专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090217041A1 PROVISIONAL SIGNATURE SCHEMES 审中-公开
标题翻译：临时签字计划
公开(公告)号：US20090217041A1
公开(公告)日：2009-08-27
申请号：US12389287
申请日：2009-02-19
申请人： Zulfikar Ramzan , Craig Gentry , David Molnar
发明人： Zulfikar Ramzan , Craig Gentry , David Molnar
IPC分类号： H04L9/32
CPC分类号： H04L9/3218 , H04L9/3013 , H04L9/3066 , H04L9/3257 , H04L2209/42 , H04L2209/56
摘要： A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.
摘要翻译：公开了一种用于实现临时签名方案的部分的方法和装置。在一个实施例中，该方法包括通过对消息执行操作并完成临时签名来创建临时签名以在消息上创建最终签名。这种方案可以用于服务器辅助签名方案，指定的确认者签名方案和盲签名方案。

2. 发明申请

US20080013722A1 HIERARCHICAL IDENTITY-BASED ENCRYPTION AND SIGNATURE SCHEMES 有权
标题翻译：基于分类识别的加密和签名方案
公开(公告)号：US20080013722A1
公开(公告)日：2008-01-17
申请号：US11780114
申请日：2007-07-19
申请人： Craig Gentry , Alice Silverberg
发明人： Craig Gentry , Alice Silverberg
IPC分类号： H04L9/28
CPC分类号： H04L9/0836 , H04L9/007 , H04L9/0847 , H04L9/3073 , H04L9/3247 , H04L9/3252
摘要： Methods are provided for encoding and decoding a digital message between a sender and a recipient in a system including a plurality of private key generators (“PKGs”). The PKGs include at least a root PKG and n lower-level PKG in the hierarchy between the root PKG and the recipient. A root key generation secret is selected and is known only to the root PKG. A root key generation parameter is generated based on the root key generation secret. A lower-level key generation secret is selected for each of the n lower-level PKGs, wherein each lower-level key generation secret is known only to its associated lower-level PKG. A lower-level key generation parameter also is generated for each of the n lower-level PKGs using at least the lower-level key generation secret for its associated lower-level private key generator. The message is encoded to form a ciphertext using at least the root key generation parameter and recipient identity information associated with the recipient. A recipient private key is generated such that the recipient private key is related to at least the root key generation secret, one or more of the n lower-level key generation secrets, and the recipient identity information. The ciphertext is decoded to recover the message using at least the recipient private key.
摘要翻译：提供了用于在包括多个私钥生成器（“PKG”）的系统中的发送者和接收者之间对数字消息进行编码和解码的方法。 PKG在根PKG和接收者之间的层次结构中至少包括根PKG和n较低级PKG。选择根密钥生成秘密，仅对根PKG知道。根密钥生成参数基于根密钥生成密钥生成。为n个较低级PKG中的每一个选择较低级密钥生成秘密，其中每个较低级密钥生成秘密仅对其相关联的较低级PKG是已知的。使用至少对于其相关联的下级私钥生成器的较低级密钥生成秘密，也为n个较低级PKG中的每一个生成较低级密钥生成参数。使用至少与接收者相关联的根密钥生成参数和收件人身份信息来编码消息以形成密文。生成接收私钥，使得接收方私钥至少与根密钥生成秘密相关，n个较低级密钥生成秘密中的一个或多个以及接收者身份信息。对密文进行解码，至少使用收件人私钥来恢复邮件。

3. 发明申请

US20070169177A1 CHANGING STATES OF COMMUNICATION LINKS IN COMPUTER NETWORKS IN AN AUTHENTICATED MANNER 有权
标题翻译：计算机网络中的通信链接更改状态
公开(公告)号：US20070169177A1
公开(公告)日：2007-07-19
申请号：US11531435
申请日：2006-09-13
申请人： Philip MacKenzie , Zulfikar Ramzan , Craig Gentry
发明人： Philip MacKenzie , Zulfikar Ramzan , Craig Gentry
IPC分类号： G06F15/16 , G06F17/30
CPC分类号： H04L63/065 , H04L63/08
摘要： A protocol for closing all active communication links between one device (110.1) and one or more other devices in a group provides that the first device sets up the group by generating an input to a predefined function (e.g. one-way function) according to some random distribution, computing the output of the one-way function, and sharing the output value with all other devices in the group. Then to close all communication links, the first device broadcasts the stored input to all other devices in the group. The other devices may check that the one-way function applied to this input results in the shared output value, and if so, close the communication link.
摘要翻译：用于关闭一个设备（110.1）和一组中的一个或多个其他设备之间的所有活动通信链路的协议规定，第一设备通过根据一些设备（110.1）生成到预定义功能（例如，单向功能）的输入来建立组随机分配，计算单向函数的输出，并与组中的所有其他设备共享输出值。然后关闭所有通信链路，第一个设备将存储的输入广播到组中的所有其他设备。其他设备可以检查应用于该输入的单向功能是否产生共享输出值，如果是，则关闭通信链路。

