公开(公告)号：US06961427B1

公开(公告)日：2005-11-01

申请号：US09717761

申请日：2000-11-21

Applicant: Xin Qiu ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Eric J. Sprunk

IPC: H04L9/26 ,  H04L9/04

CPC classification number: H04L9/0668 ,  H04L2209/125

Abstract: Methods and apparatus for the generation of a cryptographic one way function (a key or keystream generator) for use in encrypting or decrypting binary data. A non-linear key or keystream generation algorithm using multiple feedback shift registers is provided. The feedback shift registers may be constructed utilizing an advanced mathematical construct called an extended Galois Field GF(2m). The key or keystream is generated as a non-linear function of the outputs of the multiple feedback shift registers, which may be a combination of static feedback shift registers and dynamic feedback shift registers. Dense primitive polynomials with many coefficients may be used to produce a cryptographically robust keystream for use as an encryption or decryption key.

Abstract translation: 用于生成用于加密或解密二进制数据的加密单向函数（密钥或密钥流生成器）的方法和装置。 提供了使用多个反馈移位寄存器的非线性密钥或密钥流生成算法。 反馈移位寄存器可以利用称为扩展Galois Field GF（2MM）的高级数学结构来构造。 密钥或密钥流作为多反馈移位寄存器的输出的非线性函数产生，其可以是静态反馈移位寄存器和动态反馈移位寄存器的组合。 可以使用具有许多系数的密集原始多项式来产生用作加密或解密密钥的加密鲁棒密钥流。

公开(公告)号：US09130928B2

公开(公告)日：2015-09-08

申请号：US13087847

申请日：2011-04-15

Applicant: Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

Inventor： Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

IPC: H04L29/06 ,  G06F21/57

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：US06804782B1

公开(公告)日：2004-10-12

申请号：US09373866

申请日：1999-08-13

Applicant: Xin Qiu ,  Eric J. Sprunk ,  Daniel Z. Simon ,  Lawrence Tang ,  Lawrence R. Cook

Inventor： Xin Qiu ,  Eric J. Sprunk ,  Daniel Z. Simon ,  Lawrence Tang ,  Lawrence R. Cook

IPC: G06F1130

CPC classification number: G06F9/3001 ,  G06F2207/7219 ,  H04L9/003 ,  H04L9/005 ,  H04L9/3013 ,  H04L9/302

Abstract: A cryptography circuit provides secure processing of data by utilizing countermeasures that combat timing and power attacks. Superfluous operations such as multiplication operations, modular reductions by an integer, storage of data to memory are available for use by a processor to disguise the amount of power usage and the amount of time required to perform a cryptographic operation. A cryptographic key is available for use in order to trigger when these emulated operations occur. The occurrences of the emulated operations is controlled by the user to provide the preferred tradeoff between security and use of resources.

Abstract translation: 加密电路通过利用对抗定时和电源攻击的对策来提供对数据的安全处理。 多余的操作，例如乘法运算，整数模块化减少，数据存储到存储器可供处理器使用，以掩盖功率使用量和执行加密操作所需的时间。 可以使用加密密钥来在这些仿真操作发生时触发。 仿真操作的发生由用户控制，以提供资源的安全性和使用之间的首选权衡。

公开(公告)号：US20090274295A1

公开(公告)日：2009-11-05

申请号：US12500791

申请日：2009-07-10

Applicant: Xin Qiu ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Eric J. Sprunk

IPC: H04L9/30 ,  H04L9/00

CPC classification number: H04N7/52 ,  H04L9/088 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/2365 ,  H04N21/4347 ,  H04N21/4405

Abstract: A system to transmit a set of programs from a transmitter to a receiver is used to accommodate different levels of security used for each program. When a high level of security is necessary for transmitting or receiving a program the transmitter and/or receiver is operable to accommodate that level of security. Thus, both transmitters and receivers are operable to be reconfigured to encrypt or decrypt, respectively, at different levels. Accordingly, differing amounts of programs can be transmitted or received based on the resource requirements needed at any level of security. Consequently, a high level of encryption/decryption requires more resources and allows the processing of fewer services, while a lower level of encryption/decryption allows more services to be transmitted/received.

