Настройки

Укажите год
-

Небесная энциклопедия

Космические корабли и станции, автоматические КА и методы их проектирования, бортовые комплексы управления, системы и средства жизнеобеспечения, особенности технологии производства ракетно-космических систем

Подробнее
-

Мониторинг СМИ

Мониторинг СМИ и социальных сетей. Сканирование интернета, новостных сайтов, специализированных контентных площадок на базе мессенджеров. Гибкие настройки фильтров и первоначальных источников.

Подробнее

Форма поиска

Поддерживает ввод нескольких поисковых фраз (по одной на строку). При поиске обеспечивает поддержку морфологии русского и английского языка
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Ведите корректный номера.
Укажите год
Укажите год
Применить Всего найдено 5261. Отображено 100.
12-01-2012 дата публикации

Digital signature generation apparatus, digital signature verification apparatus, and key generation apparatus

Номер: US20120011369A1
Автор: Koichiro Akiyama, Yasuhiro Goto
Принадлежит: Toshiba Corp

A digital signature generation apparatus includes memory to store finite field F q and section D(u x (s, t), u y (s, t), s, t) as secret key, section being one of surfaces of three-dimensional manifold A(x, y, s, t) which is expressed by x-coordinate, y-coordinate, parameter s, and parameter t and is defined on finite field Fq, x-coordinate and y-coordinate of section being expressed by functions of parameter s and parameter t, calculates hash value of message m, generates hash value polynomial by embedding hash value in 1-variable polynomial h(t) defined on finite field F q , and generates digital signature D s (U x (t), U y (t), t) which is curve on section, the x-coordinate and y-coordinate of curve being expressed by functions of parameter t, by substituting hash value polynomial in parameter s of section.

Подробнее
Номер записи: 1
21-06-2012 дата публикации

Modular exponentiation resistant against skipping attacks

Номер: US20120159189A1
Автор: Marc Joye
Принадлежит: Individual

An exponentiation method resistant against skipping attacks. A main idea of the present invention is to evaluate, in parallel with the exponentiation such as y=g d , a value based on the exponent, e.g. f=d·1. These evaluations are performed using the same exponentiation algorithm by “gluing” together the group operations underlying the computation of y and f so that a perturbation to one operation also perturbs the other. This makes it possible to verify that f indeed equals d before returning the result. Also provided are an apparatus and a computer program product.

Подробнее
Номер записи: 2
28-06-2012 дата публикации

Cryptography module for use with fragmented key and methods for use therewith

Номер: US20120163590A1
Автор: Thomas Jefferson Saremi, Zeev Lieber
Принадлежит: Morega Systems Inc

A cryptography module includes a key store having a plurality of storage locations for storing a key as k key fragments including a plurality of random key fragments and a remainder key fragment. One or more crypto-processing segments each operate based on corresponding ones of the k key fragments to process an input signal to produce an output signal.

Подробнее
Номер записи: 3
19-07-2012 дата публикации

Protecting Codes, Keys and User Credentials with Identity and Patterns

Номер: US20120185698A1
Автор: Michael Stephen Fiske
Принадлежит: Individual

Computer security applications use cryptography keys, cryptography codes—such as one-time passcodes—and other user credentials to protect the secrecy, authenticity and integrity of applications such as financial information, financial transactions and infrastructure (e.g. the electrical grid, power plants, and defense systems). The prior art attempted to generate (e.g. derive) an invariant from a biometric template, biometric print or non-biometric pattern that is used as a security key or code. Biometric variability has been a difficult obstacle for the prior art. In an embodiment, the invariant is at least partially generated (e.g., derived) a transformation between the biometric templates or prints. In an embodiment, the invariant is a cryptography key. In an embodiment, the transformation(s) help perform an authentication of the user and are executed by digital computer program instructions. In an embodiment, pattern transformation(s) are represented with colors, geometry or frequencies.

Подробнее
Номер записи: 4
23-08-2012 дата публикации

Systems and methods for device and data authentication

Номер: US20120213361A1
Автор: Bernd Meyer, Cheow Guan Lim, Stephan Schaecher, Wieland Fischer
Принадлежит: INFINEON TECHNOLOGIES AG

Embodiments relate to systems and methods for authenticating devices and securing data. In embodiments, a session key for securing data between two devices can be derived as a byproduct of a challenge-response protocol for authenticating one or both of the devices.

Подробнее
Номер записи: 5
11-10-2012 дата публикации

Strengthened public key protocol

Номер: US20120257758A1
Автор: Alfred John Menezes, Donald B. Johnson, Minghua Qu, Scott A. Vanstone
Принадлежит: Individual

A method of determining the integrity of a message exchanged between a pair of correspondents. The message is secured by embodying the message in a function of a public key derived from a private key selected by one of the correspondents. The method comprises first obtaining the public key. The public key is then subjected to at least one mathematical test to determine whether the public key satisfies predefined mathematical characteristics. Messages utilizing the public key are accepted if the public key satisfies the predefined mathematical characteristics.

Подробнее
Номер записи: 6
15-11-2012 дата публикации

Transponder, Reader and Methods for Operating the Same

Номер: US20120288093A1
Автор: Bruce Murray
Принадлежит: NXP BV

It is described a method for operating a transponder ( 203 ), the method comprising: receiving, by the transponder, in particular wirelessly, transmitted reader data ( 205 ) representing x and sqrt[b]/x, wherein x is an element of a binary Galois field and b is a scalar; processing, by the transponder, the reader data ( 205 ) to determine, whether x is a first coordinate of a point on an elliptic curve defined by the elliptic curve equation y 2 +xy=x 3 +ax 2 +b, wherein the elliptic curve is defined over the Galois field such that x and y are elements of the Galois field, wherein y is a second coordinate of the point on the elliptic curve. Further a transponder, a method for operating a reader and a reader are described.

Подробнее
Номер записи: 7
20-12-2012 дата публикации

Revocation status using other credentials

Номер: US20120321084A1
Автор: Eric F. Le Saint, Robert S. Dulude
Принадлежит: Individual

Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.

Подробнее
Номер записи: 8
03-01-2013 дата публикации

Simultaneous Scalar Multiplication Method

Номер: US20130003964A1
Автор: Adrian Antipa, Yuri Poeluev
Принадлежит: Certicom Corp

In computing point multiples in elliptic curve schemes (e.g. kP and sQ) separately using, for example, Montgomery's method for the purpose of combining kP+sQ, several operations are repeated in computing kP and sQ individually, that could be executed at the same time. A simultaneous scalar multiplication method is provided that reduces the overall number of doubling and addition operations thereby providing an efficient method for multiple scalar multiplication. The elements in the pairs for P and Q method are combined into a single pair, and the bits in k and s are evaluated at each step as bit pairs. When the bits in k and s are equal, only one doubling operation and one addition operation are needed to compute the current pair, and when the bits in k and s are not equal, only one doubling operation is needed and two addition operations.

