会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Cryptographic system with halting key derivation function capabilities
    • 具有停止密钥导出功能能力的加密系统
    • US08254571B1
    • 2012-08-28
    • US11963726
    • 2007-12-21
    • Xavier Boyen
    • Xavier Boyen
    • H04L9/00
    • H04L9/08H04L9/0643H04L9/0863H04L9/0869H04L2209/38
    • A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.
    • 提供了停止键导出功能。 设置过程在循环中加扰用户提供的密码和随机字符串。 当用户输入停止循环时,设置过程可以生成验证信息和加密密钥。 该密钥可用于加密数据。 在随后的密码验证和密钥恢复过程中,检索验证信息,获得的用户提供的试用密码,并且两者一起使用循环计算来恢复密钥。 在循环期间,验证过程重复地测试由循环加扰功能产生的结果与验证信息。 在匹配的情况下,试用密码是正确的,并且可以生成与设置过程产生的密钥匹配的加密密钥并用于数据解密。 只要没有匹配,循环可以无限期地继续,直到外部中断,例如通过用户输入。
    • 3. 发明授权
    • Secure messaging system with derived keys
    • 具有派生密钥的安全消息系统
    • US07624269B2
    • 2009-11-24
    • US10887721
    • 2004-07-09
    • Guido AppenzellerXavier BoyenTerence Spies
    • Guido AppenzellerXavier BoyenTerence Spies
    • H04L9/00
    • H04L9/083H04L9/0866
    • Secure messages may be sent between senders and recipients using symmetric message keys. The symmetric message keys may be derived from a master key using a key generator at an organization. A gateway may encrypt outgoing message using the derived keys. Senders in the organization can send messages to recipients who are customers of the organization. The recipients can authenticate to a decryption server in the organization using preestablished credentials. The recipients can be provided with copies of the derived keys for decrypting the encrypted messages. A hierarchical architecture may be used in which a super master key generator at the organization derives master keys for delegated key generators in different units of the organization. An organization may have a policy server that generates non-customer symmetric message keys. The non-customer symmetric message keys may be used to encrypt messages sent by a non-customer sender to a recipient at the organization.
    • 可以使用对称消息密钥在发送方和收件人之间发送安全消息。 对称消息密钥可以使用组织中的密钥生成器从主密钥导出。 网关可以使用导出的密钥来加密传出的消息。 组织中的发件人可以向作为组织客户的收件人发送消息。 收件人可以使用预先建立的凭据对组织中的解密服务器进行身份验证。 可以向收件人提供用于解密加密消息的导出密钥的副本。 可以使用分层结构,其中组织中的超级主密钥生成器为组织的不同单元中的委托密钥生成器导出主密钥。 组织可以具有生成非客户对称消息密钥的策略服务器。 非客户对称消息密钥可以用于将由非客户发送者发送的消息加密到组织的接收者。
    • 4. 发明授权
    • Identity-based-encryption system
    • 基于身份的加密系统
    • US07590236B1
    • 2009-09-15
    • US11090450
    • 2005-03-25
    • Dan BonehXavier Boyen
    • Dan BonehXavier Boyen
    • H04K1/00H04L9/00H04L9/30H04L29/06H04L9/32
    • H04L9/3073H04L9/0841H04L63/0428H04L63/06
    • Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.
    • 提供了支持对称双线性映射和非对称双线性映射身份加密(IBE)密钥交换和加密方案的系统和方法。 IBE密钥交换方案使用IBE封装引擎来产生秘密密钥和秘密密钥的封装版本。 使用IBE未封装引擎来封装封装的密钥。 IBE加密方案使用IBE加密引擎从明文生成密文。 IBE解密引擎用于解密密文以显示明文。 IBE未封装引擎和解密引擎使用双线性映射。 IBE封装和加密引擎在不使用双线性映射的情况下执行组乘法运算,从而提高效率。 可以使用分布式密钥布置来生成用于解密和未封装操作的IBE私钥,其中每个IBE私钥由私人密钥共享组合。
    • 6. 发明授权
    • Identity-based-encryption extensions formed using multiple instances of an identity based encryption scheme
    • 使用基于身份的加密方案的多个实例形成的基于身份的加密扩展
    • US08023646B2
    • 2011-09-20
    • US11983154
    • 2007-11-06
    • Xavier Boyen
    • Xavier Boyen
    • H04L9/30
    • H04L9/083H04L9/3073H04L2209/04
    • IBE extensions to IBE schemes may be provided by creating multiple instances of the same IBE scheme, where each instance has an associated IBE master key and corresponding IBE public parameters. During encryption, an IBE extension identity for each instance of the IBE scheme may be mapped to a corresponding component identity. A message may be encrypted using the component identities to create multiple ciphertexts. The ciphertexts can be combined and sent to a recipient. The recipient can request a private key. The private key may be generated by mapping the IBE extension identity into a component identity in each instance, by extracting private keys for each of the component identities, and by combining the private keys into a single IBE extension private key.