Abstract translation: 用于将一组节目从发射机发送到接收机的系统被用于适应用于每个节目的不同级别的安全性。 当需要高水平的安全性来发送或接收程序时，发射器和/或接收器可操作以适应该级别的安全性。 因此，发射机和接收机都可以被重新配置以分别在不同的级别进行加密或解密。 因此，可以基于任何安全级别所需的资源要求来发送或接收不同数量的程序。 因此，高级别的加密/解密需要更多的资源并且允许处理较少的服务，而较低级别的加密/解密允许发送/接收更多的服务。

公开(公告)号：US07450717B1

公开(公告)日：2008-11-11

申请号：US09588828

申请日：2000-06-07

Applicant: Eric J. Sprunk ,  Xin Qiu

Inventor： Eric J. Sprunk ,  Xin Qiu

IPC: H04L9/34

CPC classification number: H04L9/3247 ,  H04L9/0618 ,  H04L2209/38

Abstract: Existing key encryption approaches are extended by using overlapping portions of encrypted information. Another provision inserts one or more bits of data to ensure correct encryption/decryption. The inserted data can also be used for authentication.

Abstract translation: 通过使用加密信息的重叠部分来扩展现有密钥加密方法。 另一个规定插入一个或多个数据位以确保正确的加密/解密。 插入的数据也可以用于认证。

公开(公告)号：US20080162928A1

公开(公告)日：2008-07-03

申请号：US11616348

申请日：2006-12-27

Applicant: Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L2209/603

Abstract: An apparatus and method for providing at least one root certificate are disclosed. Specifically, a plurality of root certificates is received and stored. Afterwards, a request is received from a first endpoint device for a desired root certificate, where the desired root certificate is used by the first endpoint device to verify an identity of a second endpoint device. Furthermore, the first endpoint device and the second endpoint device are associated with different certificate hierarchies. The desired root certificate is then sent to at least the first endpoint device.

Abstract translation: 公开了一种用于提供至少一个根证书的设备和方法。 具体地，接收并存储多个根证书。 之后，从第一端点设备接收针对所需根证书的请求，其中期望的根证书由第一端点设备用于验证第二端点设备的身份。 此外，第一端点设备和第二端点设备与不同的证书层级相关联。 然后将期望的根证书发送到至少第一端点设备。

公开(公告)号：US08761401B2

公开(公告)日：2014-06-24

申请号：US11846045

申请日：2007-08-28

Applicant: Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

Inventor： Eric J. Sprunk ,  Alexander Medvinsky ,  Xin Qiu ,  Stuart Moskovics ,  Liqiang Chen

IPC: H04L9/08 ,  H04L9/00 ,  H04L9/32

CPC classification number: H04L9/0844 ,  H04L9/006 ,  H04L9/0822 ,  H04L63/0428 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/166

Abstract: A system and method for securely distributing PKI data, such as one or more private keys or other confidential digital information, from a PKI data generation facility to a product in a product personalization facility that is not connected to the PKI data generation facility and is assumed to be a non-secure product personalization facility. The system includes a PKI data loader for securely transmitting the encrypted PKI data transferred from the PKI data generator to a PKI server at the product personalization facility. The PKI server then transfers the PKI data to the product of interest, typically via a PKI station acting as a proxy between the PKI server and the product. In each communication step, PKI data being transferred is encrypted multiple times and the system is designed such that if any intermediate node is compromised with all of its keys, the overall system has not yet been compromised.