Подробнее
Номер записи: 9
21-02-2013 дата публикации

Using A Single Certificate Request to Generate Credentials with Multiple ECQV Certificates

Номер: US20130046972A1
Автор: James Robert Alfred, Matthew John Campagna, Robert John Lambert
Принадлежит: Individual

A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Подробнее
Номер записи: 10
30-05-2013 дата публикации

Decryption apparatus and method of decrypting ciphertext of the same

Номер: US20130136257A1
Автор: Hee-Jae Park, Jong-ho Rhee, Yong-kuk You
Принадлежит: SAMSUNG ELECTRONICS CO LTD

The method of decrypting a ciphertext includes: pre-storing a plurality of polynomial functions into which a secret key decrypting a ciphertext to a plaintext according to a public-key cryptography algorithm is broken down; receiving the ciphertext generated based on the secret key which is broken down into the plurality of polynomial functions from a ciphertext generating device; and decrypting the received ciphertext into the plaintext based on the pre-stored polynomial functions.

Подробнее
Номер записи: 11
20-06-2013 дата публикации

Combined digital certificate

Номер: US20130159702A1
Автор: Eric Thierry PEETERS
Принадлежит: Texas Instruments Inc

A system can comprise a memory to store computer readable instructions and a processing unit to access the memory and to execute the computer readable instructions. The computer readable instructions can comprise a certificate manager configured to request generation of N number of random values, where N is an integer greater than or equal to one. The certificate manager can also be configured to request a digital certificate from at least one certificate authority of at least two different certificate authorities. The request can include a given one of the N number of random values. The certificate manager can also be configured to generate a private key of a public-private key pair, wherein the private key is generated based on a private key of each of the least two certificate authorities.

Подробнее
Номер записи: 12
15-08-2013 дата публикации

Method and System for a Certificate-less Authenticated Encryption Scheme Using Identity-based Encryption

Номер: US20130212377A1
Автор: Behzad Malek
Принадлежит: Individual

A method of verifying public parameters from a trusted center in an identity-based encryption system prior to encrypting a plaintext message by a sender having a sender identity string may include: identifying the trusted center by a TC identity string, the trusted center having an identity-based public encryption key of the trusted center based on the TC identity string; determining if the sender has a sender private key and the public parameters for the trusted center including the public encryption key of the trusted center and a bilinear map; and verifying the public parameters using the TC identity string prior to encrypting the plaintext message into a ciphertext by comparing values of the bilinear map calculated with variables from the trusted center. The ciphertext may include a component to authenticate the sender once the ciphertext is received and decrypted by the recipient using the private key of the recipient.

Подробнее
Номер записи: 13
03-10-2013 дата публикации

SYSTEM AND METHOD FOR AUTHENTICATION OF A COMMUNICATION DEVICE

Номер: US20130262859A1
Автор: Meng Kevin, Nguyen Nam, Zhang Donggen
Принадлежит:

A system and method for authentication of a communication device is disclosed. A system that incorporates teachings of the present disclosure may include, for example, a communication device having a controller element to compute a shared secret key based at least in part on a communication device private key and a cryptography algorithm, where the communication device private key is stored in an identity module of the communication device and is unknown to an authentication center, and wherein the communication device is authenticated by the authentication center based at least in part on the shared secret key. Additional embodiments are disclosed. 1. A non-transitory computer-readable storage medium , comprising computer instructions that , when executed by a processor , causes the processor to perform operations comprising:generating an authentication center private key at an authentication center, wherein the authentication center comprises a network proxy including a communication interface for communicating with a gateway that provides voice, video, internet protocol television and data communication services between voice over internet protocol terminals;computing an authentication center public key based at least in part on the authentication center private key and a reference point in a cryptography algorithm;receiving a communication device public key computed by a communication device based at least in part on a communication device private key and the reference point in the cryptography algorithm, wherein the communication device private key is stored in an identity module of the communication device, wherein the communication device private key is provided to the communication device from a third party network, wherein the cryptography algorithm is an elliptic curve algorithm having a base point, wherein the third party network is operated by a single party source, and wherein the authentication center private key, the communication device private key, ...

Подробнее
Номер записи: 14
31-10-2013 дата публикации

Hashing prefix-free values in a certificate scheme

Номер: US20130290713A1
Автор: David William Kravitz, Gregory Marc Zaverucha
Принадлежит: Certicom Corp

Methods, systems, and computer programs for producing hash values are disclosed. A prefix-free value is obtained based on input data. The prefix-free value can be based on an implicit certificate, a message to be signed, a message to be verified, or other suitable information. A hash value is obtained by applying a hash function to the prefix-free value. The hash value is used in a cryptographic scheme. In some instances, a public key or a private key is generated based on the hash value. In some instances, a digital signature is generated based on the hash value, or a digital signature is verified based on the hash value, as appropriate.

Подробнее
Номер записи: 15
10-04-2014 дата публикации

Method for elliptic curve cryptography with countermeasures against simple power analysis and fault injection analysis and system thereof

Номер: US20140098951A1
Автор: Doo Ho Choi, Hyun Sook Cho, Yong Je Choi
Принадлежит: Electronics and Telecommunications Research Institute ETRI

There are provided a method for elliptic curve cryptography with countermeasures against simple power analysis and fault injection analysis, and a system thereof. According to an aspect, there is provided a method for elliptic curve cryptography, in which an elliptic curve point operation is performed to generate an elliptic curve code, including: receiving a first point and a second point on the elliptic curve, wherein the first point is P 0 =(x 0 , y 0 ) and the second point is P 1 =(x 1 , y 1 ); and performing doubling if the first point is the same as the second point, and performing addition if the first point is different from the second point, to thereby obtain a third point, wherein the third point is P 2 =P 0 +P 1 =(x 2 , y 2 ). Accordingly, it is possible to provide countermeasures against a side channel analysis attack.

