专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100005309A1 METHOD AND APPARATUS FOR AUTHENTICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES 失效
标题翻译：用于使用自适应控制损失验证数据流的方法和装置
公开(公告)号：US20100005309A1
公开(公告)日：2010-01-07
申请号：US12560959
申请日：2009-09-16
申请人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
发明人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
IPC分类号： H04L9/32 , G06F15/16
CPC分类号： H04L9/3242 , G11B20/00086 , G11B20/0021 , H04L9/3247 , H04L2209/30 , H04L2209/34 , H04L2209/38 , H04L2209/80 , H04N7/1675
摘要： Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.
摘要翻译：无论是通过数字签名还是消息认证码，以及通过零个或多个中间人从源向接收者发送的数字流的验证，使得源或中介（或两者）可以进行有效认证的方法，组件和系统删除数据流的某些部分，而不会妨碍最终接收者验证所接收数据的真实性和完整性的能力。根据本发明，源可以对整个数据流进行一次签名，但是可以允许其本身或中间人在将流发送到最终接收者之前有效地去除流的某些部分，而无需重新签署整个流。应用可以包括经常需要进一步处理以适应特定环境的资源需求的媒体流的签名。另一个应用允许中间人选择一个广告以包含在给定的时隙中。

2. 发明授权

US08256015B2 Method and apparatus for authentication of data streams with adaptively controlled losses 失效
标题翻译：具有自适应控制损失的数据流认证方法和装置
公开(公告)号：US08256015B2
公开(公告)日：2012-08-28
申请号：US12560959
申请日：2009-09-16
申请人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
发明人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
IPC分类号： H04L29/06
CPC分类号： H04L9/3242 , G11B20/00086 , G11B20/0021 , H04L9/3247 , H04L2209/30 , H04L2209/34 , H04L2209/38 , H04L2209/80 , H04N7/1675
摘要： Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.
摘要翻译：无论是通过数字签名还是消息认证码，以及通过零个或多个中间人从源向接收者发送的数字流的验证，使得源或中介（或两者）可以进行有效认证的方法，组件和系统删除数据流的某些部分，而不会妨碍最终接收者验证所接收数据的真实性和完整性的能力。根据本发明，源可以对整个数据流进行一次签名，但是可以允许其本身或中间人在将流发送到最终接收者之前有效地去除流的某些部分，而无需重新签署整个流。应用可以包括经常需要进一步处理以适应特定环境的资源需求的媒体流的签名。另一个应用允许中间人选择一个广告以包含在给定的时隙中。

3. 发明申请

US20100005310A1 METHOD AND APPARATUS FOR AUTHENICATION OF DATA STREAMS WITH ADAPTIVELY CONTROLLED LOSSES 审中-公开
标题翻译：用于对具有适应性控制损失的数据流进行认证的方法和装置
公开(公告)号：US20100005310A1
公开(公告)日：2010-01-07
申请号：US12560963
申请日：2009-09-16
申请人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
发明人： Craig B. Gentry , Alejandro Hevia , Ravi Kumar Jain , Toshiro Kawahara , Zulfikar Amin Ramzan
IPC分类号： H04L9/32
CPC分类号： H04L9/3242 , G11B20/00086 , G11B20/0021 , H04L9/3247 , H04L2209/30 , H04L2209/34 , H04L2209/38 , H04L2209/80 , H04N7/1675
摘要： Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.
摘要翻译：无论是通过数字签名还是消息认证码，以及通过零个或多个中间人从源向接收者发送的数字流的验证，使得源或中介（或两者）可以进行有效认证的方法，组件和系统删除数据流的某些部分，而不会妨碍最终接收者验证所接收数据的真实性和完整性的能力。根据本发明，源可以对整个数据流进行一次签名，但是可以允许其本身或中间人在将流发送到最终接收者之前有效地去除流的某些部分，而无需重新签署整个流。应用可以包括经常需要进一步处理以适应特定环境的资源需求的媒体流的签名。另一个应用允许中间人选择一个广告以包含在给定的时隙中。

4. 发明申请

US20100287370A1 REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES 审中-公开
公开(公告)号：US20100287370A1
公开(公告)日：2010-11-11
申请号：US12840437
申请日：2010-07-21
申请人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
发明人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3236 , H04L63/0823 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： Different targets (c0, N1) of a digital certificate are mapped into a “super-target” using methods allowing a certificate validity verifier (110) to compute the super-target. The certificate includes the super-target instead of the targets. Also, a certificate with multiple targets can be signed with a redactable signature by the certification authority (CA 120). When the certificate's owner provides the certificate to a verifier together with a validity proof, the owner redacts the certificate to delete unnecessary targets. A single validity proof (ci(F)) may be provided to certificate owners for a set (F) of the certificates via a multicast transmission if a multicasting group (2010) is formed to correspond to the set. A verifier (110) may decide to cache the validity proof for a set provide the cached proof to other parties. The caching decision is based on the caching priority of the set F. The priority may depend on the number of certificates in the set F, the sum of the remaining validity periods for the certificates in the set, and other factors. In the setup phase, the CA generates validation proof data structures for greater time than the maximum validity period of any certificate. Therefore, new certificates can be added to the existing data structures after the setup phase. A distributed certificate authority includes a CA and a number of Sub-CAs (2610). The Sub-CAs have secret certificate validation data, but different data are provided to different Sub-CAs for each certificate. If a Sub-CA is compromised, the Sub-CA validity proof will be withheld by the CA to alert the verifiers not to use the data from this Sub-CA. Also, the secret data are encrypted when distributed to the Sub-CAs. A decryption key (DK.j.k) for each “partition” of time is distributed to each Sub-CA at or shortly before the start of the partition. A compromised Sub-CA can be reactivated at the end of the partition because the adversary does not get the decryption keys for the future partitions.

