专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

WO2005043326A2 ENCRYPTION AND SIGNATURE SCHEMES USING MESSAGE MAPPINGS TO REDUCE THE MESSAGE SIZE 审中-公开
标题翻译：加密和签名方案使用消息映射来减少消息大小
公开(公告)号：WO2005043326A2
公开(公告)日：2005-05-12
申请号：PCT/US2004/036053
申请日：2004-10-29
申请人： DOCOMO COMMUNICATIONS LABORATORIES USA, INC. , GENTRY, Craig B.
发明人： GENTRY, Craig B.
IPC分类号： G06F
CPC分类号： H04L9/3218 , H04L9/0643 , H04L9/302 , H04L9/3073 , H04L9/3247 , H04L2209/30 , H04L2209/80
摘要： According to some embodiments of the invention, a message is processed before encryption so that the encryption method generates a short ciphertext. The message processing can be viewed as a mapping (610) that maps the message into another message that generates the short ciphertext. The mapping is reversible at least if the (possibly encoded) message (H(M)) is in a restricted set, e.g. a set [0,h?] of short messages. In some embodiments of the present invention, short signatures are provided by mapping the signature into a short signature. The mapping (810) is reversible at least if the original message (H(M)) used to generate the signature is short. Signcryption, aggregate signature, and ring signature outputs are also shortened.
摘要翻译：根据本发明的一些实施例，在加密之前处理消息，使得加密方法生成短密文。消息处理可被视为映射（610），其将消息映射到生成短密文的另一消息。至少如果（可能编码的）消息（H（M））处于受限制的集合中，映射是可逆的。短消息的集合[0，h＆amp; quest;]。在本发明的一些实施例中，通过将签名映射到短签名来提供短签名。至少如果用于生成签名的原始消息（H（M））短，则映射（810）是可逆的。签名，集合签名和环签名输出也缩短。

12. 发明申请

WO2006127229A8 CRYPTOGRAPHIC AUTHENTICATION AND/OR ESTABLISHMENT OF SHARED CRYPTOGRAPHIC KEYS, INCLUDING, BUT NOT LIMITED TO, PASSWORD AUTHENTICATED KEY EXHANGE (PAKE) 审中-公开
标题翻译：密码验证和/或建立共享密码卡，包括但不限于密码认证密钥（PAKE）
公开(公告)号：WO2006127229A8
公开(公告)日：2008-01-24
申请号：PCT/US2006017115
申请日：2006-05-02
申请人： NTT DOCOMO INC , RAMZAN ZULFIKAR AMIN , GENTRY CRAIG B , MACKENZIE PHILIP
发明人： RAMZAN ZULFIKAR AMIN , GENTRY CRAIG B , MACKENZIE PHILIP
IPC分类号： H04K1/00 , H04L9/00
CPC分类号： H04L63/083 , H04L9/0844
摘要： A server (120) uses a password (p) to construct a multiplicative group (Z N *) with a (hidden) smooth order subgroup ( ), where the group order (Pp) depends on the password. The client (110) uses its knowledge of the password to generate a root extraction problem instance (z) in the group and to generate data (y) allowing the server to construct a discrete logarithm problem instance (y') in the subgroup. The server uses its knowledge of the group order to solve the root extraction problem, and solves the discrete logarithm problem efficiently by leveraging the smoothness of the subgroup. A shared key (sk) can be computed as a function of the solutions to the discrete logarithm and root extraction problem instances. In some embodiments, in an oblivious transfer protocol, the server queries the client (at 230) for data whose position in a database (210) is defined by the password. The client provides (240) such data without knowing the data position associated with the server's query. The client obtains the data position independently from the password. The data positions and/or the respective data are used for authentication and shared secret key generation. Other embodiments are also provided.
摘要翻译：服务器（120）使用密码（p）与（隐藏）平滑顺序子组（