Подробнее
Номер записи: 16
05-01-2017 дата публикации

Electronic Authentication Systems

Номер: US20170004497A1
Автор: Mestre Patrick, Smets Patrik
Принадлежит:

Methods and devices are provided for use in facilitating transactions between transaction devices and points of interactions. In connection therewith, one transaction device generally includes an input and an output for communicating with a point of interaction with regard to a transaction by a consumer at the point of interaction involving the transaction device. The transaction device also includes a processor in communication with the input and the output. The processor is configured to interact with the point of interaction in connection with the transaction, store transaction data relating to the transaction in a data store during the course of the transaction, and, in response to an interruption in the transaction with the point of interaction, retrieve transaction data stored in the data store in order to resume the transaction with the point of interaction when communication with the point of interaction is restored. 1. A transaction device , comprising:an input and an output for communicating with a point of interaction, in connection with a transaction by a consumer at the point of interaction involving the transaction device; and interact with the point of interaction in connection with the transaction;', 'store transaction data relating to the transaction in a data store during the course of the transaction; and', 'in response to an interruption in the transaction with the point of interaction, retrieve transaction data stored in the data store in order to resume the transaction with the point of interaction when communication with the point of interaction is restored., 'a processor in communication with the input and the output, the processor configured to2. The transaction device of claim 1 , further comprising the data store in communication with the processor.3. The transaction device of claim 2 , wherein the data store comprises a non-volatile memory module.4. The transaction device of claim 3 , wherein the non-volatile memory module comprises an ...

Подробнее
Номер записи: 17
02-01-2020 дата публикации

SYSTEM FOR EXECUTING, SECURING, AND NON-REPUDIATION OF POOLED CONDITIONAL SMART CONTRACTS OVER DISTRIBUTED BLOCKCHAIN NETWORK

Номер: US20200005253A1
Автор: Rangarajan Prabakar, Singh Awadhesh Pratap
Принадлежит: Bank of America Corporation

Embodiments of the present invention provide a system for executing, securing, and non-repudiation of pooled conditional smart contracts over a distributed blockchain network. In particular, the system may receive an instrument request from a beneficiary entity, where the instrument request includes an instrument amount. The system can then identify a lead contribution amount that a lead entity is willing to provide to meet a portion of the instrument amount. A set of supporting entities can be identified as willing to provide supporting contribution amounts to meet the remainder of the instrument amount. A conditional contract can be sent to each supporting entity that, when signed, authorizes the system to transfer contribution amounts, which may be in the form of cryptocurrency, from blockchain addresses of the lead and supporting entities to a blockchain address of the beneficiary entity. Once the instrument amount has been secured, the system executes the transactions. 1. A system for executing , securing , and non-repudiation of pooled conditional smart contracts over a distributed blockchain network , the system comprising:a memory device; and receive an instrument request comprising an instrument amount from a beneficiary entity, wherein the instrument amount is backed by a specific asset;', 'identify a set of supporting entities that are willing to provide supporting contribution amounts to meet the instrument amount, wherein the set of supporting entities comprises at least a first supporting entity willing to provide a first supporting contribution amount, and a second supporting entity willing to provide a second supporting contribution amount, and wherein the first supporting contribution amount is backed by a specific asset managed by the first supporting entity and the second supporting contribution amount is backed by a specific asset managed by the second supporting entity;', 'transmit a conditional contract to the first supporting entity, wherein ...

Подробнее
Номер записи: 18
05-01-2017 дата публикации

READING OF AN ATTRIBUTE FROM AN ID TOKEN

Номер: US20170005800A9
Автор: MORGNER Frank
Принадлежит: BUNDESDRUCKEREI GMBH

The disclosure relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, said method comprising: determining, by a terminal, of whether a contact-based interface of the ID token is present and can be used for data exchange with the terminal. If the ID token does not have the contact-based interface or this cannot be used, implementing a zero-knowledge authentication protocol via a contactless interface of the terminal and ID token; and deriving an ID token identifier by the terminal. If the ID token has the contact-based interface and this can be used, authenticating the user to the ID token via the contact-based interface; accessing to an ID token identifier by the terminal; sending of the ID token identifier from the terminal to an ID provider computer; use of the ID token identifier by the ID provider computer in order to authenticate the ID provider computer to the ID token; and read access of the ID provider computer to the at least one attribute stored in the ID token. 2. The method according to claim 1 , wherein the implementing the zero-knowledge authentication protocol comprises:first implementing a Diffie-Hellman key exchange (DH I) with use of the static secret by the ID token and by the terminal for generation of a first shared temporary base point (B′);second implementing a Diffie-Hellman key exchange (DH II) with use of the first shared temporary base point (B′), wherein the second implementation comprises the generation of the first public cryptographic key (ÖS_IDT2) and a second public cryptographic key (ÖS_T2) with the inclusion of the static secret and the exchange of the first and second public cryptographic keys between terminal and ID token;establishing a secure first data transfer channel (V1) between ID token and terminal with use of the first and second public cryptographic key;deriving an authentication key (AuS) from the first public cryptographic key (ÖS_IDT2) by the terminal; ...

Подробнее
Номер записи: 19
05-01-2017 дата публикации

SYSTEMS AND METHODS FOR AUTHENTICATION BASED ON PHYSICALLY UNCLONABLE FUNCTIONS

Номер: US20170005811A1
Автор: Jones Scott Edward, TREMLET Christophe
Принадлежит: MAXIM INTEGRATED PRODUCTS, INC.

Presented are systems, devices, and methods for reliably authenticating asymmetric cryptography-based ICs based on Physically Unclonable Functions (PUFs) that are immune to reverse engineering. Various embodiments of the invention enhance the level of security in IC architectures without the need to connect to a remote certification authority, thereby, eliminating shortfalls associated with online authentication. Certain embodiments accomplish this by using a PUF-generated secure private key that need never be output by or exported from the PUF. 1. An integrated circuit for authenticating an electronic device without connecting to a remote certification authority , the integrated circuit comprising:a physically unclonable function (PUF) element that generates a random number; anda processor configured to:receive the random number and determine whether the random number is non-zero;in response to determining that the random number is non-zero, accept a device private key that is based on the random number;compute a device public key associated with the random number;receive during a manufacturing process a public key certificate that is based on a computed public key, the public key certificate being signed with an external private key;receive a challenge from a host;sign the challenge with the device private key; andcommunicate the signed challenge to the host.2. The integrated circuit according to claim 1 , wherein the challenge is a random number that is not stored in a nonvolatile memory.3. The integrated circuit according to claim 1 , wherein the public key certificate comprises a data field comprising a value that is representative of the device public key.4. The integrated circuit according to claim 1 , wherein the external private key is provided by an external certification authority.5. The integrated circuit according to claim 1 , wherein the processor is external to the integrated circuit.6. The integrated circuit according to claim 1 , wherein the signed ...