    • 可以通过创建相同IBE方案的多个实例来提供IBE方案的IBE扩展,其中每个实例具有相关联的IBE主密钥和对应的IBE公共参数。 在加密期间,IBE方案的每个实例的IBE扩展标识可以被映射到相应的组件标识。 可以使用组件标识来加密消息以创建多个密文。 密文可以组合并发送给收件人。 收件人可以请求私钥。 私钥可以通过将IBE扩展标识映射到每个实例中的组件标识,通过为每个组件标识提取专用密钥,以及将私钥组合成单个IBE扩展私钥来产生。
    • 7. 发明申请
    • SECURITY DEVICE FOR CRYPTOGRAPHIC COMMUNICATIONS
    • 保护通信安全设备
    • US20090327731A1
    • 2009-12-31
    • US12107043
    • 2008-04-21
    • Guido AppenzellerTerence SpiesXavier Boyen
    • Guido AppenzellerTerence SpiesXavier Boyen
    • H04L9/00
    • H04L9/3263H04L9/006H04L9/0825H04L9/083H04L9/0847H04L9/3247
    • Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.
    • 提供了可以执行认证操作,数字签名操作和加密操作的加密系统和方法。 可以使用认证信息来执行认证操作。 可以使用对称认证密钥或公/私钥对来构造认证信息。 用户可以使用专用签名密钥对数据进行数字签名。 可以使用相应的公共签名密钥来验证用户签名。 基于身份的加密(IBE)安排可以用于使用接收者的身份加密消息。 可以使用适当的IBE私钥对IBE加密的消息进行解密。 具有防篡改外壳的智能卡,通用串行总线密钥或其他安全装置可以使用认证信息来获得秘密密钥信息。 诸如IBE私钥信息,私人签名密钥信息和认证信息的信息可以存储在防篡改外壳中。
    • 8. 发明申请
    • Identity-based-encryption extensions formed using multiple instances of an identity based encryption scheme
    • 使用基于身份的加密方案的多个实例形成的基于身份的加密扩展
    • US20080263357A1
    • 2008-10-23
    • US11983154
    • 2007-11-06
    • Xavier Boyen
    • Xavier Boyen
    • H04L9/00
    • H04L9/083H04L9/3073H04L2209/04
    • IBE extensions to IBE schemes may be provided by creating multiple instances of the same IBE scheme, where each instance has an associated IBE master key and corresponding IBE public parameters. During encryption, an IBE extension identity for each instance of the IBE scheme may be mapped to a corresponding component identity. A message may be encrypted using the component identities to create multiple ciphertexts. The ciphertexts can be combined and sent to a recipient. The recipient can request a private key. The private key may be generated by mapping the IBE extension identity into a component identity in each instance, by extracting private keys for each of the component identities, and by combining the private keys into a single IBE extension private key.
    • 可以通过创建相同IBE方案的多个实例来提供IBE方案的IBE扩展,其中每个实例具有相关联的IBE主密钥和对应的IBE公共参数。 在加密期间,IBE方案的每个实例的IBE扩展标识可以被映射到相应的组件标识。 可以使用组件标识来加密消息以创建多个密文。 密文可以组合并发送给收件人。 收件人可以请求私钥。 私钥可以通过将IBE扩展标识映射到每个实例中的组件标识,通过为每个组件标识提取专用密钥,以及将私钥组合成单个IBE扩展私钥来产生。
    • 9. 发明申请
    • Expanded transmission control protocol, methods of operation and apparatus
    • 扩展传输控制协议,操作方法和设备
    • US20060031527A1
    • 2006-02-09
    • US11137896
    • 2005-05-25
    • L. SolesDan TeodosiuJoseph PistrittoXavier Boyen
    • L. SolesDan TeodosiuJoseph PistrittoXavier Boyen
    • G06F15/16
    • H04L69/16H04L67/42H04L69/162H04L69/163
    • A communication protocol service in support of TCP based communication is modified to improve the operational efficiency of a server for a particular type of client-server application. The service is modified to support connection pools and connection groups within the connection pools, to enable connections with clients to be grouped and share a common file descriptor. The service is provided with an API to allow an application server to create the connection pools, connection groups and connections. The API also include receive and send services adapted to support the connection pool and connection group architecture, and to allow explicit acknowledgement of received transmissions under control of the application server. Further, in various embodiments, the buffering architecture of the service, as well as acknowledgement of request packets by the service are also modified.
    • 修改了支持基于TCP的通信的通信协议服务,以提高特定类型的客户机 - 服务器应用的服务器的运行效率。 该服务被修改为支持连接池中的连接池和连接组,以使与客户端的连接能够被分组并共享一个通用的文件描述符。 该服务提供了一个API,允许应用程序服务器创建连接池,连接组和连接。 API还包括适于支持连接池和连接组架构的接收和发送服务,并且允许在应用服务器的控制下显式确认所接收的传输。 此外,在各种实施例中,服务的缓冲架构以及服务对请求分组的确认也被修改。