公开(公告)号：WO2009055904A1

公开(公告)日：2009-05-07

申请号：PCT/CA2008/001872

申请日：2008-10-28

Applicant: CERTICOM CORP. ,  LAMBERT, Robert J. ,  EBEID, Nevine

Inventor： LAMBERT, Robert J. ,  EBEID, Nevine

IPC: H04L9/28 ,  G06F7/72 ,  G09C5/00

CPC classification number: G06F7/725 ,  G06F2207/7271

Abstract: A system and method are provided enabling implicit redundancies such as constant differences and points that should be on the same curve, to be checked at the beginning, end and intermittently throughout the computation to thwart fault injection attacks. This can be implemented by checking the constant difference in point pairs during point multiplication, by checking constant scalings in exponentiation pairs, and by checking that any intermediate point is on the curve and/or in the correct subgroup of the curve.

Abstract translation: 提供了一种系统和方法，可以实现诸如恒定差异和应该在同一曲线上的点的隐性冗余，以便在整个计算过程中的开始，结束和间歇检查以阻止故障注入攻击。 这可以通过在点乘法期间通过检查点对中的恒定差异，通过检查取幂对中的常量缩放以及通过检查任何中间点在曲线上和/或曲线的正确子组中来实现。

公开(公告)号：WO2009030021A1

公开(公告)日：2009-03-12

申请号：PCT/CA2008/001541

申请日：2008-09-03

Applicant: CERTICOM CORP. ,  BROWN, Daniel R. ,  CAMPAGNA, Matthew J. ,  STRUIK, Marinus ,  VANSTONE, Scott A.

Inventor： BROWN, Daniel R. ,  CAMPAGNA, Matthew J. ,  STRUIK, Marinus ,  VANSTONE, Scott A.

IPC: H04L9/14 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/3066 ,  H04L9/3242 ,  H04L9/3252

Abstract: A portion of the signed message in an ECPVS is kept truly confidential by dividing the message being signed into at least three parts, wherein one portion is visible, another portion is recoverable by any entity and carries the necessary redundancy for verification, and at least one additional portion is kept confidential. The additional portion is kept confidential by encrypting such portion using a key generated from information specific to that verifying entity. In this way, any entity with access to the signer's public key can verify the signature by checking for a specific characteristic, such as a certain amount of redundancy in the one recovered portion, but cannot recover the confidential portion, only the specific entity can do so. Message recovery is also provided in an elliptic curve signature using a modification of the well analyzed ECDSA signing equation instead of, e.g. the Schnorr equation used in traditional PV signature schemes.

Abstract translation: 通过将被签名的消息划分成至少三个部分，其中一个部分是可见的，另一个部分可被任何实体恢复并且携带必要的冗余以用于验证，并且至少一个 额外的部分保密。 通过使用由该验证实体特有的信息生成的密钥加密这样的部分来将附加部分保密。 以这种方式，任何访问签名者公钥的实体都可以通过检查一个特定的特征来验证签名，例如一个恢复的部分中的一定数量的冗余，但不能恢复机密部分，只有特定的实体可以做 所以。 消息恢复还以椭圆曲线签名提供，使用经分析良好的ECDSA签名方案的修改，而不是例如。 传统光伏签名方案中使用的Schnorr方程。

公开(公告)号：WO2009009868A1

公开(公告)日：2009-01-22

申请号：PCT/CA2008/001254

申请日：2008-07-09

Applicant: CERTICOM CORP. ,  VANSTONE, Scott A. ,  BROWN, Daniel R.

Inventor： VANSTONE, Scott A. ,  BROWN, Daniel R.

IPC: H04L9/00 ,  H03M7/30 ,  H04L9/30

CPC classification number: H04L9/3066 ,  H04L9/3252 ,  H04L9/3263 ,  H04L2209/30 ,  H04L2209/605

Abstract: A method of compressing a cryptographic value. The method comprising the steps of: (a) selecting a secret value; (b) performing a cryptographic operation on the secret value to generate the cryptographic value; (c) determining whether the cryptographic value satisfies the pre-determined criteria; and (d) repeating the sequence of steps starting at step (a) until the cryptographic value satisfies the pre-determined criteria.

Abstract translation: 一种压缩加密值的方法。 该方法包括以下步骤：（a）选择秘密值; （b）对秘密值执行密码操作以产生密码值; （c）确定密码值是否满足预定标准; 和（d）重复从步骤（a）开始的步骤序列，直到密码值满足预定标准。

公开(公告)号：WO2008058377A1

公开(公告)日：2008-05-22

申请号：PCT/CA2007/002023

申请日：2007-11-13

Applicant: CERTICOM CORP. ,  VANSTONE, Scott A.

Inventor： VANSTONE, Scott A.

