专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US4500750A Cryptographic application for interbank verification 失效
标题翻译：同步验证的加密应用
公开(公告)号：US4500750A
公开(公告)日：1985-02-19
申请号：US335974
申请日：1981-12-30
申请人： Robert C. Elander , Richard E. Lennon , Stephen M. Matyas , Carl H. W. Meyer , Robert E. Shuck , Walter L. Tuchman
发明人： Robert C. Elander , Richard E. Lennon , Stephen M. Matyas , Carl H. W. Meyer , Robert E. Shuck , Walter L. Tuchman
IPC分类号： G09C1/00 , G06Q20/38 , G06Q20/40 , G07F7/10 , H04L9/08 , H04L9/32 , H04L9/02
CPC分类号： G06Q20/3829 , G06Q20/4012 , G07F7/1016 , H04L9/3226 , H04L2209/043 , H04L2209/56
摘要： In a data communication network which includes terminals interconnected via a central switch, a process for verifying the identity of a terminal user who is provided with secret data associated with his identity. In carrying out the verification process, the secret data is first encrypted at the terminal under a transfer-in key for transmission to an associated data processing system. When it is determined that the terminal user maintains an account at the associated data processing system, a first translate operation is performed to translate the data from encryption under the transfer-in key to encryption under an authentication key, both of which keys are protected under other keys which are different from each other, thereby providing an authentication parameter which may be used to verify the identity of the terminal user. When it is determined that the terminal user does not maintain an account at the associated data processing system, a second translate operation is performed to translate the data from encryption under the transfer-in key to encryption under a transfer-out key for transmission to the next associated host system, the switch or a remote host system. At each such node, except the switch, a determination is made as to whether a verification process can be performed otherwise, the encrypted data is translated for transmission to the next or a remote node of the network for such verification.
摘要翻译：在包括通过中央交换机互连的终端的数据通信网络中，用于验证被提供有与其身份相关联的秘密数据的终端用户的身份的过程。在进行验证处理时，秘密数据首先在终端下以传送密钥加密，以传送到相关的数据处理系统。当确定终端用户在相关联的数据处理系统中维护帐户时，执行第一翻译操作以将数据从转移密钥下的加密转换为认证密钥下的加密，这两个密钥都受到保护彼此不同的其他键，从而提供可用于验证终端用户的身份的认证参数。当确定终端用户没有在相关联的数据处理系统处维护帐户时，执行第二翻译操作以将数据从转移密钥下的加密转换为转发密钥下的加密，以传送到下一个关联的主机系统，交换机或远程主机系统。在除了交换机之外的每个这样的节点处，确定是否可以执行验证过程，将加密的数据转换为传输到网络的下一个或远程节点以进行这种验证。

