公开(公告)号：WO2012127384A2

公开(公告)日：2012-09-27

申请号：PCT/IB2012/051259

申请日：2012-03-15

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP. ,  LITTLE, Herbert Anthony ,  CAMPAGNA, Matthew John ,  VANSTONE, Scott Alexander ,  BROWN, Daniel Richard L.

Inventor： LITTLE, Herbert Anthony ,  CAMPAGNA, Matthew John ,  VANSTONE, Scott Alexander ,  BROWN, Daniel Richard L.

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0844 ,  H04L9/3066 ,  H04L9/3263

Abstract: During generation of an implicit certificate (102, 638) for a requestor (100, 600), a certificate authority (104, 620) incorporates information in the public-key reconstruction data (110), where the public-key reconstruction data is to be used to compute the public key (648) of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public- key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient (114, 654), and the recipient can also extract the incorporated information.

Abstract translation: 在为请求者（100,600）生成隐式证书（102,638）期间，证书颁发机构（104,620）将公钥重构数据（110）中的信息合并在一起，其中公钥重构数据为 用于计算请求者的公钥（648）。 信息可能与请求者，证书颁发机构和隐含证书中的一个或多个有关。 认证机构对隐含证书中的公钥重构数据进行可逆编码，并将其发送给请求者。 从认证机构收到隐含证书后，请求者可以从公钥重构数据中提取合并信息。 隐式证书可以提供给收件人（114,654），收件人还可以提取合并的信息。

公开(公告)号：WO2012108875A1

公开(公告)日：2012-08-16

申请号：PCT/US2011/024505

申请日：2011-02-11

Applicant: CERTICOM CORP. ,  CAMPAGNA, Matthew J. ,  LAMBERT, Robert J. ,  ALFRED, James

Inventor： CAMPAGNA, Matthew J. ,  LAMBERT, Robert J. ,  ALFRED, James

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/321 ,  H04L9/006 ,  H04L9/3066 ,  H04L9/3265 ,  H04L63/0823

Abstract: A method and apparatus are disclosed for using a single credential request ( e.g. , registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Abstract translation: 公开了一种用于使用单个凭证请求（例如，注册公钥或ECQV证书）在具有多个可信证书机构CA实体和一个或多个订户实体A的安全数字通信系统中获得多个凭证的方法和装置 以这种方式，可以通过利用单个注册公钥或隐式证书作为向一个或多个CA实体的凭证请求来获得附加证书来将实体A提供给多个PKI网络，其中每个附加证书可以用于导出附加公共 实体A的密钥 - 私钥对。

公开(公告)号：WO2012051076A2

公开(公告)日：2012-04-19

申请号：PCT/US2011/055445

申请日：2011-10-07

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP. ,  CHIDAMBARAM, Avinash ,  CAMPAGNA, Matthew John

Inventor： CHIDAMBARAM, Avinash ,  CAMPAGNA, Matthew John

IPC: G06F21/24

CPC classification number: G06F21/6218 ,  G06F2221/2107

Abstract: A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository.

Abstract translation: 提供了一种在远程存储库中保护用户凭据的方法。 根据一个实施例，提供了一种方法，包括从注册密码生成第一私钥和第一公开密钥对; 生成第二私钥和第二公钥对; 从所述第二私钥和所述第一公钥生成存储密钥; 使用存储密钥加密一组凭证; 从加密的凭证集合和第一私钥中创建加密的凭证签名; 以及将加密的一组凭证，加密凭证签名和第二公钥存储在远程存储库中。

公开(公告)号：WO2011032261A1

公开(公告)日：2011-03-24

申请号：PCT/CA2010/001393

申请日：2010-09-09

Applicant: RESEARCH IN MOTION LIMITED ,  CERTICOM CORP. ,  LITTLE, Herbert Anthony ,  CAMPAGNA, Matthew John ,  ROSATI, Anthony ,  VANSTONE, Scott Alexander