13. 发明申请

WO2006066142A3 USE OF MODULAR ROOTS TO PERFORM AUTHENTICATION INCLUDING AUTHENTICATION OF VALIDITY OF DIGITAL CERTIFICATES 审中-公开
公开(公告)号：WO2006066142A3
公开(公告)日：2006-06-22
申请号：PCT/US2005/045796
申请日：2005-12-16
申请人： NTT DOCOMO, INC. , RAMZAN, Zulfikar Amin , GENTRY, Craig B. , BRUHN, Bernhard
发明人： RAMZAN, Zulfikar Amin , GENTRY, Craig B. , BRUHN, Bernhard
IPC分类号： H04L9/32
摘要： Authentication of elements (e.g. digital certificates 140) as possessing a pre-specified property (e.g. being valid) or not possessing the property is performed by (1) assigning a distinct integer p i to each element, and (2) accumulating the elements possessing the property or the elements not possessing the property using a P-th root u 1/P (mod n) of an integer u modulo a predefined composite integer n, where P is the product of the integers associated with the accumulated elements. Alternatively, authentication is performed without such accumulators but using witnesses associated with such accumulators. The witnesses are used to derive encryption and/or decryption keys for encrypting the data evidencing possession of the property for multiple periods of time. The encrypted data are distributed in advance. For each period of time, decryption keys are released which are associated with that period and with the elements to be authenticated in that period of time. Authentication can be performed by accumulating elements into data which are a function of each element but whose size does not depend on the number of elements, and transmitting the accumulator data over a network to a computer system which de-accumulates some elements as needed to re-transmit only data associated with elements needed by other computer systems. This technique is suitable to facilitate distribution of accumulator data in networks such as ad hoc networks.

14. 发明申请

WO2006066142A2 USE OF MODULAR ROOTS TO PERFORM AUTHENTICATION INCLUDING, BUT NOT LIMITED TO, AUTHENTICATION OF VALIDITY OF DIGITAL CERTIFICATES 审中-公开
标题翻译：使用模块化执行认证，包括但不限于证实有效的数字证书
公开(公告)号：WO2006066142A2
公开(公告)日：2006-06-22
申请号：PCT/US2005045796
申请日：2005-12-16
申请人： NTT DOCOMO INC , RAMZAN ZULFIKAR AMIN , GENTRY CRAIG B , BRUHN BERNHARD
发明人： RAMZAN ZULFIKAR AMIN , GENTRY CRAIG B , BRUHN BERNHARD
IPC分类号： G06F12/14
CPC分类号： G06F21/33 , H04L9/3218 , H04L9/3268 , H04L2209/30 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： Authentication of elements (e.g. digital certificates 140) as possessing a pre-specified property (e.g. being valid) or not possessing the property is performed by (1) assigning a distinct integer p i to each element, and (2) accumulating the elements possessing the property or the elements not possessing the property using a P-th root u 1/P (mod n) of an integer u modulo a predefined composite integer n, where P is the product of the integers associated with the accumulated elements. Alternatively, authentication is performed without such accumulators but using witnesses associated with such accumulators. The witnesses are used to derive encryption and/or decryption keys for encrypting the data evidencing possession of the property for multiple periods of time. The encrypted data are distributed in advance. For each period of time, decryption keys are released which are associated with that period and with the elements to be authenticated in that period of time. Authentication can be performed by accumulating elements into data which are a function of each element but whose size does not depend on the number of elements, and transmitting the accumulator data over a network to a computer system which de-accumulates some elements as needed to re-transmit only data associated with elements needed by other computer systems. This technique is suitable to facilitate distribution of accumulator data in networks such as ad hoc networks.
摘要翻译：通过（1）向每个元素分配不同的整数p 来执行具有预先指定的属性（例如有效）或不具有该属性的元素（例如数字证书140）的认证，以及（2）使用预定义的复合整数n的整数u的P个根u 1 / P（mod n）累积具有该属性的元素或不具有该属性的元素，其中P 是与累积元素相关联的整数的乘积。或者，在没有这样的累加器的情况下执行认证，但是使用与这种累加器相关联的证人。证人被用于导出加密和/或解密密钥，用于加密证明拥有属性多个时间段的数据。加密数据预先分配。对于每个时间段，释放与那段时间相关联的解密密钥以及在该时间段内被认证的元素。认证可以通过将元素累加到数据中来执行，该数据是每个元素的函数，但其大小不依赖于元素的数量，并且通过网络将累加器数据发送到计算机系统，其根据需要去累积一些元素 - 仅传输与其他计算机系统所需的元素相关联的数据。该技术适合于促进诸如ad hoc网络的网络中的累加器数据的分配。

