined at any one of the group of nodes rather than a predefined, centralized key distribution center. Moreover, the random number may be generated at any one of the group of nodes that desires to communicate an encrypted message to remaining ones of the group of nodes. Decentralized group key management is thereby provided.

    摘要翻译: 通过在节点组中的第一组定义随机密钥,在从连接到通信网络的多个节点中选择的一组节点中发送安全消息。 随机秘密密钥从组节点中的第一组发送到该组节点中的剩余组。 在该组节点中的第二组生成随机数。 在该组节点中的第二个节点处执行随机数和随机密钥的单向散列以产生工作密钥。 使用工作密钥在一组节点的第二个节点上加密消息。 加密的消息和随机数从节点组中的第二组发送到该组节点中的剩余组。 加密消息和随机数在节点组中的其余部分被接收。 节点组中的剩余的每个节点执行随机数和随机秘密密钥的单向散列,以重新生成工作密钥。 然后使用重新生成的工作密钥对消息进行解密。 秘密密钥可以被定义在该组节点中的任何一个而不是预定义的集中式密钥分发中心。 此外,随机数可以在期望将加密消息传递到该组节点中的剩余的一组节点中的任何一个节点处生成。 从而提供了分散的密钥管理。