Inventor： LITTLE, Herbert Anthony ,  CAMPAGNA, Matthew John ,  ROSATI, Anthony ,  VANSTONE, Scott Alexander

IPC: H04L9/32 ,  H04L9/30 ,  H04W12/06

CPC classification number: H04L9/3066 ,  H04L9/3263

Abstract: A method and system for providing and issuing credentials wherein the first credential conforms to a first specified format and incorporates supplemental information to permit a requester or recipient of the first credential to create and utilize a second credential that conforms to a second specified format wherein the second specified format is different from the first specified format

Abstract translation: 一种用于提供和发布凭证的方法和系统，其中所述第一凭证符合第一指定格式并且包括补充信息以允许所述第一凭证的请求者或接收者创建和利用符合第二指定格式的第二凭证，其中所述第二凭证 指定格式与第一个指定格式不同

公开(公告)号：WO2011003200A4

公开(公告)日：2011-03-10

申请号：PCT/CA2010001076

申请日：2010-07-12

Applicant: CERTICOM CORP ,  SMITH KEELAN ,  NEILL BRIAN ,  CHIN EUGENE

Inventor： SMITH KEELAN ,  NEILL BRIAN ,  CHIN EUGENE

IPC: G06Q10/00

CPC classification number: G06F21/71 ,  G06F21/73 ,  H04L9/083 ,  H04L9/3066 ,  H04L9/3213 ,  H04L9/3271 ,  H04L2209/60

Abstract: A key injection service module for an asset management system is provided for a secure means of injecting keys into products. To provide this service, a controller is used to define one or more key types defining the format of the keys in a file. The controller is then used to define a product model, and then to bind each key type to the product models.

Abstract translation: 提供资产管理系统的一个关键注入服务模块，用于将密钥注入产品的安全手段。 为了提供这种服务，使用控制器来定义一个或多个定义文件中的密钥格式的密钥类型。 然后使用该控制器定义产品模型，然后将每种关键字类型绑定到产品模型。

公开(公告)号：WO2010069063A1

公开(公告)日：2010-06-24

申请号：PCT/CA2009/001846

申请日：2009-12-16

Applicant: CERTICOM CORP. ,  BROWN, Daniel R.L.

Inventor： BROWN, Daniel R.L.

IPC: H04L9/30

CPC classification number: H04L9/0844 ,  H04L9/3066

Abstract: The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimisation may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K.

Abstract translation: 密钥协商协议（例如MQV）的实现中的共享秘密密钥K的生成可以通过选择短信公钥和通信者的长期公钥相同来优化用于加速计算。 一个通讯员确定其他记者的一对公钥是否相同。 如果是，则使用共享密钥K的简化表示，其减少用于乘法组的加性组或求幂运算的标量乘法运算的数量。 可以通过在K的计算中执行同时的标量乘法或同时取幂来获得进一步的优化。

公开(公告)号：WO2008028291A1

公开(公告)日：2008-03-13

申请号：PCT/CA2007/001567

申请日：2007-09-10

Applicant: CERTICOM CORP. ,  GRIFFITHS-HARVEY, Michael ,  NEILL, Brian ,  SMITH, Keelan ,  ROSATI, Tony ,  DAVIS, Walt ,  WALTERS, Anthony J. ,  TSANG, Randy ,  BROWN, Daniel R. ,  VANSTONE, Scott A.

Inventor： GRIFFITHS-HARVEY, Michael ,  NEILL, Brian ,  SMITH, Keelan ,  ROSATI, Tony ,  DAVIS, Walt ,  WALTERS, Anthony J. ,  TSANG, Randy ,  BROWN, Daniel R. ,  VANSTONE, Scott A.

IPC: G01V15/00 ,  G01V3/12 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/3066 ,  H04L9/3252 ,  H04L2209/805

Abstract: An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain.