5. 发明授权

US07831998B2 Changing states of communication links in computer networks in an authenticated manner 有权
标题翻译：以认证方式改变计算机网络中通信链路的状态
公开(公告)号：US07831998B2
公开(公告)日：2010-11-09
申请号：US11531435
申请日：2006-09-13
申请人： Philip Mackenzie , Zulfikar Amin Ramzan , Craig B. Gentry
发明人： Philip Mackenzie , Zulfikar Amin Ramzan , Craig B. Gentry
IPC分类号： G06F7/04 , G06F17/30
CPC分类号： H04L63/065 , H04L63/08
摘要： A protocol for closing all active communication links between one device (110.1) and one or more other devices in a group provides that the first device sets up the group by generating an input to a predefined function (e.g. one-way function) according to some random distribution, computing the output of the one-way function, and sharing the output value with all other devices in the group. Then to close all communication links, the first device broadcasts the stored input to all other devices in the group. The other devices may check that the one-way function applied to this input results in the shared output value, and if so, close the communication link.
摘要翻译：用于关闭一个设备（110.1）和一组中的一个或多个其他设备之间的所有活动通信链路的协议规定，第一设备通过根据一些设备（110.1）生成到预定义功能（例如，单向功能）的输入来建立组随机分配，计算单向函数的输出，并与组中的所有其他设备共享输出值。然后关闭所有通信链路，第一个设备将存储的输入广播到组中的所有其他设备。其他设备可以检查应用于该输入的单向功能是否产生共享输出值，如果是，则关闭通信链路。

6. 发明申请

US20100005292A1 METHOD AND APPARATUS FOR EFFICIENT CERTIFICATE REVOCATION 有权
标题翻译：方法和设备有效的证书转让
公开(公告)号：US20100005292A1
公开(公告)日：2010-01-07
申请号：US12494129
申请日：2009-06-29
申请人： Craig B. Gentry , Zulfikar Amin Ramzan
发明人： Craig B. Gentry , Zulfikar Amin Ramzan
IPC分类号： H04L9/32
CPC分类号： H04L9/3236 , H04L9/3268 , H04L2209/30 , H04L2209/38
摘要： Revocation of digital certificates in a public-key infrastructure is disclosed, particularly in the case when a certificate might need to be revoked prior to its expirations. For example, if an employee was terminated or switched roles, his current certificate should no longer be valid. Accordingly, novel methods, components and systems are presented for addressing this problem. A solution set forth herein is based on the construction of grounded dense hash trees. In addition, the grounded dense hash tree approach also provides a time-communication tradeoff compared to the basic chain-based version of NOVOMODO, and this tradeoff yields a direct improvement in computation time in practical situations.
摘要翻译：披露公共密钥基础设施中数字证书的撤销，特别是在证书可能需要在其到期之前被撤销的情况下。例如，如果员工被终止或切换角色，他的当前证书不再有效。因此，提出了解决这个问题的新颖的方法，组件和系统。这里阐述的解决方案是基于接地的密集哈希树的构建。另外，与基于NOVOMODO的基于链路的版本相比，接地的密集散列树方法也提供了时间通信的权衡，而这种权衡在实际情况下可以直接改善计算时间。

7. 发明申请

US20090190752A1 METHOD AND APPARATUS FOR COMMUNICATION EFFICIENT PRIVATE INFORMATION RETRIEVAL AND OBLIVIOUS TRANSFER 失效
公开(公告)号：US20090190752A1
公开(公告)日：2009-07-30
申请号：US12365837
申请日：2009-02-04
申请人： Zulfikar Amin Ramzan , Craig B. Gentry
发明人： Zulfikar Amin Ramzan , Craig B. Gentry
IPC分类号： H04L9/28
CPC分类号： G06F7/723 , H04L9/3013 , H04L2209/12 , H04L2209/50
摘要： A method, article of manufacture and apparatus for performing private retrieval of information from a database is disclosed. In one embodiment, the method comprising obtaining an index corresponding to information to be retrieved from the database and generating a query that does not reveal the index to the database. The query is an arithmetic function of the index and a secret value, wherein the arithmetic function includes a multiplication group specified by a modulus of a random value whose order is divisible by a prime power, such that the prime power is an order of the random value. The secret value is an arithmetic function of the index that comprises a factorization into prime numbers of the modulus. The method further comprises communicating the query to the database for execution of the arithmetic function against the entirety of the database.