32. 发明授权

US4229818A Method and apparatus for enciphering blocks which succeed short blocks in a key-controlled block-cipher cryptographic system 失效
标题翻译：用于对密钥控制块密码加密系统中的短块进行加密的块进行加密的方法和装置
公开(公告)号：US4229818A
公开(公告)日：1980-10-21
申请号：US974596
申请日：1978-12-29
申请人： Stephen M. Matyas , Carl H. W. Meyer , Louis B. Tuckerman, III
发明人： Stephen M. Matyas , Carl H. W. Meyer , Louis B. Tuckerman, III
IPC分类号： E05B49/00 , G09C1/06 , H04K1/00 , H04L9/06 , H04L9/14 , H04L9/02
CPC分类号： H04L9/0637 , H04L2209/12
摘要： A method and apparatus for providing improved error-recovery and cryptographic strength when enciphering blocks which succeed short blocks in a Key-Controlled Block-Cipher Cryptographic System with chaining. Beginning with a pre-existing current chaining value (V), the system determines whether a current input block (X) of data to be encrypted is a full block or a short block. Both in the previous system and in proposed improvement, if the block is a full block, the system first combines the chaining value (V) with said full block (X) by a reversible operation such as exclusive-or and then block-enciphers the result of said exclusive-or under control of the user's cryptographic key (K) to produce an output cipher full block (Y); but if the block is a short block, of length L.sub.s then the system first block-enciphers the current chaining value (V) under control of the user's key (K), producing a result W, and then combines the short block (X), in a reversible operation, with the left-most portion, of length L.sub.s, of W to produce an output cipher short block (Y), of length L.sub.s. In either case, in the proposed improvement, the system then sets a new chaining value (V') for the system, as being equal to the terminal full block's length of the concatenation of the current chaining value (V) with the produced block of ciphertext (Y), and causes this new chaining value (V') to be the chaining value (V) for the next block. In the case of a short block this gives increased strength to, and speeded error-recovery for, the succeeding block or blocks to be enciphered, over the previous practice, in which the new chaining value was the last-previous output (W) of the block-cipher system.
摘要翻译：一种用于在对具有链接的密钥控制块加密密码系统中的短块进行加密的块时提供改进的错误恢复和加密强度的方法和装置。从先前存在的当前链接值（V）开始，系统确定要加密的数据的当前输入块（X）是整块还是短块。在先前的系统和提出的改进中，如果块是完整块，则系统首先通过可逆操作来组合链接值（V）与所述完整块（X），例如排除或然后块加密所述用户的加密密钥（K）的独占或控制的结果来产生输出密码全块（Y）; 但是如果块是长度为Ls的短块，则系统首先在用户密钥（K）的控制下对当前链接值（V）进行加密，产生结果W，然后组合短块（X）在可逆操作中，W的最长部分为长度Ls，以产生长度为Ls的输出密码短块（Y）。在任一情况下，在所提出的改进中，系统然后为系统设置新的链接值（V'），等于当前链接值（V）与所产生的块的连接的终端满块的长度密文（Y），并将该新的链接值（V'）作为下一个块的链接值（V）。在短块的情况下，对于先前的做法，对于后续的块或块进行加密，这增加了对于新的链接值是前一个输出（W）的强度，并加快了错误恢复速度块密码系统。

33. 发明授权

US4203166A Cryptographic file security for multiple domain networks 失效
标题翻译：多个域网络的加密文件安全性
公开(公告)号：US4203166A
公开(公告)日：1980-05-13
申请号：US857535
申请日：1977-12-05
申请人： William F. Ehrsam , Robert C. Elander , Stephen M. Matyas , Carl H. W. Meyer , Richard J. Sahulka , Walter L. Tuchman
发明人： William F. Ehrsam , Robert C. Elander , Stephen M. Matyas , Carl H. W. Meyer , Richard J. Sahulka , Walter L. Tuchman
IPC分类号： G06F3/06 , G06F1/00 , G06F12/00 , G06F21/00 , G07F7/10 , H04L9/14 , H04L9/18 , H04L9/00
CPC分类号： G06F21/6236 , G06F21/606 , G07F7/1016 , H04L9/0656 , G06F2221/2153
摘要： A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file recovery key is provided at the second host system and the second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
摘要翻译：用于在一个域中的第一主机系统上创建并在多域网络的另一个域中的第二主机系统处恢复的数据文件的文件安全系统。所述主机系统中的每一个都包含具有能够执行各种加密操作的多个主机密钥的数据安全装置。实现安全数据文件的创建和恢复，而不会将主机系统中的任一主机的密钥泄露给另一个主机系统。当在第一主机系统上创建数据文件时，第一主机系统数据安全设备提供文件恢复密钥，用于在第二主机系统下随后恢复数据文件，并在主文件密钥下加密第一主机系统明文，与文件恢复密钥相关，以获取第一个主机系统密文作为数据文件。文件恢复密钥用作数据文件的头信息或维护为私有文件恢复密钥。当要在第二主机系统恢复数据文件时，在第二主机系统上提供文件恢复密钥，并且第二主机系统数据安全装置执行密码操作，以将文件恢复密钥转换为可用于解密数据文件。然后，第二主机系统数据安全装置使用转换的文件恢复密钥执行密码操作，以在第二主机系统上以清楚的形式获得第一主机系统密文。