15. 发明申请

WO2006024042A3 PROVISIONAL SIGNATURE SCHEMES 审中-公开
标题翻译：临时签字计划
公开(公告)号：WO2006024042A3
公开(公告)日：2006-05-26
申请号：PCT/US2005030850
申请日：2005-08-29
申请人： NTT DOCOMO INC , GENTRY CRAIG B , MOLNAR DAVID , RAMZAN ZULFIKAR AMIN
发明人： GENTRY CRAIG B , MOLNAR DAVID , RAMZAN ZULFIKAR AMIN
IPC分类号： H04L9/32
CPC分类号： H04L9/3218 , H04L9/3013 , H04L9/3066 , H04L9/3257 , H04L2209/42 , H04L2209/56
摘要： A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.
摘要翻译：公开了一种用于实现临时签名方案的部分的方法和装置。在一个实施例中，该方法包括通过对消息执行操作并完成临时签名来创建临时签名以在消息上创建最终签名。这种方案可以用于服务器辅助签名方案，指定的确认者签名方案和盲签名方案。

16. 发明申请

WO2006026737A2 REVOCATION OF CRYPTOGRAPHIC DIGITAL CERTIFICATES 审中-公开
标题翻译： CRYPTOGRAPHIC DIGITAL CERTIFICATES的撤销
公开(公告)号：WO2006026737A2
公开(公告)日：2006-03-09
申请号：PCT/US2005/031251
申请日：2005-08-31
申请人： DOCOMO COMMUNICATIONS LABORATORIES USA, INC. , GENTRY, Craig, B. , RAMZAN, Zulfikar , BRUHN, Bernhard
发明人： GENTRY, Craig, B. , RAMZAN, Zulfikar , BRUHN, Bernhard
IPC分类号： H04L9/00
CPC分类号： H04L9/3265 , H04L9/3236 , H04L63/0823 , H04L2209/38 , H04L2209/56 , H04L2209/80
摘要： Different targets (c 0 , N 1 ) of a digital certificate are mapped into a "super-target" using methods allowing a certificate validity verifier (110) to compute the super-target. The certificate includes the super-target instead of the targets. Also, a certificate with multiple targets can be signed with a redactable signature by the certification authority (CA 120). When the certificate's owner provides the certificate to a verifier together with a validity proof, the owner redacts the certificate to delete unnecessary targets. A single validity proof (c i (F)) may be provided to certificate owners for a set (F) of the certificates via a multicast transmission if a multicasting group (2010) is formed to correspond to the set. A verifier (110) may decide to cache the validity proof for a set provide the cached proof to other parties. The caching decision is based on the caching priority of the set F. The priority may depend on the number of certificates in the set F, the sum of the remaining validity periods for the certificates in the set, and other factors. In the setup phase, the CA generates validation proof data structures for greater time than the maximum validity period of any certificate. Therefore, new certificates can be added to the existing data structures after the setup phase. A distributed certificate authority includes a CA and a number of Sub-CAs (2610). The Sub-CAs have secret certificate validation data, but different data are provided to different Sub-CAs for each certificate. If a Sub-CA is compromised, the Sub-CA validity proof will be withheld by the CA to alert the verifiers not to use the data from this Sub-CA. Also, the secret data are encrypted when distributed to the Sub-CAs. A decryption key (DK.j.k) for each "partition" of time is distributed to each Sub-CA at or shortly before the start of the partition. A compromised Sub-CA can be reactivated at the end of the partition because the adversary does not get the decryption keys for the future partitions.
摘要翻译：不同的目标（c