Abstract translation: 用于将PKI数据（例如一个或多个私钥或其他机密数字信息）的PKI数据安全地分发到不连接到PKI数据生成设备并被假定的产品个性化设施中的产品的系统和方法 成为不安全的产品个性化设施。 该系统包括PKI数据加载器，用于将从PKI数据发生器传送的加密的PKI数据安全地发送到产品个性化设施的PKI服务器。 PKI服务器然后将PKI数据传送到感兴趣的产品，通常通过充当PKI服务器和产品之间代理的PKI站。 在每个通信步骤中，正在传送的PKI数据被加密多次，并且系统被设计成使得如果任何中间节点与其所有密钥相冲突，则整个系统尚未被破坏。

公开(公告)号：US08166292B2

公开(公告)日：2012-04-24

申请号：US12500791

申请日：2009-07-10

Applicant: Xin Qiu ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Eric J. Sprunk

IPC: H04L29/06

CPC classification number: H04N7/52 ,  H04L9/088 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/2365 ,  H04N21/4347 ,  H04N21/4405

Abstract: A system to transmit a set of programs from a transmitter to a receiver is used to accommodate different levels of security used for each program. When a high level of security is necessary for transmitting or receiving a program the transmitter and/or receiver is operable to accommodate that level of security. Thus, both transmitters and receivers are operable to be reconfigured to encrypt or decrypt, respectively, at different levels. Accordingly, differing amounts of programs can be transmitted or received based on the resource requirements needed at any level of security. Consequently, a high level of encryption/decryption requires more resources and allows the processing of fewer services, while a lower level of encryption/decryption allows more services to be transmitted/received.

Abstract translation: 用于将一组程序从发射机发射到接收机的系统被用于适应用于每个节目的不同级别的安全性。 当需要高水平的安全性来发送或接收程序时，发射器和/或接收器可操作以适应该级别的安全性。 因此，发射机和接收机都可以被重新配置以分别在不同的级别进行加密或解密。 因此，可以基于任何安全级别所需的资源要求来发送或接收不同数量的程序。 因此，高级别的加密/解密需要更多的资源并且允许处理较少的服务，而较低级别的加密/解密允许发送/接收更多的服务。

公开(公告)号：US20110258685A1

公开(公告)日：2011-10-20

申请号：US13087847

申请日：2011-04-15

Applicant: Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

Inventor： Xin Qiu ,  Alexander Medvinsky ,  Stuart P. Moskovics ,  Jason A. Pasion ,  Eric J. Sprunk ,  Fan Wang ,  Ting Yao

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04L63/0823 ,  G06F21/572 ,  H04L63/06 ,  H04L2463/102

Abstract: A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.

Abstract translation: 用新的身份数据更新启用网络的设备的方法包括生成多个新的身份数据记录并将新的身份数据记录加载到更新服务器上。 在更新服务器处接收到来自具有链接到标识符的先前分配的身份的至少一个启用网络的设备的新身份数据的请求。 先前分配的标识符被链接到链接到新的身份数据记录之一的新标识符。 一个或多个新的身份数据记录被安全地传送到启用网络的设备。

公开(公告)号：US07877600B2

公开(公告)日：2011-01-25

申请号：US11616348

申请日：2006-12-27

Applicant: Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

Inventor： Xin Qiu ,  Petr Peterka ,  Eric J. Sprunk

IPC: H04L29/06 ,  H04L9/32 ,  G06F15/16 ,  G06F7/00

CPC classification number: H04L9/3268 ,  H04L2209/603

Abstract: An apparatus and method for providing at least one root certificate are disclosed. Specifically, a plurality of root certificates is received and stored. Afterwards, a request is received from a first endpoint device for a desired root certificate, where the desired root certificate is used by the first endpoint device to verify an identity of a second endpoint device. Furthermore, the first endpoint device and the second endpoint device are associated with different certificate hierarchies. The desired root certificate is then sent to at least the first endpoint device.

Abstract translation: 公开了一种用于提供至少一个根证书的设备和方法。 具体地，接收并存储多个根证书。 之后，从第一端点设备接收针对所需根证书的请求，其中期望的根证书由第一端点设备用于验证第二端点设备的身份。 此外，第一端点设备和第二端点设备与不同的证书层级相关联。 然后将期望的根证书发送到至少第一端点设备。