公开(公告)号：US09749128B2

公开(公告)日：2017-08-29

申请号：US14278570

申请日：2014-05-15

Applicant: Xerox Corporation

Inventor： Ioan Calapodescu ,  Saghar Estehghari ,  Johan Clier

IPC: H04L9/00 ,  G06F21/62 ,  H04L9/30

CPC classification number: H04L9/008 ,  G06F21/6227 ,  H04L9/30

Abstract: A method for data matching includes providing two sets of encrypted data elements by converting data elements to respective sets of vectors and encrypting each vector with a public key of a homomorphic encryption scheme. Each data element includes a sequence of characters drawn from an alphabet. For pairs of encrypted data elements, a comparison measure is computed between the sets of encrypted vectors. An obfuscated vector is generated for each encrypted data element in the first set, which renders the first encrypted data element indecipherable when the comparison measure does not meet a threshold for at least one of the pairs of data encrypted elements comprising that encrypted data element. The obfuscated vectors can be decrypted with a private key, allowing data elements in the first set to be deciphered if the comparison measure meets the threshold for at least one of the data elements in the second set.

公开(公告)号：US09646161B2

公开(公告)日：2017-05-09

申请号：US14581390

申请日：2014-12-23

Applicant: Xerox Corporation

Inventor： Saghar Estehghari ,  Nicolas Guerin

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  G06F17/30

CPC classification number: G06F21/602 ,  G06F17/30595 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0866 ,  H04L9/3226 ,  H04L63/045 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0853

Abstract: Disclosed is a relational database fingerprinting system and method to identify a user of the relational database, the fingerprint provided by an originator of the relational database. According to an exemplary method, a fingerprint bit string is generated including a data user identification code and a secret key unknown to the user, and the fingerprint bit string is embedded in a plurality of pseudorandomly selected values based on a pseudorandom function seeded with primary keys associated with the relational database.

公开(公告)号：US20160180097A1

公开(公告)日：2016-06-23

申请号：US14581390

申请日：2014-12-23

Applicant: Xerox Corporation

Inventor： Saghar Estehghari ,  Nicolas Guerin

IPC: G06F21/60 ,  G06F17/30

CPC classification number: G06F21/602 ,  G06F17/30595 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0866 ,  H04L9/3226 ,  H04L63/045 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0853

Abstract: Disclosed is a relational database fingerprinting system and method to identify a user of the relational database, the fingerprint provided by an originator of the relational database. According to an exemplary method, a fingerprint bit string is generated including a data user identification code and a secret key unknown to the user, and the fingerprint bit string is embedded in a plurality of pseudorandomly selected values based on a pseudorandom function seeded with primary keys associated with the relational database.

Abstract translation: 公开了一种关系数据库指纹系统和方法，用于识别关系数据库的用户，由关系数据库的发起者提供的指纹。 根据示例性方法，生成包括数据用户识别码和用户未知的秘密密钥的指纹比特串，并且基于使用主键种子的伪随机函数将指纹比特串嵌入到多个伪随机选择的值中 与关系数据库相关联。

公开(公告)号：US20160055477A1

公开(公告)日：2016-02-25

申请号：US14463827

申请日：2014-08-20

Applicant: Xerox Corporation

Inventor： Nicolas Guérin ,  Saghar Estehghari

IPC: G06Q20/32 ,  G06Q20/28 ,  G06Q20/40 ,  G06Q20/20 ,  G06Q20/14

CPC classification number: G06Q20/28 ,  G06Q20/145 ,  G06Q20/202 ,  G06Q20/32 ,  G06Q20/342 ,  G06Q20/40 ,  G07F7/025 ,  G07F17/0021

Abstract: A system and method incorporating a multi-function printer (MFP), a mobile device and a server to effect payment of MFP services. The MFP generates and displays a session prepayment code containing identification information for the MFP and for a specific session initiated by a user. The code is entered into the mobile device and the mobile device transmits it to the server. In response, the server transmits a menu of MFP functions and costs to the mobile device, allowing the user to estimate and prepay the cost of the specific session through a service accessible on the mobile device. Once proof of prepayment is received, the server transmits an authorization code to the mobile device and the user inputs it into the MFP. The MFP verifies the authorization code with the server and performs user-selected functions until a time allotted for the specific session ends or until available credit is used, whichever comes first.

Abstract translation: 一种结合多功能打印机（MFP），移动设备和服务器来实现MFP服务支付的系统和方法。 MFP生成并显示包含MFP的识别信息和用户发起的特定会话的会话预付费代码。 代码被输入到移动设备中，并且移动设备将其发送到服务器。 作为响应，服务器向移动设备发送MFP功能和成本的菜单，允许用户通过移动设备上可访问的服务来估计和预付特定会话的成本。 一旦接收到预付款的证明，服务器向移动设备发送授权码，用户将其输入到MFP中。 MFP使用服务器验证授权码，并执行用户选择的功能，直到为特定会话分配的时间结束或直到使用可用的信用（以较先者为准）。

公开(公告)号：US20150304315A1

公开(公告)日：2015-10-22

申请号：US14255252

申请日：2014-04-17

Applicant: Xerox Corporation

Inventor： Saghar Estehghari ,  Nicolas Guerin ,  Nicolas Monet

IPC: H04L29/06 ,  H04L9/32

CPC classification number: G06F21/602 ,  G06F17/30595 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0866 ,  H04L9/3226 ,  H04L63/045 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0853