Подробнее
Номер записи: 20
05-01-2017 дата публикации

Electronic Authentication Systems

Номер: US20170006048A1
Автор: Garrett Duncan, Roberts Dave, Smets Patrik
Принадлежит:

Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter. 1. A computer-implemented method of detecting relay attacks between first and second devices in a communications network , the method comprising:sending first data, by the first device, to the second device;receiving, by the first device, a communication from the second device, the communication comprising second data generated at the second device and a time parameter related to the generation of the second data;measuring a total transmission time at the first device between sending the first data and receiving the communication;determining a further time parameter related to the generation of the second data, based at least in part on the measured total transmission time; anddetermining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.2. The method of claim 1 , wherein determining the presence of the relay attack includes comparing claim 1 , by the first device claim 1 , the time parameter and the further time parameter claim 1 , and determining if a difference between the time ...

Подробнее
Номер записи: 21
07-01-2016 дата публикации

READING OF AN ATTRIBUTE FROM AN ID TOKEN

Номер: US20160006566A1
Автор: MORGNER Frank
Принадлежит: BUNDESDRUCKEREI GMBH

The disclosure relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, said method comprising: determining, by a terminal, of whether a contact-based interface of the ID token is present and can be used for data exchange with the terminal. If the ID token does not have the contact-based interface or this cannot be used, implementing a zero-knowledge authentication protocol via a contactless interface of the terminal and ID token; and deriving an ID token identifier by the terminal. If the ID token has the contact-based interface and this can be used, authenticating the user to the ID token via the contact-based interface; accessing to an ID token identifier by the terminal; sending of the ID token identifier from the terminal to an ID provider computer; use of the ID token identifier by the ID provider computer in order to authenticate the ID provider computer to the ID token; and read access of the ID provider computer to the at least one attribute stored in the ID token. 2. The method according to claim 1 , wherein the implementing the zero-knowledge authentication protocol comprises:first implementing a Diffie-Hellman key exchange (DH I) with use of the static secret by the ID token and by the terminal for generation of a first shared temporary base point (B′);second implementing a Diffie-Hellman key exchange (DH II) with use of the first shared temporary base point (B′), wherein the second implementation comprises the generation of the first public cryptographic key (ÖS_IDT2) and a second public cryptographic key (ÖS_T2) with the inclusion of the static secret and the exchange of the first and second public cryptographic keys between terminal and ID token;establishing a secure first data transfer channel (V1) between ID token and terminal with use of the first and second public cryptographic key;deriving an authentication key (AuS) from the first public cryptographic key (ÖS_IDT2) by the terminal; ...

Подробнее
Номер записи: 22
05-01-2017 дата публикации

AUTHENTICATION AND KEY AGREEMENT WITH PERFECT FORWARD SECRECY

Номер: US20170006469A1
Автор: Palanigounder Anand
Принадлежит:

Systems and methods for providing authentication key agreement (AKA) with perfect forward secrecy (PFS) are disclosed. In one embodiment, a network according to the disclosure may receive an attach request from a UE, provide an authentication request including a network support indicator to a network resource, receive an authentication token from the network resource, such that the authentication token includes an indication that a network supports PFS, provide the authentication token to the UE, receive an authentication response including a UE public key value, obtain a network public key value and a network private key value, determine a shared key value based on the network private key value and the UE public key value, bind the shared key value with a session key value to create a bound shared key value, and use the bound shared key value to protect subsequent network traffic. 1. A method for providing an authentication and key agreement protocol with perfect forward secrecy (PFS) between a user equipment and a network , the method comprising:generating, with the user equipment, an attach request;receiving, with the user equipment, an authentication token, that includes an indication of PFS support by the network;determining, with the user equipment, whether the network supports PFS;providing, with the user equipment, a UE public key value to the network;receiving, with the user equipment, a network public key value from the network;determining, with the user equipment, a shared key value based on the network public key value and a UE private key value;binding, with the user equipment, the shared key value with a session key value to create a bound shared key value; andutilizing, with the user equipment, the bound shared key value to protect subsequent network traffic.2. The method of wherein the attach request includes an indication that the user equipment supports PFS.3. The method of wherein generating claim 1 , with the user equipment claim 1 , an attach ...

Подробнее
Номер записи: 23
04-01-2018 дата публикации

Lossy arithmetic

Номер: US20180006817A1
Автор: Artur Tadeusz Burchard, Marinus Van Splunter
Принадлежит: NXP BV

Embodiments include a method of adding first and second binary numbers having C bits and divided into D words to provide a third binary number in E successive adding operations, C, D and E being plural positive integers, the method comprising: a first group of D adding operations adding together respective words of the first and second binary numbers to provide D sum and carry outputs ranging from a least significant to a most significant sum and carry output; one or more subsequent groups of adding operations adding together sum and carry outputs from an immediately preceding group of adding operations, a final group of the one or more subsequent groups resulting in the third binary number consisting of the sum outputs from the final group and a carry from the most significant carry output of the final group, wherein E is less than D.

Подробнее
Номер записи: 24
03-01-2019 дата публикации

TECHNOLOGIES FOR ROBUST COMPUTATION OF ELLIPTIC CURVE DIGITAL SIGNATURES

Номер: US20190007219A1
Автор: Ghosh Santosh, Sastry Manoj R.
Принадлежит:

Technologies for elliptic curve cryptography (ECC) include a computing device having an ECC engine that reads one or more parameters from a data port. The ECC engine performs operations using the parameters, such as an Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA may be performed in a protected mode, in which the ECC engine will ignore inputs. The ECC engine may perform the ECDSA in a fixed amount of time in order to protect against timing side-channel attacks. The ECC engine may perform the ECDSA by consuming a uniform amount of power in order to protect against power side-channel attacks. The ECC engine may perform the ECDSA by emitting a uniform amount of electromagnetic radiation in order to protect against EM side-channel attacks. The ECC engine may perform the ECDSA verify with 384-bit output in order to protect against fault injection attacks. 1. A compute device for computation of elliptic curve digital signatures , the compute device comprising: read a parameter value for each of a plurality of parameters of a elliptic curve digital signature algorithm sign operation from a data port of the ECC engine;', 'read an opcode from an instruction port of the ECC engine, wherein the opcode is indicative of the elliptic curve digital signature algorithm sign operation;', 'enter a protected mode in response to reading the opcode, wherein the ECC engine is configured to ignore input from the data port while in the protected mode;', 'perform the elliptic curve digital signature algorithm sign operation in response to reading the opcode;', 'exit the protected mode in response to completion of the elliptic curve digital signature algorithm sign operation; and', 'write result data to an output port of the ECC engine in response to performing the elliptic curve digital signature algorithm sign operation., 'an elliptic curve cryptography (ECC) engine, wherein the ECC engine is to2. The compute device of claim 1 , wherein the ECC engine is further to:read a ...