4. 发明申请

US20070050629A1 HIERARCHICAL IDENTITY-BASED ENCRYPTION AND SIGNATURE SCHEMES 有权
标题翻译：基于分类识别的加密和签名方案
公开(公告)号：US20070050629A1
公开(公告)日：2007-03-01
申请号：US11552076
申请日：2006-10-23
申请人： Craig Gentry , Alice Silverberg
发明人： Craig Gentry , Alice Silverberg
IPC分类号： H04L9/00
CPC分类号： H04L9/0836 , H04L9/007 , H04L9/0847 , H04L9/3073 , H04L9/3247 , H04L9/3252
摘要： Methods are provided for encoding and decoding a digital message between a sender and a recipient in a system including a plurality of private key generators (“PKGs”). The PKGs include at least a root PKG and n lower-level PKG in the hierarchy between the root PKG and the recipient. A root key generation secret is selected and is known only to the root PKG. A root key generation parameter is generated based on the root key generation secret. A lower-level key generation secret is selected for each of the n lower-level PKGs, wherein each lower-level key generation secret is known only to its associated lower-level PKG. A lower-level key generation parameter also is generated for each of the n lower-level PKGs using at least the lower-level key generation secret for its associated lower-level private key generator. The message is encoded to form a ciphertext using at least the root key generation parameter and recipient identity information associated with the recipient. A recipient private key is generated such that the recipient private key is related to at least the root key generation secret, one or more of the n lower-level key generation secrets, and the recipient identity information. The ciphertext is decoded to recover the message using at least the recipient private key.
摘要翻译：提供了用于在包括多个私钥生成器（“PKG”）的系统中的发送者和接收者之间对数字消息进行编码和解码的方法。 PKG在根PKG和接收者之间的层次结构中至少包括根PKG和n较低级PKG。选择根密钥生成秘密，仅对根PKG知道。根密钥生成参数基于根密钥生成密钥生成。为n个较低级PKG中的每一个选择较低级密钥生成秘密，其中每个较低级密钥生成秘密仅对其相关联的较低级PKG是已知的。使用至少对于其相关联的下级私钥生成器的较低级密钥生成秘密，也为n个较低级PKG中的每一个生成较低级密钥生成参数。使用至少与接收者相关联的根密钥生成参数和收件人身份信息来编码消息以形成密文。生成接收私钥，使得接收方私钥至少与根密钥生成秘密相关，n个较低级密钥生成秘密中的一个或多个以及接收者身份信息。对密文进行解码，至少使用收件人私钥来恢复邮件。

5. 发明申请

US20070005499A1 Method and apparatus for secure and small credits for verifiable service provider metering 失效
标题翻译：用于可验证服务提供商计量的安全和小额信用的方法和装置
公开(公告)号：US20070005499A1
公开(公告)日：2007-01-04
申请号：US10534943
申请日：2004-02-06
申请人： Craig Gentry , Zulfikar Ramzan
发明人： Craig Gentry , Zulfikar Ramzan
IPC分类号： G06Q99/00
CPC分类号： G06Q20/06 , G06Q20/02 , G06Q20/12 , G06Q20/26 , G06Q20/29 , G06Q20/367 , G06Q20/382 , G06Q20/3821 , G06Q40/02
摘要： A method and apparatus for obtaining access to services of service providers. In one embodiment, the method comprises requesting a desired service through a foreign service provider. (101), generating a hash tree and generating a digital signature on a root value of the hash tree (102), sending the digital signature and the root value to the foreign service provider (103), providing one or more tokens to the foreign service provider with the next packet if the foreign service provider accepts the signature (105) and continuing to use the service while the foreign service provider accepts token (107).
摘要翻译：一种获取服务提供商服务的方法和装置。在一个实施例中，该方法包括通过外部服务提供商请求期望的服务。（101），生成散列树并根据所述散列树（102）的根值生成数字签名，向所述外部服务提供商（103）发送所述数字签名和根值，向所述外部服务提供商提供一个或多个令牌如果外部服务提供商接受签名（105）并且在外部服务提供商接受令牌（107）的情况下继续使用服务，则服务提供商具有下一个分组。

