公开(公告)号：US07184988B1

公开(公告)日：2007-02-27

申请号：US09492534

申请日：2000-01-27

申请人： Yair Frankel ,  Charles T. Montgomery ,  Stuart Stubblebine ,  Marcel M. Yung

发明人： Yair Frankel ,  Charles T. Montgomery ,  Stuart Stubblebine ,  Marcel M. Yung

IPC分类号： G06Q99/00 ,  H04K1/00 ,  H04L9/00

CPC分类号： G06Q20/02 ,  G06Q20/00 ,  G06Q20/10 ,  G06Q20/3674 ,  G06Q20/401 ,  G06Q30/018

摘要： In an infrastructure in which some of a plurality of entities provide cryptographically supported services, a method of registering a subscriber entity of a plurality of entities at a principal entity of a plurality of entities, the method comprising the subscriber entity requesting service from the principal entity by sending a request message to a registrar entity of the plurality of entities; the registrar entity verifying the subscriber entity and forwarding the request for service to the principal entity; the principal entity storing the forwarded request and transmitting an acknowledgement message to the registrar entity, the acknowledgement stating acceptance and authentication/authorization information that the subscriber entity requires for the requested service; and the registrar entity verifying the authenticity of the received acknowledgement message, and, if correct, forwarding the acknowledgement message to the subscriber entity.

摘要翻译： 在多个实体中的一些实体提供加密支持的服务的基础设施中，一种在多个实体的主实体处登记多个实体的订户实体的方法，该方法包括从主体实体请求服务的订户实体 通过向所述多个实体的注册器实体发送请求消息; 验证用户实体并向主体实体转发服务请求的注册实体; 主要实体存储转发的请求并向注册器实体发送确认消息，确认说明订户实体对所请求的服务的要求的接受和认证/授权信息; 以及验证接收到的确认消息的真实性的注册器实体，以及如果正确的话，将确认消息转发给订户实体。

公开(公告)号：US07610614B1

公开(公告)日：2009-10-27

申请号：US09503181

申请日：2000-02-14

申请人： Yair Frankel ,  Charles T. Montgomery ,  Marcel M. Yung

发明人： Yair Frankel ,  Charles T. Montgomery ,  Marcel M. Yung

IPC分类号： G06F21/00

CPC分类号： H04L63/0442 ,  G06F21/6218 ,  G06F2211/008 ,  H04L9/007 ,  H04L9/3268 ,  H04L63/08 ,  H04L2209/42 ,  H04L2209/56

摘要： Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.

摘要翻译： 提供了用于加密控制和维护组织结构和功能的方法，系统和设备。 一种用于控制和维护操作组织结构的方法，所述方法包括将实体与加密能力相关联; 组织结构中的组织作为角色; 并在组织结构中保持角色。 该系统可以至少涉及公钥基础设施操作。 所述组织结构中的元素可以被分配给所述组织结构内的角色和/或组。

公开(公告)号：US6035041A

公开(公告)日：2000-03-07

申请号：US842080

申请日：1997-04-28

申请人： Yair Frankel ,  Marcel M. Yung

发明人： Yair Frankel ,  Marcel M. Yung

IPC分类号： G09C1/00 ,  H04L9/28 ,  H04L9/30 ,  H04L9/08

CPC分类号： H04L9/302 ,  H04L9/002 ,  H04L9/085 ,  H04L9/3247

摘要： Proactive robust threshold schemes are presented for general "homomorphic-type" public key systems, as well as optimized systems for the RSA function. Proactive security employs dynamic memory refreshing and enables us to tolerate a "mobile adversary" that dynamically corrupts the components of the systems (perhaps all of them) as long as the number of corruptions (faults) is bounded within a time period. The systems are optimal-resilience. Namely they withstand any corruption of minority of servers at any time-period by an active (malicious) adversary (i.e., any subset less than half. Also disclosed are general optimal-resilience public key systems which are "robust threshold" schemes (against stationary adversary), and are extended to "proactive" systems (against the mobile one). The added advantage of proactivization in practical situations is the fact that, in a long-lived threshold system, an adversary has a long time (e.g., years) to break into any t out of the l servers. In contrast, the adversary in a proactive systems has only a short period of time (e.g., a week) to break into any t servers. The model of mobile adversary seems to be crucial to such "long-lived" systems that are expected to span the secure network and electronic commerce infrastructure.