Подробнее
Номер записи: 25
02-01-2020 дата публикации

METHOD FOR ESTABLISHING A SECURE COMMUNICATION SESSION IN A COMMUNICATIONS SYSTEM

Номер: US20200007327A1
Автор: DOLIWA PETER, Garg Vakul
Принадлежит:

A method is provided for establishing a secure communication session in a communications system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. A first ephemeral key pair is generated by the record layer functional block of a first communication peer. A public key of the first ephemeral key pair is transmitted to a second communication peer. The handshake layer functional block of the first communication peer generates a second ephemeral key pair. A public key of the second ephemeral key pair is transmitted to the second communication peer. The second communication peer generates a third ephemeral key pair. A handshake key is generated from the public key of the second communication peer and a private key of the handshake layer block of the first communication peer. A session key is generated from the public key of the second communication peer and a private key of the record layer block of the first communication peer 1. A method for establishing a secure communication session in a communications system , the method comprising:providing, in a first communication peer, a handshake layer functional block;providing, in the first communication peer, a record layer functional block separate from the handshake layer functional block, wherein functionality of the record layer functional block is not duplicated in the handshake layer functional block;generating, by the record layer functional block of the first communication peer, a first ephemeral key pair;transmitting a public key of the first ephemeral key pair to a second communication peer;generating, by a handshake layer functional block of the first communication peer, a second ephemeral key pair;transmitting a public key of the second ephemeral key pair to a second communication peer;generating, by the second communication peer, a third ephemeral key pair;transmitting a public key of the third ...

Подробнее
Номер записи: 26
02-01-2020 дата публикации

LOCATION AWARE CRYPTOGRAPHY

Номер: US20200007328A1
Автор: Beitel Daniel Robert, Kumar Ambuj, Marson Mark Evan
Принадлежит:

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity. 120-. (canceled)21. A method comprising:transmitting a request to transmit data from a first device to a second device;receiving an encrypted session key from the second device in response to the request, wherein the encrypted session key is encrypted by a second device key that is based on a combination of a public key and a time value associated with the second device;identifying another time value associated with the first device; andgenerating, by a processing device, a first device key based on a combination of the time value associated with the first device and a private key that corresponds to the public key, wherein the first device key decrypts the encrypted session key responsive to the time value associated with the first device corresponding to the time value associated with the second device.22. The method of claim 21 , wherein the second device key is further based on a location of the second device claim 21 , and wherein the first device key is further based on another location of the first device.23. The method of claim 21 , further comprising:in response to decrypting the encrypted session key, encrypting data based on the session key; andtransmitting the encrypted data from the first device to the second device.24. The ...

Подробнее
Номер записи: 27
20-01-2022 дата публикации

CRYPTOGRAPHIC KEY GENERATION USING KUMMER VARIETIES

Номер: US20220021530A1
Автор: Barreto Paulo Sergio Licciardi Messeder, KUPWADE PATIL Harsh, Ricardini Fernandes De Oliveira Jefferson E.
Принадлежит:

An authenticated, ID-based private/public key pair, with a self-certified public key, is generated using Kummer arithmetic without bilinear pairings. Two or more parties can generate such key pairs and use them as their respective long-term key pairs which, when combined with the parties' short-term key pairs, can allow the parties to establish an authenticated, short-term shared key. Some embodiments are suitable for connected vehicles communicating with each other and/or with other systems. Other features are also provided. 1. A method for generating a first private/public key pair by a first computer entity , wherein the first private/public key pair includes a first private key and a corresponding first public key , the method comprising:generating, by the first computer entity, the first private key, wherein the first private key depends on a first scalar, wherein generating the first private key comprises generating the first scalar by using private key material received from a certification authority (CA) and dependent on the CA's private key;generating, by the first computer entity, the first public key corresponding to the first private key and dependent on the private key material, wherein generating the first public key comprises computing, by the first computer entity, an element of a Kummer variety of a finite elliptic curve group, the element being dependent on the private key material.2. The method of wherein the element of the Kummer variety is:±V=[s]Gwherein s is the first scalar, and G is a public element of the elliptic curve.3. The method of wherein the element G has a prime order.4. The method of wherein the order of G corresponds to a predefined security level.5. The method of wherein each of the first private key and the private key material depend on an identity associated with the first computer entity.6. The method of wherein the elliptic curve is a Montgomery curve.7. The method of claim 1 , wherein the first private/public key pair is a ...

Подробнее
Номер записи: 28
20-01-2022 дата публикации

LOCATION AWARE CRYPTOGRAPHY

Номер: US20220021534A1
Автор: Beitel Daniel Robert, Kumar Ambuj, Marson Mark Evan
Принадлежит:

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity. 1. (canceled)2. A method of operating a first device , the method comprising:initiating a communication session with a second device;generating first location information associated with the first device;retrieving a public key and a private key associated with the first device;generating a location-based private key based on the first location information and the private key;transmitting a public key and a certificate to the second device;receiving, from the second device, a session key encrypted based on the public key and second location information associated with the second device; andcommunicating encrypted data with the second device in the communication session, wherein the encrypted data is encrypted with the session key.3. The method of claim 2 , wherein communicating encrypted data further comprises:receiving the encrypted data from the second device; anddecrypting, using the location-based private key, the encrypted data to obtain unencrypted data.4. The method of claim 2 , wherein communicating encrypted data further comprises:encrypting data to obtain the encrypted data using the session key; andtransmitting the encrypted data to the second device.5. The method of claim 2 , further comprising:receiving, from the second device ...

Подробнее
Номер записи: 29
27-01-2022 дата публикации

AUTHENTICATION USING KEY AGREEMENT

Номер: US20220029796A1
Автор: ELGAMAL TAHER, Peddada Prasad
Принадлежит:

A client may transmit an authentication request to a server. the server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client. 1. A method for authentication of a client to a server , comprising:receiving, at the server and from the client, an authentication request;generating, in response to receiving the authentication request, a short-lived asymmetric key pair on the server, the client being associated with a client public key;generating, based at least in part on receiving the authentication request, a symmetric key using the client public key and a short-lived private key of the short-lived asymmetric key pair;encrypting a random challenge using the symmetric key;generating a partial key agreement result using a first portion of a split private key, the server having transmitted a second portion of the split private key to the client, the split private key being associated with the client public key;transmitting the encrypted random challenge and the partial key agreement result to the client, wherein the client is configured to derive the symmetric key for decrypting the random challenge using the partial key agreement result; andauthenticating the client based at least in part on ...

