-
公开(公告)号:US06237097B1
公开(公告)日:2001-05-22
申请号:US09315979
申请日:1999-05-21
IPC分类号: H04L930
CPC分类号: G06Q20/382 , H04L9/3013 , H04L9/302 , H04L9/3093 , H04L63/065 , Y04S40/24 , Y04S50/12
摘要: The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e., distributed trust totally “from scratch”). The disclosed method involves new efficient “robustness assurance techniques” which guarantee “correct computations” by mutually distrusting parties with malicious minority.
-
公开(公告)号:US07313701B2
公开(公告)日:2007-12-25
申请号:US09860441
申请日:2001-05-21
IPC分类号: H04L9/00
CPC分类号: G06Q20/382 , H04L9/3013 , H04L9/302 , H04L9/3093 , H04L63/065 , Y04S40/24 , Y04S50/12
摘要: The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e., distributed trust totally “from scratch”). The disclosed method involves new efficient “robustness assurance techniques” which guarantee “correct computations” by mutually distrusting parties with malicious minority.
摘要翻译: 本发明提供了鲁棒有效的分布式生成RSA密钥。 一个有效的协议是独立于原始测试“电路大小”的协议,而稳健的协议允许正确完成,即使存在少数任意行为不当的恶意方。 所公开的协议对任何少数的恶意方是安全的(这是最佳的)。 所公开的方法在建立敏感的分布式加密功能共享服务(认证机构,具有分布式信任的签名方案和密钥托管当局)以及RSA之外的其他应用(即:复合ElGamal,识别方案,同时位交换等) 。)。 所公开的方法可以与主动功能共享技术相结合,以建立第一个有效的,优化弹性,稳健和主动安全的基于RSA的分布式信任服务,其中密钥从不委托给单个实体(即,完全从“ 刮”)。 所公开的方法涉及新的有效的“鲁棒性保证技术”,其保证由恶意少数人相互不信任的各方的“正确计算”。
-
3.发明授权
公开(公告)号:US6035041A
公开(公告)日:2000-03-07
申请号:US842080
申请日:1997-04-28
申请人: Yair Frankel , Marcel M. Yung
发明人: Yair Frankel , Marcel M. Yung
CPC分类号: H04L9/302 , H04L9/002 , H04L9/085 , H04L9/3247
摘要: Proactive robust threshold schemes are presented for general "homomorphic-type" public key systems, as well as optimized systems for the RSA function. Proactive security employs dynamic memory refreshing and enables us to tolerate a "mobile adversary" that dynamically corrupts the components of the systems (perhaps all of them) as long as the number of corruptions (faults) is bounded within a time period. The systems are optimal-resilience. Namely they withstand any corruption of minority of servers at any time-period by an active (malicious) adversary (i.e., any subset less than half. Also disclosed are general optimal-resilience public key systems which are "robust threshold" schemes (against stationary adversary), and are extended to "proactive" systems (against the mobile one). The added advantage of proactivization in practical situations is the fact that, in a long-lived threshold system, an adversary has a long time (e.g., years) to break into any t out of the l servers. In contrast, the adversary in a proactive systems has only a short period of time (e.g., a week) to break into any t servers. The model of mobile adversary seems to be crucial to such "long-lived" systems that are expected to span the secure network and electronic commerce infrastructure.
摘要翻译: 提出了一般的“同态”公钥系统的主动鲁棒阈值方案,以及用于RSA功能的优化系统。 主动安全性使用动态内存刷新,使我们能够容忍一个“移动对手”,只要在一段时间内限制了损坏(故障)的数量,就会动态地破坏系统的组件(可能都是这些)。 这些系统具有最佳的弹性。 也就是说,它们在任何时间段都能够承受任何时间段内的少数服务器的任何破坏(主动(恶意))对手(即,任何小于一半的子集),还公开了一般的最佳弹性公钥系统,它们是“鲁棒阈值”方案 对手),并扩展到“主动”系统(针对移动的系统)。在实际情况下,预激活的附加优点是,在长期的门槛系统中,对手具有很长的时间(例如,年数) 相比之下,主动系统中的对手只有很短的时间(例如一周)才能进入任何t服务器,移动对手的模式似乎对于 这种“长寿命”系统预计将跨越安全网络和电子商务基础设施。
-
公开(公告)号:US08290161B2
公开(公告)日:2012-10-16
申请号:US11896361
申请日:2007-08-31
申请人: Marcel M. Yung , Yair Frankel
发明人: Marcel M. Yung , Yair Frankel
CPC分类号: H04L9/0838 , H04L9/0897
摘要: A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.