IPC: H04L9/32 ,  H04L12/58

CPC classification number: H04L9/3066 ,  H04L9/3252 ,  H04L2209/30

Abstract: An improved compression scheme for compressing an ECDSA signature is provided. The scheme substitutes the integer s in a signature (r, s) by a smaller value c. The value c is derived from s and another value d, d being small enough such that c is smaller than s. The compressed signature (r, c) is verified by computing a value using r and e, e being a hash of a message m, and using this value with a value R recovered from r to derive the value d. The value s can then be recovered and the full signature then recovered and verified.

Abstract translation: 提供了一种用于压缩ECDSA签名的改进的压缩方案。 该方案用签名（r，s）中的整数s代替较小的值c。 值c从s导出，另一个值d，d足够小，使得c小于s。 通过使用r和e计算值来验证压缩签名（r，c），e是消息m的散列，并且使用具有从r恢复的值R的该值导出值d。 然后可以恢复值s，然后恢复和验证完整的签名。

公开(公告)号：WO2008009112A1

公开(公告)日：2008-01-24

申请号：PCT/CA2007/001264

申请日：2007-07-18

Applicant: CERTICOM CORP. ,  SMITH, Keelan ,  VANSTONE, Scott A. ,  BROWN, Daniel R. ,  PARISIEN, Darryl L. ,  VADEKAR, Ashok ,  NEILL, Brian

Inventor： SMITH, Keelan ,  VANSTONE, Scott A. ,  BROWN, Daniel R. ,  PARISIEN, Darryl L. ,  VADEKAR, Ashok ,  NEILL, Brian

IPC: G06F21/00 ,  G06F9/445 ,  G07F17/32

CPC classification number: G06F21/575 ,  G06F21/73 ,  G06F2221/2109 ,  G07F17/32 ,  G07F17/323 ,  G07F17/3241 ,  H04L9/3247 ,  H04L63/0428 ,  H04L63/0823 ,  H04L2209/60 ,  H04L2463/101

Abstract: A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.

Abstract translation: 提供了一种方法和系统，用于使用安全引导过程和完整的非易失性存储器加密处理来验证和保护嵌入式设备，所述完整非易失性存储器加密处理在个性化BIOS和主引导记录上实现具有消息恢复的椭圆曲线Pinstov-Vanstone签名（ECPV）方案 。 签名包括恢复的代码，以便解锁一个依次用于解密非易失性存储器的密钥。 使用ECPVS提供了硬件绑定到BIOS的隐含验证，因为加密的内存是无用的，除非使用适当的密钥进行正确的解密。

公开(公告)号：WO2006116871A3

公开(公告)日：2006-12-21

申请号：PCT/CA2006000711

申请日：2006-05-05

Applicant: CERTICOM CORP ,  VADEKAR ASHOK ,  NEILL BRIAN

Inventor： VADEKAR ASHOK ,  NEILL BRIAN

IPC: G06F21/00 ,  G06F12/00

CPC classification number: G06F21/57 ,  G06F21/572 ,  G06F21/79 ,  G06F2221/2129

Abstract: The present invention provides an inexpensive, software-based security-retrofit solution to verify the integrity of program code in embedded systems, or accessories, without resorting to expensive hardware changes. All unused memory on an accessory that could be used to store a program code image is filled with random data. A host system also locally stores a copy of the accessory's program image containing the random data. The host system sends the accessory a list of memory addresses or memory ranges on the accessory, which is always different and random in nature. The accessory will then produce a digest using values stored in the memory addresses as inputs to a secure hash function. The host system verifies the integrity of the embedded program code by verifying the resulting digest produced by and returned from the accessory.

Abstract translation: 本发明提供了一种廉价的，基于软件的安全改进解决方案，用于验证嵌入式系统或附件中的程序代码的完整性，而无需诉诸昂贵的硬件改变。 附件上所有可用于存储程序代码图像的未使用内存都充满了随机数据。 主机系统还在本地存储包含随机数据的附件程序映像的副本。 主机系统向配件发送配件上的存储器地址或存储器范围列表，其本质上总是不同且随机的。 然后，配件将使用存储在存储器地址中的值作为安全散列函数的输入来生成摘要。 主机系统通过验证由附件产生并从附件返回的结果摘要来验证嵌入式程序代码的完整性。

公开(公告)号：WO2006116871A2

公开(公告)日：2006-11-09

申请号：PCT/CA2006/000711

申请日：2006-05-05

Applicant: CERTICOM CORP. ,  VADEKAR, Ashok ,  NEILL, Brian

Inventor： VADEKAR, Ashok ,  NEILL, Brian

CPC classification number: G06F21/57 ,  G06F21/572 ,  G06F21/79 ,  G06F2221/2129

Abstract: The present invention provides an inexpensive, software-based security-retrofit solution to verify the integrity of program code in embedded systems, or accessories, without resorting to expensive hardware changes. All unused memory on an accessory that could be used to store a program code image is filled with random data. A host system also locally stores a copy of the accessory's program image containing the random data. The host system sends the accessory a list of memory addresses or memory ranges on the accessory, which is always different and random in nature. The accessory will then produce a digest using values stored in the memory addresses as inputs to a secure hash function. The host system verifies the integrity of the embedded program code by verifying the resulting digest produced by and returned from the accessory.