Подробнее
Номер записи: 30
12-01-2017 дата публикации

Public Key Encryption Algorithms for Hard Lock File Encryption

Номер: US20170012946A1
Автор: Brown Daniel Richard L., Lambert Robert John, Yamada Atsushi
Принадлежит:

In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity. 118-. (canceled)19. A method , comprising:receiving an encrypted message, a private key, and an ephemeral public key of an entity;dividing the encrypted message into a plurality of portions, wherein the plurality of portions include a first portion and a second portion;generating a shared secret based on the private key and the ephemeral public key;in response to generating the shared secret, discarding the private key and the ephemeral public key;generating a first decryption key based on the shared secret;decrypting the first portion using the first decryption key;generating a second decryption key based on the first decryption key;decrypting the second portion using the second decryption key; andoutputting at least one of a decrypted first portion or a decrypted second portion.20. The method of claim 19 , wherein the shared secret is discarded in response to generating the first decryption key.21. The method of claim 19 , wherein the first decryption key is discarded in response to generating the second decryption key.22. The method of claim 19 , wherein the first decryption key is generated using a key derivation function claim 19 , the key derivation function produces one or more outputs comprising the first decryption key claim 19 , and the key derivation function operates on one or more inputs comprising the shared secret.23. The method of claim 22 , wherein the one or more outputs further comprise a first initialization vector that is used to decrypt ...

Подробнее
Номер записи: 31
09-01-2020 дата публикации

BLOCKCHAIN-BASED ANONYMIZED CRYPTOLOGIC VOTING

Номер: US20200013251A1
Автор: de Rooij Peter, Ivanov Aleksandr Nikolaevich, Kazennov Aleksei Vladimirovich, Mavchun Georgii Valerievich, Rymanov Mikhail, Velissarios John
Принадлежит:

A system may facilitate distributed ledger technology (DLT) record based (for example, blockchain-based) voting. A voter may distribute vote-value to answers using committed tokens that bind the voter to a particular vote-value without divulging the particular vote value while in a cryptographic form. The voter may distribute committed tokens to multiple answers. In some cases, the distribution of the committed tokens to multiple answers may frustrate attempts to determine the one or more targets to which the voter delivers a non-null vote-value. 1. A method including:receiving authority to distribute, on behalf of a voter, vote-value among multiple answers designated on a ballot;determining to distribute an entirety of the vote-value among a subset of the multiple answers;committing the entirety of the vote-value to the subset by causing generation of a target committed token that bindingly assigns vote-value to at least one answer of the subset, the target committed token having a target encrypted form that conceals an amount of vote-value assigned;obfuscating the commitment of the vote-value to the subset by causing generation of a completion committed token that assigns a null value to at least one answer of the multiple answers that is not within the subset, the completion committed token having a completion encrypted form that conceals the null value assignment; andcausing recordation of the committed tokens in one or more transactions on a distributed ledger.2. The method of claim 1 , where the target committed token includes a target key associated with the target encrypted form.3. The method of claim 2 , where the target key is encrypted with a public key associated with the at least one answer of the subset.4. The method of claim 1 , where the ballot constrains vote-value assignments to integer values.5. The method of claim 1 , where the ballot constrains vote-value assignments to a selection between binary values.6. The method of claim 1 , where ...

Подробнее
Номер записи: 32
14-01-2021 дата публикации

RING SIGNATURE-BASED ANONYMOUS TRANSACTION

Номер: US20210014071A1
Автор: ZHANG Wenbin
Принадлежит: Advanced New Technologies Co., Ltd.

This disclosure relates to anonymous transactions based on ring signatures. In one aspect, a method includes receiving a remittance transaction. The remittance transaction is generated by a client device of a remitter by assembling unspent assets in an account corresponding to the remitter and masked assets in an account corresponding to a masked participant. Key images are obtained from a linkable spontaneous anonymous group (LSAG) signature of the remittance transaction. Values of the key-images are based on a private key, a public key, and unspent assets of the remitter. The LSAG signature is verified. The LSAG signature is generated by the client device of the remitter based on the private key and the public key of the remitter, and a second public key of the masked participant. The remittance transaction is executed when a transaction execution condition is met. 120-. (canceled)21. A computer-implemented method for completing an anonymous transaction based on a ring signature , comprising:assembling a remittance transaction based on unspent assets ID_j_1 to ID_j_m in an account corresponding to a remitter and masked assets ID_i_1 to ID_i_m in an account corresponding to a masked participant i, wherein the unspent assets ID_j_1 to ID_j_m and the masked assets ID_i_1 to ID_i_m are respectively recorded in a blockchain ledger as asset commitments corresponding to asset amounts;generating a linkable spontaneous anonymous group (LSAG) signature for the remittance transaction based on a private key x_j and a public key P_j that are held by the remitter, and a public key P_i held by the masked participant i, wherein the LSAG signature comprises key-images I_1 to I_m, and values of the key-images I_1 to I_m are based on the private key x_j, the public key P_j, and asset identifiers for the unspent assets ID_j_1 to ID_j_m of the remitter; andsubmitting a signed remittance transaction comprising the remittance transaction and the LSAG signature to a blockchain network, ...

Подробнее
Номер записи: 33
19-01-2017 дата публикации

APPARATUS AND METHOD FOR SECURELY TRACKING EVENT ATTENDEES USING IOT DEVICES

Номер: US20170019873A1
Автор: BRITT JOE
Принадлежит:

An apparatus and method are described for securely tracking event attendees using IoT devices. For example, one embodiment of a method comprises: associating each of a plurality of an Internet of Things (IoT) devices with a different attendee at an event, the IoT devices configured to form local wireless connections with one or more IoT hubs and/or client devices; as a first attendee moves around the event, periodically establishing a local wireless connection between a first IoT device associated with the first attendee and one or more IoT hubs and/or client devices within range of the first IoT device; transmitting one or more data packets from the one or more IoT hubs and/or client devices to an IoT service over the Internet, the data packets including data identifying the first attendee, the first IoT device, and one or more IoT hubs and/or client devices to which the first IoT device establishes the local wireless connections, the IoT service storing the data from the data packets in a database; and using the data stored in the database to determine portions of the event visited by the first attendee. 1. A method comprising:associating each of a plurality of an Internet of Things (IoT) devices with a different attendee at an event, the IoT devices configured to form local wireless connections with one or more IoT hubs and/or client devices;as a first attendee moves around the event, periodically establishing a local wireless connection between a first IoT device associated with the first attendee and one or more IoT hubs and/or client devices within range of the first IoT device;transmitting one or more data packets from the one or more IoT hubs and/or client devices to an IoT service over the Internet, the data packets including data identifying the first attendee, the first IoT device, and one or more IoT hubs and/or client devices to which the first IoT device establishes the local wireless connections, the IoT service storing the data from the data packets ...