摘要翻译： 提出了一般的“同态”公钥系统的主动鲁棒阈值方案，以及用于RSA功能的优化系统。 主动安全性使用动态内存刷新，使我们能够容忍一个“移动对手”，只要在一段时间内限制了损坏（故障）的数量，就会动态地破坏系统的组件（可能都是这些）。 这些系统具有最佳的弹性。 也就是说，它们在任何时间段都能够承受任何时间段内的少数服务器的任何破坏（主动（恶意））对手（即，任何小于一半的子集），还公开了一般的最佳弹性公钥系统，它们是“鲁棒阈值”方案 对手），并扩展到“主动”系统（针对移动的系统）。在实际情况下，预激活的附加优点是，在长期的门槛系统中，对手具有很长的时间（例如，年数） 相比之下，主动系统中的对手只有很短的时间（例如一周）才能进入任何t服务器，移动对手的模式似乎对于 这种“长寿命”系统预计将跨越安全网络和电子商务基础设施。

公开(公告)号：US20100011208A1

公开(公告)日：2010-01-14

申请号：US12564709

申请日：2009-09-22

申请人： Yair FRANKEL ,  Charies Montgomery ,  Marcel M. Yung

发明人： Yair FRANKEL ,  Charies Montgomery ,  Marcel M. Yung

IPC分类号： H04L9/32

CPC分类号： H04L63/0442 ,  G06F21/6218 ,  G06F2211/008 ,  H04L9/007 ,  H04L9/3268 ,  H04L63/08 ,  H04L2209/42 ,  H04L2209/56

摘要： Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.

摘要翻译： 提供了用于加密控制和维护组织结构和功能的方法，系统和设备。 一种用于控制和维护操作组织结构的方法，所述方法包括将实体与加密能力相关联; 组织结构中的组织作为角色; 并在组织结构中保持角色。 该系统可以至少涉及公钥基础设施操作。 所述组织结构中的元素可以被分配给所述组织结构内的角色和/或组。

公开(公告)号：US07313701B2

公开(公告)日：2007-12-25

申请号：US09860441

申请日：2001-05-21

申请人： Yair Frankel ,  Marcel M. Yung ,  Philip D. MacKenzie

发明人： Yair Frankel ,  Marcel M. Yung ,  Philip D. MacKenzie

IPC分类号： H04L9/00

CPC分类号： G06Q20/382 ,  H04L9/3013 ,  H04L9/302 ,  H04L9/3093 ,  H04L63/065 ,  Y04S40/24 ,  Y04S50/12

摘要： The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e., distributed trust totally “from scratch”). The disclosed method involves new efficient “robustness assurance techniques” which guarantee “correct computations” by mutually distrusting parties with malicious minority.

摘要翻译： 本发明提供了鲁棒有效的分布式生成RSA密钥。 一个有效的协议是独立于原始测试“电路大小”的协议，而稳健的协议允许正确完成，即使存在少数任意行为不当的恶意方。 所公开的协议对任何少数的恶意方是安全的（这是最佳的）。 所公开的方法在建立敏感的分布式加密功能共享服务（认证机构，具有分布式信任的签名方案和密钥托管当局）以及RSA之外的其他应用（即：复合ElGamal，识别方案，同时位交换等） 。）。 所公开的方法可以与主动功能共享技术相结合，以建立第一个有效的，优化弹性，稳健和主动安全的基于RSA的分布式信任服务，其中密钥从不委托给单个实体（即，完全从“ 刮”）。 所公开的方法涉及新的有效的“鲁棒性保证技术”，其保证由恶意少数人相互不信任的各方的“正确计算”。

公开(公告)号：US07266199B2

公开(公告)日：2007-09-04

申请号：US10901079

申请日：2004-07-29

申请人： Marcel M. Yung ,  Yair Frankel

发明人： Marcel M. Yung ,  Yair Frankel

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04L9/0838 ,  H04L9/0897

摘要： A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.