17. 发明申请

WO2005043326A3 ENCRYPTION AND SIGNATURE SCHEMES USING MESSAGE MAPPINGS TO REDUCE THE MESSAGE SIZE 审中-公开
标题翻译：使用消息映射减少消息大小的加密和签名方案
公开(公告)号：WO2005043326A3
公开(公告)日：2005-08-25
申请号：PCT/US2004036053
申请日：2004-10-29
申请人： DOCOMO COMM LAB USA INC , GENTRY CRAIG B
发明人： GENTRY CRAIG B
IPC分类号： G06F20060101 , H04L9/00
CPC分类号： H04L9/3218 , H04L9/0643 , H04L9/302 , H04L9/3073 , H04L9/3247 , H04L2209/30 , H04L2209/80
摘要： According to some embodiments of the invention, a message is processed before encryption so that the encryption method generates a short ciphertext. The message processing can be viewed as a mapping (610) that maps the message into another message that generates the short ciphertext. The mapping is reversible at least if the (possibly encoded) message (H(M)) is in a restricted set, e.g. a set [0,h?] of short messages. In some embodiments of the present invention, short signatures are provided by mapping the signature into a short signature. The mapping (810) is reversible at least if the original message (H(M)) used to generate the signature is short. Signcryption, aggregate signature, and ring signature outputs are also shortened.
摘要翻译：根据本发明的一些实施例，在加密之前处理消息，使得加密方法生成短的密文。消息处理可以被视为将消息映射到生成短密文的另一消息的映射（610）。至少如果（可能编码的）消息（H（M））处于受限制的集合中，则映射是可逆的。一组短信息[0，h？]。在本发明的一些实施例中，通过将签名映射到短签名来提供短签名。至少如果用于生成签名的原始消息（H（M））短，映射（810）是可逆的。签名，聚合签名和环形签名输出也被缩短。

18. 发明申请

WO2004107635A2 BROADCAST ENCRYPTION USING RSA 审中-公开
标题翻译：使用RSA进行广播加密
公开(公告)号：WO2004107635A2
公开(公告)日：2004-12-09
申请号：PCT/US2004/015946
申请日：2004-05-21
申请人： DOCOMO COMMUNICATIONS LABORATORIES USA, INC. , GENTRY, Craig, B. , RAMZAN, Zulfikar, Amin
发明人： GENTRY, Craig, B. , RAMZAN, Zulfikar, Amin
IPC分类号： H04L
CPC分类号： H04H60/23 , H04L9/0836 , H04L9/302 , H04L2209/601
摘要： Methods, components and systems for implementing secure and efficient broadcast encryption schemes with configurable and practical tradeoffs among a pre-broadcast transmission bandwidth t , a key storage cost k , and a key derivation cost c , in which the schemes use subtree difference and key decomposition to generate secondary keys, use the secondary keys to encrypt the broadcast and generate ciphertexts, and use the RSA encryption scheme to implement derivability between the primary keys and the secondary keys. To decrypt the broadcast, a privileged user uses one of its primary keys to derive a secondary key, which is used to decrypt the broadcast. The product of key derivation cost c and the key storage cost k is at most (2 a - log a - 2)log a n , when n is the number of users, 1≤ b ≤ log n , a =2 b , and revoked users r n /3.
摘要翻译：用于实现安全和有效的广播加密方案的方法，组件和系统，其中广播传输带宽t，密钥存储成本k和密钥导出成本c之间具有可配置和实际的权衡，其中方案使用子树差分和密钥分解生成辅助密钥，使用辅助密钥加密广播并生成密文，并使用RSA加密方案来实现主密钥和次密钥之间的派生。为了对广播进行解密，特权用户使用其主键之一来导出用于解密广播的辅助密钥。密钥导出成本c和密钥存储成本k的乘积最多为（2a-log a-2）loga n，当n为用户数时，1 <= b <= LOGn，a = 2 并撤销用户r