Подробнее
Номер записи: 34
18-01-2018 дата публикации

AUTHENTICATION AND KEY AGREEMENT WITH PERFECT FORWARD SECRECY

Номер: US20180020347A1
Автор: Palanigounder Anand
Принадлежит:

Systems and methods for providing authentication key agreement (AKA) with perfect forward secrecy (PFS) are disclosed. In one embodiment, a network according to the disclosure may receive an attach request from a UE, provide an authentication request including a network support indicator to a network resource, receive an authentication token from the network resource, such that the authentication token includes an indication that a network supports PFS, provide the authentication token to the UE, receive an authentication response including a UE public key value, obtain a network public key value and a network private key value, determine a shared key value based on the network private key value and the UE public key value, bind the shared key value with a session key value to create a bound shared key value, and use the bound shared key value to protect subsequent network traffic. 1. A method for preventing a bid-down attack on a system with a strong security protocol , the method comprising:receiving an attach request from a user equipment;sending an authentication request to a home network, wherein the authentication request includes an indication that a network supports the strong security protocol;receiving an integrity protected token from the home network, wherein the integrity protected token includes at least one bit configured to indicate that the network supports the strong security protocol; andsending the integrity protected token to the user equipment.2. The method of wherein the attach request includes an indication that the user equipment supports the strong security protocol.3. The method of wherein the strong security protocol is an authentication and key agreement protocol with perfect forward secrecy.4. The method of wherein the authentication request is a diameter protocol message with Attribute Value Pairs (AVP) as information elements to indicate that the network supports the strong security protocol.5. The method of wherein the integrity ...

Подробнее
Номер записи: 35
17-01-2019 дата публикации

ZERO-KNOWLEDGE MULTIPARTY SECURE SHARING OF VOICEPRINTS

Номер: US20190020482A1
Автор: GUPTA Payas, NELMS Terry
Принадлежит:

Disclosed herein are embodiments of systems and methods for zero-knowledge multiparty secure sharing of voiceprints. In an embodiment, an illustrative computer may receive, through a remote server, a plurality of encrypted voiceprints. When the computer receives an incoming call, the computer may generate a plaintext i-vector of the incoming call. Using the plaintext i-vector and the encrypted voiceprints, the computer may generate one or more encrypted comparison models. The remote server may decrypt the encrypted comparison model to generate similarity scores between the plaintext i-vector and the plurality of encrypted voiceprints. 1. A computer implemented method comprising:receiving, by a computer from a first client computer, an encrypted voiceprint model and a random number, wherein the random number is encrypted using a public key of the computer;decrypting, by the computer, the random number using a private key of the computer;transmitting, by the computer, the encrypted voiceprint model to a second client computer;receiving, by the computer, one or more encrypted comparison models generated by the second client computer based upon comparing the encrypted voiceprint model and plaintext voiceprint;determining, by the computer, a similarity score between the encrypted voiceprint model and the plaintext voiceprint using the random number on the one or more encrypted comparison models; andtransmitting, by the computer, the similarity score to the second client computer to authenticate a speaker of a voice associated with the plaintext voiceprint or to identify a fraudulent caller.2. The method of claim 1 , wherein the encrypted voiceprint model is encrypted using properties from a Diffie-Hellman key exchange protocol.3. The method of claim 1 , wherein the encrypted voiceprint model is encrypted using properties from an elliptical curve cryptography key exchange protocol.4. The method of claim 1 , wherein determining the similarity score comprises:retrieving, by ...

Подробнее
Номер записи: 36
17-01-2019 дата публикации

DATA ADAPTIVE COMPRESSION AND DATA ENCRYPTION USING KRONECKER PRODUCTS

Номер: US20190020906A1
Автор: Bourouihiya Abdelkrim
Принадлежит: NOVA SOUTHEASTERN UNIVERSITY

Digital files are compressed using a process including Schmidt decompositions of matrices using an algorithm, termed ‘BSD’ herein, which is based on an algebraic method generalizing QR decomposition. Software analyzes an input file and initially identifies a matrix M, with entries within a predefined set of integers, within the file. Next, essential entries are defined, extracted from M, that contain sufficient information to recover M using BSD. The compressed file includes the essential entries and their positions within M. To achieve an encryption process, software encrypts the pattern matrix that includes the positions of the essential entries of M. To achieve a lossy compression, software identifies essential entries that contain sufficient information to recover an approximation to M for which the quality is determined by an error threshold. For a more efficient lossy compression, software uses singular value decomposition, BSD, and other signal processing of M. 1. A method for encoding digital data , comprising: use SVD to find Ma, an mn×pq matrix, with the lowest Schmidt rank R for which PSNR(Ma, M)≥a predetermined value;', 'quantize Ma to find a matrix Q whose entries are integers;', 'define a left essential matrix A;', 'define a right essential matrix B;', 'define a pattern matrix P for storing positions of essential entries;', {'sub': 'e', 'assign to matrix Ma starting value of Q;'}, {'sub': 'e', 'define a matrix A;'}, {'sub': 'e', 'define a matrix B,'}, 'assign a starting value to e;', {'sub': e', 'e, 'a) select a non-zero entry dof M;'}, {'sub': 'e', 'sup': 'th', 'b) store the position (r, c) of the selected non-zero entry of Mat an ecolumn of P;'}, {'sub': e', 'e', 'e', 'e', 'e', 'e', 'e, 'c) select from Mtwo matrices Aand Bhaving das a common entry and for which A⊗B/dis a term in the Schmidt decomposition of M with respect to the parameters m, n, p, and q;'}, {'sup': 'th', 'sub': e', 'e, 'd) store in the em×p block of A the entries of M whose ...

Подробнее
Номер записи: 37
21-01-2021 дата публикации

SYSTEMS AND METHODS FOR EFFICIENT KEY MANAGEMENT IN A VEHICULAR INTRANET

Номер: US20210021413A1
Автор: Kupwade-Patil Harsh, Ricardini Jefferson E., Silva Marcos Vinicius M., Simplicio Marcos A.
Принадлежит:

Embodiments described herein provide a tree-based key management protocol with enhanced computational and bandwidth efficiency. A tree structure including a plurality of nodes is formulated according to modules in a vehicle. A group key and a blinded key are computed for a leaf node from the plurality of nodes based at least in part on a multiplication operation defined in an ecliptic curve group. Or a group key and a blinded key are recursively computed for a non-leaf node based at least in part on a key derivation function and the multiplication operation involving a group key and a blinded key corresponding to nodes that is one level down to the non-leaf node. 1. A method for tree-based key management for communications in a vehicle system , the method comprising:retrieving, from a memory, a tree structure including a plurality of nodes, each node representing a module in the vehicle system;computing, via a processor, a first group key and a first blinded key for a first leaf node from the plurality of nodes based at least in part on a multiplication operation defined in an ecliptic curve group; andcomputing, recursively, via a processor, a second group key and a second blinded key for a non-leaf node from the plurality of nodes based at least in part on a key derivation function and the multiplication operation involving a third group key and a third blinded key corresponding to nodes that is one level down to the non-leaf node.2. The method of claim 1 , wherein forming a tree structure including a plurality of nodes comprises:obtaining information of cryptographic keys that are used for communication between a plurality of modules in the vehicle system;generating a binary tree of the plurality of nodes, each node being associated with a group key and a blinded key corresponding to a respective module from the plurality of modules.3. The method of claim 1 , wherein computing the first group key and the first blinded key for the first leaf node from the plurality ...