Abstract translation: 本发明提供了一种廉价的基于软件的安全改进解决方案，用于在不诉诸昂贵的硬件改变的情况下验证嵌入式系统或附件中的程序代码的完整性。 可用于存储程序代码图像的附件上的所有未使用的内存都填充有随机数据。 主机系统还在本地存储包含随机数据的附件的节目图像的副本。 主机系统向附件发送附件上的存储器地址或存储器范围的列表，其本质上总是不同且随机的。 然后，附件将使用存储在存储器地址中的值作为安全散列函数的输入来生成摘要。 主机系统通过验证由附件生成和返回的结果摘要来验证嵌入式程序代码的完整性。

公开(公告)号：WO2004051956A2

公开(公告)日：2004-06-17

申请号：PCT/CA2003/001879

申请日：2003-12-04

Applicant: CERTICOM CORP. ,  STRUIK, Marinus

Inventor： STRUIK, Marinus

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L1/1803 ,  H04L1/1812 ,  H04L1/1867 ,  H04L29/06 ,  H04L47/34 ,  H04L63/0435 ,  H04L63/06 ,  H04L67/04 ,  H04L67/12 ,  H04L69/329 ,  H04L2209/80 ,  H04W4/12 ,  H04W12/02 ,  H04W12/04 ,  H04W24/00 ,  H04W28/04 ,  H04W28/06 ,  H04W56/0015

Abstract: A method of transmitting messages from a sender to a recipient over a wireless channel, the messages including a sequence counter and a frame counter. The method comprises establishing initial values of the sequence counter and the frame counter at the sender. Initial values of the frame counter and the sequence counter are provided to the recipient. The sender sends compressed messages including the value of the sequence counter and not the frame counter and monitors for an acknowledgement of receipt by the recipient. When no acknowledgment is received, the sender sends uncompressed messages until an acknowledgement of receipt is received from the recipient. The sequence counter is incremented and the next value of the frame counter is established as the integer next larger than previous value of the frame counter which is congruent to the sequence counter modulo 256.

Abstract translation: 通过无线信道将消息从发送者发送给接收者的方法，所述消息包括序列计数器和帧计数器。 该方法包括在发送方建立序列计数器和帧计数器的初始值。 帧计数器和序列计数器的初始值被提供给接收者。 发送者发送压缩的消息，包括序列计数器的值而不是帧计数器，并监视收件人收到的确认。 未收到确认时，发件人将发送未压缩的消息，直至收到收件人的确认通知。 序列计数器递增，并且帧计数器的下一个值被确定为接下来比帧计数器的先前值与序列计数器模256一致的整数。

公开(公告)号：WO0230038A3

公开(公告)日：2002-12-12

申请号：PCT/CA0101410

申请日：2001-10-05

Applicant: CERTICOM CORP ,  VANSTONE SCOTT A ,  MOTOROLA INC ,  DAVIS WALTER LEE ,  AYERST DOUGLAS I

Inventor： VANSTONE SCOTT A ,  DAVIS WALTER LEE ,  AYERST DOUGLAS I

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L9/321 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/80 ,  H04W12/06 ,  H04W12/10

Abstract: A wireless communication system includes a pager or similar device that communicates to a home terminal. The home terminal confirms the identity of the pager and attaches a certificate to the message for ongoing transmission. Where the recipient is also a pager, an associated home terminal verifies the transmission and forwards it in a trusted manner without the certificate to the recipient.

Abstract translation: 无线通信系统包括寻呼机或与家庭终端通信的类似设备。 家庭终端确认寻呼机的身份，并将证书附加到该消息以用于正在进行的传输。 在接收者也是寻呼机的情况下，关联的家庭终端验证该传输，并以可信的方式将其转发，而不向接收者发送证书。

公开(公告)号：WO1996033565A1

公开(公告)日：1996-10-24

申请号：PCT/CA1996000239

申请日：1996-04-15

Applicant: CERTICOM CORP.

Inventor： CERTICOM CORP. ,  VANSTONE, Scott ,  MENEZES, John, Alfred ,  QU, Minghua

IPC: H04L09/08

CPC classification number: H04L9/0844 ,  G06F7/725 ,  H04L9/3247

Abstract: A key establishment protocol between a pair of correspondents includes the generation by each correspondent of respective signatures. The signatures are derived from information that is private to the correspondent and information that is public. After exchange of signatures, the integrity of exchange messages can be verified by extracting the public information contained in the signature and comparing it with information used to generate the signature. A common session key may then be generated from the public and private information of respective ones of the correspondents.

Abstract translation: 一对记者之间的密钥建立协议包括每个记者生成各个签名。 签名来自对记者的私人信息和公开的信息。 在签名交换之后，可以通过提取签名中包含的公开信息并将其与用于生成签名的信息进行比较来验证交换消息的完整性。 然后可以从相应记者的公共和私人信息生成公共会话密钥。