8. 发明授权

US08209531B2 Revocation of cryptographic digital certificates 有权
标题翻译：撤销加密数字证书
公开(公告)号：US08209531B2
公开(公告)日：2012-06-26
申请号：US12492896
申请日：2009-06-26
申请人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
发明人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L9/3265 , H04L9/3236 , H04L63/0823 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： A single validity proof (ci(F)) may be provided to certificate owners for a set (F) of the certificates via a multicast transmission if a multicasting group (2010) is formed to correspond to the set.
摘要翻译：如果组播组（2010）形成为对应于组，则可以通过组播传输向证书所有者提供单个有效性证明（ci（F））给证书的集合（F）。

9. 发明授权

US08156327B2 Revocation of cryptographic digital certificates 有权
标题翻译：撤销加密数字证书
公开(公告)号：US08156327B2
公开(公告)日：2012-04-10
申请号：US12492908
申请日：2009-06-26
申请人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
发明人： Craig B. Gentry , Zulfikar Amin Ramzan , Bernhard Bruhn
IPC分类号： H04L29/06
CPC分类号： H04L9/3265 , H04L9/3236 , H04L63/0823 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： A distributed certificate authority includes a CA and a number of Sub-CAs (2610). The Sub-CAs have secret certificate validation data, but different data are provided to different Sub-CAs for each certificate. If a Sub-CA is compromised, the Sub-CA validity proof will be withheld by the CA to alert the verifiers not to use the data from this Sub-CA. Also, the secret data are encrypted when distributed to the Sub-CAs. A decryption key (DK.j.k) for each “partition” of time is distributed to each Sub-CA at or shortly before the start of the partition. A compromised Sub-CA can be reactivated at the end of the partition because the adversary does not get the decryption keys for the future partitions.
摘要翻译：分布式证书颁发机构包括CA和多个子CA（2610）。子CA具有秘密证书验证数据，但是不同的数据被提供给每个证书的不同子CA。如果Sub-CA被泄露，则CA将拒绝子CA的有效性证明，以提醒验证者不要使用此子CA的数据。此外，秘密数据在分发给子CA时被加密。每个“分区”时间的解密密钥（DK.j.k）在分区开始之前或不久分发给每个子CA。受攻击的子CA可以在分区结束时重新激活，因为对手没有获得未来分区的解密密钥。

10. 发明授权

US08132006B2 Cryptographic authentication and/or establishment of shared cryptographic keys, including, but not limited to, password authenticated key exchange (PAKE) 有权
标题翻译：加密认证和/或共享加密密钥的建立，包括但不限于密码认证密钥交换（PAKE）
公开(公告)号：US08132006B2
公开(公告)日：2012-03-06
申请号：US11415558
申请日：2006-05-01
申请人： Zulfikar Amin Ramzan , Craig B. Gentry , Philip Mackenzie
发明人： Zulfikar Amin Ramzan , Craig B. Gentry , Philip Mackenzie
IPC分类号： H04L9/32
CPC分类号： H04L63/083 , H04L9/0844
摘要： A server (120) uses a password (π) to construct a multiplicative group (ZN*) with a (hidden) smooth order subgroup ( ), where the group order (Pπ) depends on the password. The client (110) uses its knowledge of the password to generate a root extraction problem instance (z) in the group and to generate data (y) allowing the server to construct a discrete logarithm problem instance (y′) in the subgroup. The server uses its knowledge of the group order to solve the root extraction problem, and solves the discrete logarithm problem efficiently by leveraging the smoothness of the subgroup. A shared key (sk) can be computed as a function of the solutions to the discrete logarithm and root extraction problem instances. In some embodiments, in an oblivious transfer protocol, the server queries the client (at 230) for data whose position in a database (210) is defined by the password. The client provides (240) such data without knowing the data position associated with the server's query. The client obtains the data position independently from the password. The data positions and/or the respective data are used for authentication and shared secret key generation. Other embodiments are also provided.
摘要翻译：服务器（120）使用密码（＆pgr;）来构造具有（隐藏）顺序顺序子组（）的乘法组（ZN *），其中组顺序（P＆pgr;）取决于密码。客户端（110）使用其密码知识来生成组中的根提取问题实例（z），并生成允许服务器构建子组中的离散对数问题实例（y'）的数据（y）。服务器利用群组顺序的知识来解决根提取问题，通过利用子群的平滑度来有效解决离散对数问题。共享密钥（sk）可以作为离散对数和根提取问题实例的解的函数来计算。在一些实施例中，在遗忘的传输协议中，服务器向客户端（在230处）查询其数据库（210）中的位置由密码定义的数据。客户端提供（240）这样的数据，而不知道与服务器的查询相关联的数据位置。客户端独立于密码获取数据位置。数据位置和/或相应数据用于认证和共享密钥生成。还提供了其他实施例。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式