摘要翻译: 一种分布式密码学方法,用于高结果安全系统,其使用了各方之间的共享随机性。 共享随机性通过共享由安全硬件令牌存储的加密密钥来完成,潜在的较不安全的软件或执行分布式加密的通用计算单元。 共享随机性基于共享密钥(令牌)和唯一上下文。 共享随机值被并入分布式加密计算中使用的部分结果的计算中。 共享随机性的并入提供了硬件令牌之间的握手。 当操作成功时,计算结果是确保正确的方参与形成结果。 握手确保了操作方的约束和增加的系统安全性。
-
5.发明授权公开(公告)号:US07610614B1
公开(公告)日:2009-10-27
申请号:US09503181
申请日:2000-02-14
IPC分类号: G06F21/00
CPC分类号: H04L63/0442 , G06F21/6218 , G06F2211/008 , H04L9/007 , H04L9/3268 , H04L63/08 , H04L2209/42 , H04L2209/56
摘要: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.
摘要翻译: 提供了用于加密控制和维护组织结构和功能的方法,系统和设备。 一种用于控制和维护操作组织结构的方法,所述方法包括将实体与加密能力相关联; 组织结构中的组织作为角色; 并在组织结构中保持角色。 该系统可以至少涉及公钥基础设施操作。 所述组织结构中的元素可以被分配给所述组织结构内的角色和/或组。
-
公开(公告)号:US07266199B2
公开(公告)日:2007-09-04
申请号:US10901079
申请日:2004-07-29
申请人: Marcel M. Yung , Yair Frankel
发明人: Marcel M. Yung , Yair Frankel
CPC分类号: H04L9/0838 , H04L9/0897
摘要: A method of distributed cryptography for high consequence security systems which employs shared randomness between operating parties. Shared randomness is accomplished by sharing cryptographic keys stored in secure hardware tokens by potentially less secure software or general purpose computing units that perform distributed cryptography. The shared randomness is based on shared keys (at the tokens) and unique context. Shared random values are incorporated into the computation of partial results used in the distributed cryptographic calculation. The incorporation of shared randomness provides a hand-shake among the hardware tokens. When the operation is successful, a result is computed with assurance that the correct parties have taken part in forming the result. The hand-shake assures binding of operating parties and added system security.
摘要翻译: 一种分布式密码学方法,用于高结果安全系统,其使用了各方之间的共享随机性。 共享随机性通过共享由安全硬件令牌存储的加密密钥来完成,潜在的较不安全的软件或执行分布式加密的通用计算单元。 共享随机性基于共享密钥(令牌)和唯一上下文。 共享随机值被并入分布式加密计算中使用的部分结果的计算中。 共享随机性的并入提供了硬件令牌之间的握手。 当操作成功时,计算结果是确保正确的方参与形成结果。 握手确保了操作方的约束和增加的系统安全性。
-
7.发明授权Methods for operating infrastructure and applications for cryptographically-supported services 有权运行基础设施和加密支持服务的应用程序的方法公开(公告)号:US07184988B1
公开(公告)日:2007-02-27
申请号:US09492534
申请日:2000-01-27
CPC分类号: G06Q20/02 , G06Q20/00 , G06Q20/10 , G06Q20/3674 , G06Q20/401 , G06Q30/018
摘要: In an infrastructure in which some of a plurality of entities provide cryptographically supported services, a method of registering a subscriber entity of a plurality of entities at a principal entity of a plurality of entities, the method comprising the subscriber entity requesting service from the principal entity by sending a request message to a registrar entity of the plurality of entities; the registrar entity verifying the subscriber entity and forwarding the request for service to the principal entity; the principal entity storing the forwarded request and transmitting an acknowledgement message to the registrar entity, the acknowledgement stating acceptance and authentication/authorization information that the subscriber entity requires for the requested service; and the registrar entity verifying the authenticity of the received acknowledgement message, and, if correct, forwarding the acknowledgement message to the subscriber entity.