34. 发明授权

US5642421A Encryption of low data content ATM cells 失效
标题翻译：加密低数据内容ATM信元
公开(公告)号：US5642421A
公开(公告)日：1997-06-24
申请号：US528822
申请日：1995-09-15
申请人： James P. Gray , Stephen M. Matyas , Mohammad Peyravian , Gene Tsudik
发明人： James P. Gray , Stephen M. Matyas , Mohammad Peyravian , Gene Tsudik
IPC分类号： H04L12/56 , H04Q11/04 , H04L9/00
CPC分类号： H04Q11/0478 , H04L2012/5638 , H04L2012/5673
摘要： The security provided by encryption of ATM cells is enhanced by testing each cell for low data content level. If a cell has a low data content, its contents are nevertheless compressed and the resulting string is used to replace the original data. A length character and a randomly generated number which are added to the freed-up byte positions in the data field of the cell. The entire, modified data field is encrypted before the cell is transmitted. At a receiving system, a compression indicator is checked to determine whether the cell contains original or compressed data. If necessary, the length field and the random number are stripped and the remaining cell data is decompressed before the cell data is decrypted.
摘要翻译：通过对每个小区进行低数据内容级别的测试，增强了通过ATM信元加密提供的安全性。如果单元格具有低数据内容，则其内容仍然被压缩，并且使用结果字符串来替换原始数据。长度字符和随机生成的数字，被添加到单元格的数据字段中的释放字节位置。整个修改的数据字段在传输单元之前被加密。在接收系统中，检查压缩指示符以确定小区是否包含原始或压缩数据。如果需要，长度字段和随机数字被去除，并且在单元数据被解密之前对剩余的单元数据进行解压缩。

35. 发明授权

US5231666A Cryptographic method for updating financial records 失效
标题翻译：更新财务记录的密码方法
公开(公告)号：US5231666A
公开(公告)日：1993-07-27
申请号：US870978
申请日：1992-04-20
申请人： Stephen M. Matyas
发明人： Stephen M. Matyas
IPC分类号： G06F9/30 , G06F9/38 , H04L9/32
CPC分类号： G06F9/30003 , G06F21/602 , G06F9/3877 , G06Q20/3672 , G06Q20/401 , H04L9/3236 , H04L2209/20 , H04L2209/30 , H04L2209/38 , H04L2209/56
摘要： A data processing system, method and computer program provide for the secure updating an electronic purse which includes a list of purse records. The method includes the step of defining an authentication tree with an authentication tree function comprising a one way function of purse records in the list, the authentication tree having a first root for a first list of the purse records and storing the first root in a cryptographic facility. The authentication tree includes authentication MDC vectors, one for each purse record in the list. The method includes the step of receiving a transaction record in the cryptographic facility, including an authentication code, a cryptographic key, and an authentication MDC vector, for updating an existing purse record in the first list. The method then performs the step of performing a purse update function in the cryptographic facility. The method first authenticates the transaction record using the authentication code and cryptographic key and authenticates the existing purse record with the authentication MDC vector and first root. The method next performs the step of substituting an updated purse record for the existing purse record in the first list, forming a second list. The method then computes with the updated purse record and the first authentication MDC vector, a second path MDC vector and a second root of the authentication tree for the second list by computing a path MDC vector of the authentication tree between the updated purse record and the first root and stores the second root in the cryptographic facility.
摘要翻译：数据处理系统，方法和计算机程序提供安全更新包括钱包记录列表的电子钱包。该方法包括以下步骤：使用包括列表中的钱包记录的单向功能的认证树功能定义认证树，认证树具有用于第一列表的钱包记录的第一根，并将第一根根存储在密码设施。认证树包括认证MDC向量，一个用于列表中的每个钱包记录。该方法包括在加密设施中接收交易记录的步骤，包括验证码，加密密钥和认证MDC向量，用于更新第一列表中现有的钱包记录。该方法然后执行在密码设施中执行钱包更新功能的步骤。该方法首先使用认证码和加密密钥对交易记录进行认证，并使用认证MDC向量和第一根来验证现有的钱包记录。该方法接下来执行将更新的钱包记录替换为第一列表中的现有钱包记录的步骤，形成第二列表。然后，该方法通过计算更新的钱包记录和更新的钱包记录之间的认证树的路径MDC向量，通过更新的钱包记录和第一认证MDC向量，第二路径MDC向量和第二列表的认证树的第二根来计算第一个根，并将第二个根存储在加密工具中。