6. 发明申请

US20060242699A1 Use of modular roots to perform authentication including, but not limited to, authentication of validity of digital certificates 失效
标题翻译：使用模块化根执行认证，包括但不限于认证数字证书的有效性
公开(公告)号：US20060242699A1
公开(公告)日：2006-10-26
申请号：US11454394
申请日：2006-06-16
申请人： Zulfikar Ramzan , Craig Gentry , Bernhard Bruhn
发明人： Zulfikar Ramzan , Craig Gentry , Bernhard Bruhn
IPC分类号： G06F12/14
CPC分类号： G06F21/33 , H04L9/3218 , H04L9/3268 , H04L2209/30 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： Authentication of elements (e.g. digital certificates 140) as possessing a pre-specified property (e.g. being valid) or not possessing the property is performed by (1) assigning a distinct integer pi to each element, and (2) accumulating the elements possessing the property or the elements not possessing the property using a P-th root u1/P (mod n) of an integer u modulo a predefined composite integer n, where P is the product of the integers associated with the accumulated elements. Alternatively, authentication is performed without such accumulators but using witnesses associated with such accumulators. The witnesses are used to derive encryption and/or decryption keys for encrypting the data evidencing possession of the property for multiple periods of time. The encrypted data are distributed in advance. For each period of time, decryption keys are released which are associated with that period and with the elements to be authenticated in that period of time. Authentication can be performed by accumulating elements into data which are a function of each element but whose size does not depend on the number of elements, and transmitting the accumulator data over a network to a computer system which de-accumulates some elements as needed to re-transmit only data associated with elements needed by other computer systems. This technique is suitable to facilitate distribution of accumulator data in networks such as ad hoc networks.
摘要翻译：通过（1）向每个元素分配不同的整数pi来执行具有预先指定的属性（例如有效）或不具有该属性的元素（例如数字证书140）的认证，以及（2）累积具有属性或不具有属性的元素使用整数u的预定义复合整数n的第P个根u（1）/ P（mod n），其中P是与积累的元素。或者，在没有这样的累加器的情况下执行认证，但是使用与这种累加器相关联的证人。证人被用于导出加密和/或解密密钥，用于加密证明拥有属性多个时间段的数据。加密数据预先分配。对于每个时间段，释放与那段时间相关联的解密密钥以及在该时间段内被认证的元素。认证可以通过将元素累加到数据中来执行，该数据是每个元素的函数，但其大小不依赖于元素的数量，并且通过网络将累加器数据发送到计算机系统，其根据需要去累积一些元素 - 仅传输与其他计算机系统所需的元素相关联的数据。该技术适合于促进诸如ad hoc网络的网络中的累加器数据的分配。

7. 发明申请

US20060143457A1 Authenticated ID-based cryptosystem with no key escrow 有权
公开(公告)号：US20060143457A1
公开(公告)日：2006-06-29
申请号：US11357373
申请日：2006-02-17
申请人： Craig Gentry , Alice Silverberg
发明人： Craig Gentry , Alice Silverberg
IPC分类号： H04L9/00
CPC分类号： G06Q20/3674 , G06Q20/3829 , H04L9/002 , H04L9/0844 , H04L9/3073 , H04L9/3242 , H04L2209/08
摘要： A method and system are provided for determining a shared secret between two entities in a cryptosystem. A first random secret is selected that is known to the first entity and unknown to the second entity. A first intermediate shared secret component is determined using the first random secret and a system parameter. The first intermediate shared secret component is communicated to the second entity. A second random secret is selected that is known to the second entity, but unknown to the first entity. A second intermediate shared secret component is determined using the second random secret and the system parameter. The second intermediate shared secret component is communicated to the first entity. It is confirmed that both the first entity and the second entity know a non-interactive shared secret. An interactive shared secret is determined using the first random secret, the second random secret, and the system parameter.