19. 发明申请

WO2002091664A1 RING-BASED SIGNATURE SCHEME 审中-公开
标题翻译：基于环的签名方案
公开(公告)号：WO2002091664A1
公开(公告)日：2002-11-14
申请号：PCT/US2002/014099
申请日：2002-05-03
申请人： DOCOMO COMMUNICATIONS LABORATORIES USA, INC. , GENTRY, Craig, B. , YIN, Yiqun
发明人： GENTRY, Craig, B. , YIN, Yiqun
IPC分类号： H04L9/00
CPC分类号： H04L9/3066 , H04L9/3093 , H04L9/3247 , H04L2209/80
摘要： A method and system for generating and verifying a digital signature of a message is provided. The digital signature includes digital signature polynomials. Two relatively prime ideals p and q of a ring R(102) are selected. A private key and the second ideal q are used to generate a public key. One or more message polynomials are generated based on the message to be signed. The digital signature polynomials are generated (110) using at least one of the message polynomials, at least one of the private key polynomials, and at least one of the ideals p and q, wherein the digital signature polynomials in unreduced form are not multiples of the private key polynomials in the ring R. The signature is then verified (116) by confirming that a deviation between at least one of the messae polynomials and at least one of the digital signature polynomials is less than a predetermined deviation threshold.
摘要翻译：提供了一种用于生成和验证消息的数字签名的方法和系统。数字签名包括数字签名多项式。选择环R（102）的两个相对主要理想p和q。私钥和第二理想q用于生成公钥。基于要签名的消息生成一个或多个消息多项式。使用消息多项式，私钥多项式中的至少一个以及理想p和q中的至少一个来生成（110）数字签名多项式，其中未还原形式的数字签名多项式不是在环R中的私钥多项式。然后通过确认至少一个消息多项式与数字签名多项式中的至少一个之间的偏差小于预定的偏差阈值来验证签名（116）。

20. 发明申请

WO2005114900A3 DIGITAL SIGNATURES INCLUDING IDENTITY-BASED AGGREGATE SIGNATURES 审中-公开
标题翻译：数字签名，包括基于身份的集体签名
公开(公告)号：WO2005114900A3
公开(公告)日：2009-04-09
申请号：PCT/US2005017887
申请日：2005-05-20
申请人： NTT DOCOMO INC , GENTRY CRAIG B , RAMZAN ZULFIKAR AMIN
发明人： GENTRY CRAIG B , RAMZAN ZULFIKAR AMIN
IPC分类号： H04L9/28 , H04L9/00 , H04L9/32
CPC分类号： H04L9/3073 , H04L9/3247
摘要： Methods and systems are provided that allow multiple identity-based digital signatures to be merged into a single identity-based "aggregate" digital signature. This identity-based aggregate signature has a shorter bit-length than the concatenation of the original unaggregated identity-based signatures. The identity-based aggregate signature can be verified by anyone who obtains the public keys of one or more Private Key Generators (PKGs), along with a description of which signer signed which message. The verifier does not need to obtain a different public key for each signer, since the signature scheme is "identity-based"; the number of PKGs may be fewer than the number of signers. Consequently, the total information needed to verify the identity-based aggregate signature - namely, a description of who signed what, the PKGs' public keys, and the identity-based aggregate signature itself - may be less than the information needed to verify separate digital signatures - namely, a description of who signed what, the public verification keys for all of the signers, and the concatenation of the signers' signatures. In some embodiments, the identity-based aggregate signature scheme has essentially the minimum-possible Kolmogorov complexity.
摘要翻译：提供了允许将多个基于身份的数字签名合并成单个基于身份的“聚合”数字签名的方法和系统。这种基于身份的聚合签名的比特长度比原始的未分类的基于身份的签名的级联更短。获得一个或多个私钥生成器（PKG）的公钥的任何人可以验证基于身份的聚合签名，以及哪个签名者签署哪个消息的描述。验证者不需要为每个签名者获取不同的公钥，因为签名方案是“基于身份的”; PKG的数量可能少于签名者的数量。因此，验证基于身份的聚合签名所需的总体信息，即对谁签署了什么，PKG的公开密钥以及基于身份的聚合签名本身的描述可能小于验证单独的数字签名 - 即描述谁签署了什么，所有签名者的公开验证密钥以及签字人签名的连接。在一些实施例中，基于身份的聚合签名方案基本上具有最小可能的Kolmogorov复杂度。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式