36. 发明授权

US4649233A Method for establishing user authenication with composite session keys among cryptographically communicating nodes 失效
标题翻译：在密码通信节点中用复合会话密钥建立用户认证的方法
公开(公告)号：US4649233A
公开(公告)日：1987-03-10
申请号：US722091
申请日：1985-04-11
申请人： Walter E. Bass , Stephen M. Matyas , Jonathan Oseas
发明人： Walter E. Bass , Stephen M. Matyas , Jonathan Oseas
IPC分类号： H04L9/06 , H04L9/08 , H04L9/14 , H04L9/32 , H04L9/00
CPC分类号： H04L9/002 , H04L9/0625 , H04L9/0637 , H04L9/0844 , H04L9/0869
摘要： A method for authenticating nodes/users and in protecting data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.
摘要翻译：用于验证节点/用户并保护节点之间的数据流的方法。这通过在节点之间创建涉及认证加密的对话来促进。在每个会话期间，在节点参与者之间构建用于加密转换的密钥，以允许对称认证。关键是会议的独特之处。为每个会话生成一个不同的密钥。会话密钥的构建涉及以参与者之间共享最少量的信息，其形式为组合随机数和认证标记。

37. 发明授权

US06505302B1 Authentication for secure devices with limited cryptography 失效
公开(公告)号：US06505302B1
公开(公告)日：2003-01-07
申请号：US09644184
申请日：2000-08-23
申请人： Stephen M. Matyas , Sean William Smith
发明人： Stephen M. Matyas , Sean William Smith
IPC分类号： H04L932
CPC分类号： G06Q20/3672 , H04L9/3263 , H04L9/3273
摘要： Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.

38. 发明授权

US4755940A Transaction security system 失效
标题翻译：交易安全系统
公开(公告)号：US4755940A
公开(公告)日：1988-07-05
申请号：US4817
申请日：1987-01-06
申请人： Bruno Brachtl , Christopher J. Holloway , Richard E. Lennon , Stephen M. Matyas , Carl H. Meyer , Jonathan Oseas
发明人： Bruno Brachtl , Christopher J. Holloway , Richard E. Lennon , Stephen M. Matyas , Carl H. Meyer , Jonathan Oseas
IPC分类号： G07F7/12 , G06Q20/10 , G06Q20/34 , G06Q20/40 , G07D9/00 , G07F7/10 , H04L9/02
CPC分类号： G07F7/1008 , G06Q20/105 , G06Q20/341 , G06Q20/40 , G06Q20/401 , G06Q20/4012 , G06Q20/4097 , G07F7/1016
摘要： An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centers. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The POS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing center. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
摘要翻译：描述了一种电子资金转帐系统（EFT），其中位于商店的零售终端通过公共交换电信系统连接到发卡机构的数据处理中心。该系统的用户发行智能安全银行卡，其中包括微处理器，ROS和RAM存储。当发行者向用户发行时，POS包括存储在卡上的个人密钥（KP）和帐号（PAN）。用户还具有单独存储或记住的个人身份号码（PIN）。当卡被插入连接到终端的EFT模块时，在零售终端发起交易。包括PAN和会话密钥（KS）的请求消息被发送到发行者数据处理中心。发行方根据其存储的KP和PIN版本以及从终端接收的时变参数，生成认证参数（TAP）。然后，TAP在响应消息中返回到终端，并且基于估算的PIN，将导出的TAP上的卡上的输入PIN和KP的部分处理与终端中接收到的TAP进行比较。一个正确的比较，表明输入的PIN是有效的。请求消息包括在跨域密钥下编码的KS和KS下编码的PAN。消息认证码（MAC）附加到每个消息，并且在包括在KS下编码的术语的消息上的MAC的正确接收和再生指示所接收的KS是有效的，并且该消息始发于有效的终端或卡。