Abstract: A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

Abstract translation: 系统和方法提供对半可信平台中的数据库的共享访问。 在该方法中，对于一组用户中的每一个，基于相应的预定义的用户输入（诸如散列密码）来提供用于再生相应的用户密钥。 一个或多个用户被授权访问加密的数据库。 对于这些中的每一个，该方法包括用相应用户的用户密钥加密加密的数据库的密钥以生成加密的数据库密钥。 在用户会话期间，通过用加密数据库密钥用相应用户的用户密钥解密数据库密钥，并从加密的数据库中用数据库密钥对数据库进行解密，向授权用户之一提供对加密数据库的访问。 数据库密钥和每个用户的用户密钥不存储在平台上，因此在用户会话之间，平台管理员和未授权用户无法访问数据库密钥和每个用户的用户密钥。

公开(公告)号：US09589143B2

公开(公告)日：2017-03-07

申请号：US14255252

申请日：2014-04-17

Applicant: Xerox Corporation

Inventor： Saghar Estehghari ,  Nicolas Guerin ,  Nicolas Monet

IPC: H04L29/06 ,  G06F21/60 ,  H04L9/08 ,  H04L9/32 ,  G06F17/30

CPC classification number: G06F21/602 ,  G06F17/30595 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0863 ,  H04L9/0866 ,  H04L9/3226 ,  H04L63/045 ,  H04L63/0807 ,  H04L63/083 ,  H04L63/0853

Abstract: A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

Abstract translation: 系统和方法提供对半可信平台中的数据库的共享访问。 在该方法中，对于一组用户中的每一个，基于相应的预定义的用户输入（诸如散列密码）来提供用于再生相应的用户密钥。 一个或多个用户被授权访问加密的数据库。 对于这些中的每一个，该方法包括用相应用户的用户密钥加密加密的数据库的密钥以生成加密的数据库密钥。 在用户会话期间，通过用加密数据库密钥用相应用户的用户密钥解密数据库密钥，并从加密的数据库中用数据库密钥对数据库进行解密，为授权用户之一提供对加密数据库的访问。 数据库密钥和每个用户的用户密钥不会存储在平台上，因此在用户会话之间，平台管理员和未授权用户无法访问数据库密钥。

公开(公告)号：US09501769B2

公开(公告)日：2016-11-22

申请号：US14463827

申请日：2014-08-20

Applicant: Xerox Corporation

Inventor： Nicolas Guérin ,  Saghar Estehghari

IPC: G06Q20/00 ,  G06Q20/28 ,  G06Q20/20 ,  G06Q20/14 ,  G06Q20/40 ,  G06Q20/32 ,  G06Q20/34 ,  G07F7/02 ,  G07F17/00

CPC classification number: G06Q20/28 ,  G06Q20/145 ,  G06Q20/202 ,  G06Q20/32 ,  G06Q20/342 ,  G06Q20/40 ,  G07F7/025 ,  G07F17/0021

Abstract: A system and method incorporating a multi-function printer (MFP), a mobile device and a server to effect payment of MFP services. The MFP generates and displays a session prepayment code containing identification information for the MFP and for a specific session initiated by a user. The code is entered into the mobile device and the mobile device transmits it to the server. In response, the server transmits a menu of MFP functions and costs to the mobile device, allowing the user to estimate and prepay the cost of the specific session through a service accessible on the mobile device. Once proof of prepayment is received, the server transmits an authorization code to the mobile device and the user inputs it into the MFP. The MFP verifies the authorization code with the server and performs user-selected functions until a time allotted for the specific session ends or until available credit is used, whichever comes first.

Abstract translation: 一种结合多功能打印机（MFP），移动设备和服务器来实现MFP服务支付的系统和方法。 MFP生成并显示包含MFP的识别信息和用户发起的特定会话的会话预付费代码。 代码被输入到移动设备中，并且移动设备将其发送到服务器。 作为响应，服务器向移动设备发送MFP功能和成本的菜单，允许用户通过移动设备上可访问的服务来估计和预付特定会话的成本。 一旦接收到预付款的证明，服务器向移动设备发送授权码，用户将其输入到MFP中。 MFP使用服务器验证授权码，并执行用户选择的功能，直到为特定会话分配的时间结束或直到使用可用的信用（以较先者为准）。

公开(公告)号：US20150172056A1

公开(公告)日：2015-06-18

申请号：US14108477

申请日：2013-12-17

Applicant: Xerox Corporation

Inventor： Jean-Luc Meunier ,  Saghar Estehghari ,  Herve Poirier

IPC: H04L9/32 ,  G06K9/00

CPC classification number: G06K9/00161 ,  G06K9/00577 ,  G06K2009/0059 ,  G08G1/0175 ,  G08G1/04 ,  G08G1/054 ,  H04L9/0866 ,  H04L9/0872 ,  H04L9/3247

Abstract: A system and method for preserving privacy of evidence are provided. In the method, an encrypted first image is generated by encrypting a first image acquired at a first location with a symmetric cryptographic key that is based on first information such as a license plate number extracted from the first image and first metadata associated with the first image, such as a time at which the first image was acquired. When a link is established between a second image and the first image, for example, through visual signature matching, the symmetric cryptographic key can be reconstructed, without having access to the first image, but based instead on the first metadata and information extracted from the second image. The reconstructed symmetric cryptographic key can then be used for decryption of the encrypted image to establish evidence that the license plate number was indeed extracted from the first image.

Abstract translation: 提供了一种保护证据隐私的系统和方法。 在该方法中，通过使用基于第一信息（例如从第一图像提取的车牌号码）和与第一图像相关联的第一元数据的对称密码密钥加密在第一位置处获取的第一图像来生成加密的第一图像 ，例如获取第一图像的时间。 当在第二图像和第一图像之间建立链接时，例如通过视觉签名匹配，可以重构对称加密密钥，而无需访问第一图像，而是基于第一元数据和从第 第二张图片。 然后可以将重建的对称加密密钥用于加密图像的解密，以建立从第一图像确实提取牌照号码的证据。