Abstract translation: 提供了一种经过认证的RFID系统，与传统的公共密钥实现（如RSA）相比，使用椭圆曲线密码术（ECC）来减少签名大小和读/写时间。 ECDSA或ECPVS可以用于减小签名大小，并且ECPVS可用于隐藏包含敏感产品标识信息的RFID标签的一部分。 因此，可以使用较小的标签，或者可以在制造或供应链中的不同阶段写入多个签名。 密钥管理系统用于分发验证密钥，并且聚合签名方案也被提供用于向RFID标签添加多个签名，例如在供应链中。

公开(公告)号：WO2007118307A1

公开(公告)日：2007-10-25

申请号：PCT/CA2007/000608

申请日：2007-04-13

Applicant: CERTICOM CORP. ,  STRUIK, Marinus

Inventor： STRUIK, Marinus

IPC: H04L9/00 ,  H04L12/54 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L63/105 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/1441 ,  H04L63/20

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check.

Abstract translation: 一种在安全通信系统中进行通信的方法，包括以下步骤：在发送器处组装消息，然后确定帧类型，并且包括消息头部中的帧类型的指示。 然后，该消息被发送到接收方，并且用于执行策略检查的帧类型。

公开(公告)号：WO2007098584A1

公开(公告)日：2007-09-07

申请号：PCT/CA2007/000310

申请日：2007-02-28

Applicant: CERTICOM CORP. ,  WALTERS, Anthony J. ,  NEILL, Brian ,  ROSATI, Tony ,  VADEKAR, Ashok ,  O'LOUGHLIN, Daniel

Inventor： WALTERS, Anthony J. ,  NEILL, Brian ,  ROSATI, Tony ,  VADEKAR, Ashok ,  O'LOUGHLIN, Daniel

IPC: G06F21/00 ,  H04L9/28 ,  H04L9/32

CPC classification number: H04L63/062 ,  G06F21/602 ,  G06F21/72 ,  G06Q10/101 ,  H04L9/085

Abstract: A system and method for controlling a production process for producing a product is provided in which overproduction may be inhibited by introducing a separation of duties within a production process Typically a producer will contract out the various stages of a production process to multiple contractors. In general, separation of duties involves purposefully separating production stages, for silicon chips or other products, so that the end product has been handled or "touched", by each subcontractor, in order for the end product to be fully functional This is achieved by way of a module having a mathematical transform for intercepting and transforming data flow in the product The mathematical transform requiring a key to be operable, the product requiring successful operation of the mathematical transform to be operable and the key is divided into a plurality of portions of sensitive data which are added during production of the product in a plurality of stages

Abstract translation: 提供了一种用于控制生产产品的生产过程的系统和方法，其中可以通过在生产过程中引入职责分离来抑制过度生产。通常，生产者将生产过程的各个阶段的合同委托给多个承包商。 一般来说，职责分工涉及有目的地分离硅片或其他产品的生产阶段，以便最终产品被每个分包商处理或“触及”，以使最终产品完全起作用。这通过 具有用于拦截和变换产品中的数据流的数学变换的模块的方式。需要键可操作的数学变换，需要成功操作数学变换以使其可操作的产品和键被分成多个部分 在多个阶段中在产品生产期间添加的敏感数据

公开(公告)号：WO2005043807A1

公开(公告)日：2005-05-12

申请号：PCT/CA2004/001879

申请日：2004-10-28

Applicant: CERTICOM CORP. ,  BROWN, Daniel R.

Inventor： BROWN, Daniel R.

IPC: H04L9/30

CPC classification number: H04L63/045 ,  H04L9/0861 ,  H04L9/3066 ,  H04L9/321 ,  H04L9/3236 ,  H04L9/3247 ,  H04L9/3252 ,  H04L9/3263 ,  H04L63/0823

Abstract: The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process.

Abstract translation: 本发明提供了可验证地生成公钥的方法。 根据该方法，首先生成自签名签名，然后将其用作生成一对私钥和公钥的输入。 签名的验证证明密钥是利用签名的密钥生成过程产生的。 认证机构可以验证和验证从可验证密钥生成过程产生的公钥。