39. 发明授权

US4736423A Technique for reducing RSA Crypto variable storage 失效
标题翻译：减少RSA加密变量存储的技术
公开(公告)号：US4736423A
公开(公告)日：1988-04-05
申请号：US823151
申请日：1986-01-31
申请人： Stephen M. Matyas
发明人： Stephen M. Matyas
IPC分类号： G07F7/10 , H04L9/30
CPC分类号： G07F7/1016 , H04L9/302 , H04L9/3226 , H04L2209/26 , H04L2209/56
摘要： A technique for reducing RSA (Rivest, Shamir and Adleman algorithm) cryptovariable key from 1200 bits (400-bit public key, 400-bit secret key and 400-bit modulus) to 106 bits makes feasible the storage of the RSA algorithm parameters on current magnetic stripe cards used by the banking and finance industry. Of the 106 bits required, only 56 bits must be kept secret; the remaining 50 bits are nonsecret. These 106 bits are used to derive two 200-bit primes P and Q from which is computed the modulus N=PQ and two 400-bit keys PK (public key) and SK (secret key). In effect, a savings in storage is achieved at the expense of performing a precomputation to derive the modulus and keys each time the system is utilized for encryption/decryption. The 56-bit value plus the additional 50 bits of nonsecret data can be used to generate the RSA cryptovariables in systems where the RSA algorithm has been implemented. In another embodiment, a technique is provided for reducing the RSA cryptovariable storage of the public key PK and modulus from 800 bits to 260 bits. These 260 bits can be used at any later time to derive the 400-bit public key PK and 400-bit modulus N=PQ. The savings in storage is achieved by performing a precomputation each time the system is utilized for encryption/decryption.
摘要翻译：将RSA（Rivest，Shamir和Adleman算法）的密码变换密码从1200位（400位公钥，400位密钥和400位模数）减少到106位的技术使RSA算法参数存储在当前状态银行和金融业使用的磁条卡。在所需的106位中，只有56位必须保密; 剩下的50位是不确定的。这些106位用于导出两个200位素数P和Q，从中计算出模数N = PQ和两个400位密钥PK（公钥）和SK（秘密密钥）。实际上，在每次系统用于加密/解密时，以执行预计算来导出模数和密钥的代价来实现存储节省。可以使用56位值加上附加的50位非遗漏数据来在已经实现RSA算法的系统中生成RSA加密变量。在另一个实施例中，提供了一种用于将公开密钥PK和模数的RSA密码变换存储从800位减少到260位的技术。这些260位可以在以后的时间用于推导出400位公钥PK和400位模数N = PQ。存储中的节省通过每次系统用于加密/解密时执行预先计算来实现。

40. 发明授权

US4386234A Cryptographic communication and file security using terminals 失效
标题翻译：使用终端的加密通信和文件安全
公开(公告)号：US4386234A
公开(公告)日：1983-05-31
申请号：US857533
申请日：1977-12-05
申请人： William F. Ehrsam , Robert C. Elander , Stephen M. Matyas , Carl H. W. Meyer , Robert L. Powers , Paul N. Prentice , John L. Smith , Walter L. Tuchman
发明人： William F. Ehrsam , Robert C. Elander , Stephen M. Matyas , Carl H. W. Meyer , Robert L. Powers , Paul N. Prentice , John L. Smith , Walter L. Tuchman
IPC分类号： G06F12/00 , G09C1/00 , H04L9/06 , H04L9/08 , H04L9/14 , H04L9/18 , H04L9/04
CPC分类号： G06Q20/3829 , H04L9/0656
摘要： A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphered under the master cipher key is transferred to the cryptographic apparatus storage means and the control means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.
摘要翻译：一种数据安全装置，包括用于存储主密码密钥的存储装置，用于执行密码操作的密码装置和用于控制将主加密密钥写入存储装置的控制装置，控制主加密密钥到密码装置的传送以及控制密码装置进行密码操作。当将新的主密码密钥写入存储装置时，旧的主密码密钥被自动覆盖任意值，之后可以将新的主密钥写入存储装置。数据安全装置的密码装置包括存储装置，加密密钥寄存器和加密装置，用于在存储在加密密钥寄存器中的工作密码密钥的控制下对存储在密码装置存储装置中的数据执行密码函数，数据被存储在密码装置存储装置中。可以执行负载密钥密钥直接功能，由此可以将工作密码密钥直接加载到加密密钥寄存器中，以用作执行密码函数的工作密码密钥。可以执行解密密钥功能，由此将主密码密钥作为工作密码密钥传送到加密密钥寄存器，之后将密钥加密的操作密钥传送到密码装置存储装置，并且控制装置使加密密钥操作密钥被解密以获得明确形式的操作密钥，作为后续加密/解密数据功能的工作密码密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式