8. 发明申请

US20060143456A1 Authenticated ID-based cryptosystem with no key escrow 有权
公开(公告)号：US20060143456A1
公开(公告)日：2006-06-29
申请号：US11356901
申请日：2006-02-17
申请人： Craig Gentry , Alice Silverberg
发明人： Craig Gentry , Alice Silverberg
IPC分类号： H04L9/00
CPC分类号： G06Q20/3674 , G06Q20/3829 , H04L9/002 , H04L9/0844 , H04L9/3073 , H04L9/3242 , H04L2209/08
摘要： A method and system are provided for determining a shared secret between two entities in a cryptosystem. A first random secret is selected that is known to the first entity and unknown to the second entity. A first intermediate shared secret component is determined using the first random secret and a system parameter. The first intermediate shared secret component is communicated to the second entity. A second random secret is selected that is known to the second entity, but unknown to the first entity. A second intermediate shared secret component is determined using the second random secret and the system parameter. The second intermediate shared secret component is communicated to the first entity. It is confirmed that both the first entity and the second entity know a non-interactive shared secret. An interactive shared secret is determined using the first random secret, the second random secret, and the system parameter.

9. 发明申请

US20060059333A1 Revocation of cryptographic digital certificates 有权
公开(公告)号：US20060059333A1
公开(公告)日：2006-03-16
申请号：US11218093
申请日：2005-08-31
申请人： Craig Gentry , Zulfikar Ramzan , Bernhard Bruhn
发明人： Craig Gentry , Zulfikar Ramzan , Bernhard Bruhn
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3236 , H04L63/0823 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： Different targets (c0, N1) of a digital certificate are mapped into a “super-target” using methods allowing a certificate validity verifier (110) to compute the super-target. The certificate includes the super-target instead of the targets. Also, a certificate with multiple targets can be signed with a redactable signature by the certification authority (CA 120). When the certificate's owner provides the certificate to a verifier together with a validity proof, the owner redacts the certificate to delete unnecessary targets. A single validity proof (ci(F)) may be provided to certificate owners for a set (F) of the certificates via a multicast transmission if a multicasting group (2010) is formed to correspond to the set. A verifier (110) may decide to cache the validity proof for a set provide the cached proof to other parties. The caching decision is based on the caching priority of the set F. The priority may depend on the number of certificates in the set F, the sum of the remaining validity periods for the certificates in the set, and other factors. In the setup phase, the CA generates validation proof data structures for greater time than the maximum validity period of any certificate. Therefore, new certificates can be added to the existing data structures after the setup phase. A distributed certificate authority includes a CA and a number of Sub-CAs (2610). The Sub-CAs have secret certificate validation data, but different data are provided to different Sub-CAs for each certificate. If a Sub-CA is compromised, the Sub-CA validity proof will be withheld by the CA to alert the verifiers not to use the data from this Sub-CA. Also, the secret data are encrypted when distributed to the Sub-CAs. A decryption key (DK.j.k) for each “partition” of time is distributed to each Sub-CA at or shortly before the start of the partition. A compromised Sub-CA can be reactivated at the end of the partition because the adversary does not get the decryption keys for the future partitions.

10. 发明申请

US20050246533A1 Certificate-based encryption and public key infrastructure 失效
标题翻译：基于证书的加密和公钥基础设施
公开(公告)号：US20050246533A1
公开(公告)日：2005-11-03
申请号：US10521741
申请日：2003-08-28
申请人： Craig Gentry
发明人： Craig Gentry
IPC分类号： H04L9/08 , H04L9/00 , H04L9/30 , H04L9/32
CPC分类号： H04L9/0847 , H04L9/0836 , H04L9/3073 , H04L9/3265
摘要： The present invention provides methods for sending a digital message from a sender (606) to a recipient (608) in a public-key based cryptosystem comprising an authorizer (606). The authorizer can be a single entity (606) or comprise a hierarchical or distributed entity (602, 604a-604b). The present invention allows communication of messages by an efficient protocol, not involving key status queries or key escrow, where a message recipient (608) can decrypt a message from a message sender (606) only if the recipient (608) possesses up-to-date authority from the authorizer. The invention allows such communication in a system comprising a large number (e.g. millions) of users.
摘要翻译：本发明提供了一种用于在包括授权器（606）的基于公开密钥的密码系统中将数字消息从发送器（606）发送到接收者（608）的方法。授权器可以是单个实体（606）或者包括分层或分布式实体（602,604a-604b）。本发明允许通过不涉及密钥状态查询或密钥托管的有效协议来进行消息的通信，其中消息接收方（608）只有在接收方（608）拥有最新信息时才能从消息发送者（606）解密消息授权者的权限。本发明允许在包括大量（例如数百万）用户）的系统中进行这种通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式