摘要翻译： 一种分布式密码学方法，用于高结果安全系统，其使用了各方之间的共享随机性。 共享随机性通过共享由安全硬件令牌存储的加密密钥来完成，潜在的较不安全的软件或执行分布式加密的通用计算单元。 共享随机性基于共享密钥（令牌）和唯一上下文。 共享随机值被并入分布式加密计算中使用的部分结果的计算中。 共享随机性的并入提供了硬件令牌之间的握手。 当操作成功时，计算结果是确保正确的方参与形成结果。 握手确保了操作方的约束和增加的系统安全性。

公开(公告)号：US06237097B1

公开(公告)日：2001-05-22

申请号：US09315979

申请日：1999-05-21

申请人： Yair Frankel ,  Marcel M. Yung ,  Philip D. MacKenzie

发明人： Yair Frankel ,  Marcel M. Yung ,  Philip D. MacKenzie

IPC分类号： H04L930

CPC分类号： G06Q20/382 ,  H04L9/3013 ,  H04L9/302 ,  H04L9/3093 ,  H04L63/065 ,  Y04S40/24 ,  Y04S50/12

摘要： The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e., distributed trust totally “from scratch”). The disclosed method involves new efficient “robustness assurance techniques” which guarantee “correct computations” by mutually distrusting parties with malicious minority.

公开(公告)号：US08290161B2

公开(公告)日：2012-10-16

申请号：US11896361

申请日：2007-08-31

申请人： Marcel M. Yung ,  Yair Frankel

发明人： Marcel M. Yung ,  Yair Frankel

IPC分类号： H04K1/00 ,  H04L9/00

CPC分类号： H04L9/0838 ,  H04L9/0897

摘要： A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.

摘要翻译： 一种分布式密码学方法，用于高结果安全系统，其使用了各方之间的共享随机性。 共享随机性通过共享由安全硬件令牌存储的加密密钥来完成，潜在的较不安全的软件或执行分布式加密的通用计算单元。 共享随机性基于共享密钥（令牌）和唯一上下文。 共享随机值被并入分布式加密计算中使用的部分结果的计算中。 共享随机性的并入提供了硬件令牌之间的握手。 当操作成功时，计算结果是确保正确的方参与形成结果。 握手确保了操作方的约束和增加的系统安全性。

公开(公告)号：US07177839B1

公开(公告)日：2007-02-13

申请号：US09492459

申请日：2000-01-27

申请人： Allen Claxton ,  Charles T. Montgomery ,  Marcel M. Yung ,  Richard Ankney ,  Richard Salz ,  Thomas Titchener ,  Peter Lieberwirth ,  Andrew Konstantaras

发明人： Allen Claxton ,  Charles T. Montgomery ,  Marcel M. Yung ,  Richard Ankney ,  Richard Salz ,  Thomas Titchener ,  Peter Lieberwirth ,  Andrew Konstantaras

IPC分类号： G06Q40/00

CPC分类号： G06Q20/12 ,  G06Q20/38215 ,  G06Q20/40 ,  G06Q20/4016 ,  G06Q30/02

摘要： An electronic transaction system includes an authority issuing electronic signals representing subscriber assurance of an attribute of a subscriber to the system; and a reliance server obtaining electronic signals representing information regarding the subscriber assurance issued by the issuing authority, the reliance server issuing electronic signals representing a signed warranty offer to a relying party, the signed warranty offer being based at least on the subscriber attribute assurance, wherein the reliance server only provides the signed warranty offer if the relying party is authorized to make a request for said warranty.

摘要翻译： 电子交易系统包括发出电子信号的机构，该电子信号表示订户对系统的属性的保证; 以及依赖服务器获取表示由发行机构发布的关于用户保证的信息的电子信号，所述依赖服务器向所述依赖方发出表示签署的保修要约的电子信号，所述签名的保修报价至少基于用户属性保证，其中 依赖服务器只有在依赖方被授权提出保修请求时才提供签名的保修服务。

公开(公告)号：US20190158468A1

公开(公告)日：2019-05-23

申请号：US15818685

申请日：2017-11-20

申请人： Michael Duong ,  Anirudh Garg ,  Subhash Sankuratripati ,  Edward Chenhui Xue ,  Marcel M. Yung

发明人： Michael Duong ,  Anirudh Garg ,  Subhash Sankuratripati ,  Edward Chenhui Xue ,  Marcel M. Yung

IPC分类号： H04L29/06 ,  H04L9/14 ,  H04L9/30

摘要： Systems, devices, media, and methods are presented for device independent secure messaging. The systems and methods generate an encrypted message by encrypting message content, designated for a specified recipient, with an encryption key. The systems and methods select a set of recipient keys, associated with the specified recipient, from a plurality of member keys. For each recipient key, the systems and methods encrypt the encryption key to generate a set of encrypted keys and transmit the encrypted message and an encrypted key of the set of encrypted keys to one or more client devices associated with the specified recipient. The systems and methods then receive an acknowledgement indicating a termination status of the encrypted message.