摘要翻译: 在多个实体中的一些实体提供加密支持的服务的基础设施中,一种在多个实体的主实体处登记多个实体的订户实体的方法,该方法包括从主体实体请求服务的订户实体 通过向所述多个实体的注册器实体发送请求消息; 验证用户实体并向主体实体转发服务请求的注册实体; 主要实体存储转发的请求并向注册器实体发送确认消息,确认说明订户实体对所请求的服务的要求的接受和认证/授权信息; 以及验证接收到的确认消息的真实性的注册器实体,以及如果正确的话,将确认消息转发给订户实体。
-
公开(公告)号:US08121949B2
公开(公告)日:2012-02-21
申请号:US12073764
申请日:2008-03-10
IPC分类号: G06Q40/00
CPC分类号: G06Q20/40 , G06Q20/382 , G06Q20/3821 , G06Q20/401 , G06Q20/4037 , G06Q30/04 , G06Q30/0613 , G06Q40/00 , G07F7/08
摘要: A method for providing a warranty relating to a transaction between two parties, each party having a data communications device, in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each location having a computer system, a database coupled to the computer system and storing information about each client of the institution and a data communications device coupled to the computer system for communication with the data communications device of any one party, each party being a client of at least one of the institutions, the method containing the steps of: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.
摘要翻译: 一种在包括由多个位置组成的基础设施的系统中提供与具有数据通信设备的双方之间的交易有关的保证的方法,每个位置与相应的机构相关联,所述各个机构向客户端提供服务,每个位置具有 计算机系统,耦合到计算机系统的数据库,并且存储关于机构的每个客户端的信息以及耦合到计算机系统的数据通信设备,用于与任何一方的数据通信设备进行通信,每个方面至少为客户端 其中一个机构,该方法包括以下步骤:从一方向作为相应机构的客户的交易发送保证请求到与相应机构相关联的相应位置,该请求包括标识对方的信息 交易和交易性质的信息; 在相应位置和与另一方是客户的机构相关联的位置之间进行信息交换; 以及从所述相应位置向所述一方发送对所述请求的响应。
-
公开(公告)号:US07343346B2
公开(公告)日:2008-03-11
申请号:US10042335
申请日:2002-01-11
IPC分类号: G06Q40/00
CPC分类号: G06Q20/40 , G06Q20/382 , G06Q20/3821 , G06Q20/401 , G06Q20/4037 , G06Q30/04 , G06Q30/0613 , G06Q40/00 , G07F7/08
摘要: A method for facilitating provision of a warranty relating to a transaction between two parties in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, the method containing the steps of transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client and transmitting a response to the request from the respective location to the one party.
摘要翻译: 一种用于促进提供与系统中的双方之间的交易有关的保证的方法,该方法包括由多个位置组成的基础设施,每个位置与相应的机构相关联,该客户机向客户提供服务,所述方法包括以下步骤: 作为相应机构的客户的交易的保证,与相关机构相关的相应位置的该交易的保证,该请求包括识别交易的另一方的信息以及进行信息交换的交易的性质的信息 在相应位置和与另一方是客户端的机构相关联的位置之间,并且将对该请求的响应从相应位置发送给一方。
-
公开(公告)号:US08321348B2
公开(公告)日:2012-11-27
申请号:US13357213
申请日:2012-01-24
IPC分类号: G06Q40/00
CPC分类号: G06Q20/40 , G06Q20/382 , G06Q20/3821 , G06Q20/401 , G06Q20/4037 , G06Q30/04 , G06Q30/0613 , G06Q40/00 , G07F7/08
摘要: A method for providing a warranty relating to a transaction between two parties, each party being a client of at least one respective institution which provides services to the respective party, the method including: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.
摘要翻译: 一种用于提供与双方之间的交易的保证的方法,每方是至少一个相应机构的客户向相应方提供服务,所述方法包括:从一方向交易发送对保证的请求,该请求 是相应机构的客户到与相应机构相关联的相应位置,该请求包括识别交易的另一方的信息和关于交易的性质的信息; 在相应位置和与另一方是客户的机构相关联的位置之间进行信息交换; 以及从所述相应位置向所述一方发送对所述请求的响应。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.023 秒)