Подробнее
Номер записи: 38
26-01-2017 дата публикации

COMPUTATIONAL METHOD, COMPUTATIONAL DEVICE ANDCOMPUTER SOFTWARE PRODUCT FOR MONTGOMERY DOMAIN

Номер: US20170026178A1
Автор: Kaluzhny Uri
Принадлежит:

In Elliptic Curve Cryptography (ECC), one performs a great number of modular multiplications. These are usually done by Montgomery Multiplication algorithm, which needs the operands to be preprocessed (namely, converted to the Montgomery Domain), which is normally done by an equivalent of a long division. We provide a method to perform this conversion by a single Montgomery multiplication on the raw data. The method is formulated for elliptic curve points represented in Jacobian coordinates but can be extended to other representations. 1. A method for computation , comprising:receiving, in a Montgomery multiplier circuit, a pair of input coordinates (x,y) specifying a point on an elliptic curve in a canonical form;converting the pair of the input coordinates to a quotient-based representation comprising three alternative coordinates (X′,Y′,Z′) in a Montgomery form by performing first Montgomery multiplications of the input coordinates by selected conversion factors; andcarrying out one or more elliptic curve operations by applying second Montgomery multiplications to the alternative coordinates in the Montgomery form.2. The method according to claim 1 , wherein the alternative coordinates comprise Jacobian coordinates.3. The method according to claim 1 , wherein performing the first Montgomery multiplications comprises applying a Montgomery multiplication by 1 in computing at least one of the alternative coordinates.4. The method according to claim 3 , wherein performing the first Montgomery multiplications comprises:selecting conversion factors ω, α and β, wherein α and β are powers of ω; andcalculating the alternative coordinates as Montgomery products of α and β with the input coordinates, such that X′=α⊙x, Y′=(β⊙y)⊙1, and Z′=ω.51. The method according to claim 1 , wherein carrying out the one or more elliptic curve operations comprises calculating a result expressed in the quotient-based representation in the Montgomery form claim 1 , and applying at least one ...

Подробнее
Номер записи: 39
28-01-2016 дата публикации

SYSTEM AND METHOD FOR CRYPTOGRAPHIC SUITE MANAGEMENT

Номер: US20160028698A1
Автор: ANTIPA Adrian, CHORAFAKIS Dominic, NEILL Brian
Принадлежит:

Systems and methods for cryptographic suite management are described. A system for cryptographic suite management has a cryptographic suite management unit comprising a series of APIs enabling diverse applications to call cryptographic functions. The system enables: multiple applications on an interface to access shared cryptographic resources; applications across multiple devices to share and license cryptographic resources between devices; encryption, decryption and sharing of data between devices having different cryptographic implementations; the definition, distribution and enforcement of policies governing the terms of use for cryptographic implementations, systems and methods to secure and protect shared and dynamically loaded cryptographic providers; use by an application of multiple cryptographic resources and the management of cryptographic provider bundles and associated policies across one or many cryptographic suite management unit instances. 1. A method for cryptographic suite management , comprisinga. configuring a first correspondent linked to a first cryptographic suite management unit to transmit an import request to a second correspondent linked to a second cryptographic suite management unit, the request comprising the identification of a cryptographic implementation and security requirements for the cryptographic implementation for exportation by the second correspondent;b. configuring a second cryptographic suite management unit to provide the cryptographic implementation configured using the security requirements;c. configuring the second correspondent to export the configured cryptographic implementation to the first correspondent; andd. configuring the first cryptographic suite management unit to securely import the configured cryptographic implementation for use by the first correspondent.2. The method of claim 1 , further comprising configuring a third correspondent to interact with the second correspondent in identical manner as the ...

Подробнее
Номер записи: 40
25-01-2018 дата публикации

SECURE CHANNEL ESTABLISHMENT

Номер: US20180026784A1
Автор: Beric John, Garrett Duncan, Roberts David Anthony, Ward Michael
Принадлежит:

A method of establishing a secure channel for communication between a first computing device and a second computing device is described. The method uses an elliptic curve Diffie-Hellman protocol, wherein G is an elliptic curve generator point and the first computing device has a unique private key dwith a public key Q=dG certified by a party trusted by the second computing device. The first computing device generates () a blinding factor r and sends () a blinded public key R=r·Qto the second computing device. The second computing device generates () an ephemeral private key dand a corresponding ephemeral public key Q=dG and sends Qto the first computing device. The first computing device generates () K=KDF (r d·Q) and the second computing device generates () K=KDF (d·R), where KDF is a key derivation function used in both generation operations, to establish a secure channel between the first computing device and the second computing device. G is a point in the elliptic curve group E, wherein E is a group of prime order but E* is the quadratic twist of E and is a group of order m=z·m′ where m′ is prime and z is an integer, wherein r·dis chosen such that z is a factor of r·d. Suitable apparatus for performing the method is also described. 1. A method of establishing a secure channel for communication between a first computing device and a second computing device using an elliptic curve Diffie-Hellman protocol , wherein G is an elliptic curve generator point and the first computing device has a unique private key dwith a public key Q=dG certified by a party trusted by the second computing device , the method comprising:{'sub': 'c', 'the first computing device generating a blinding factor r and sending a blinded public key R=r·Qto the second computing device;'}{'sub': t', 't', 't', 't, 'the second computing device generating an ephemeral private key dand a corresponding ephemeral public key Q=dG and sending Qto the first computing device;'}{'sub': c', 'c', 't', 't', 't, ...

Подробнее
Номер записи: 41
25-01-2018 дата публикации

METHOD FOR THE GENERATION OF A DIGITAL SIGNATURE OF A MESSAGE, CORRESPONDING GENERATION UNIT, ELECTRONIC APPARATUS AND COMPUTER PROGRAM PRODUCT

Номер: US20180026798A1
Автор: MONTRASIO Sofia, SUSELLA Ruggero
Принадлежит:

A device includes digital signature generation circuitry. The digital signature generation circuitry, in operation, generates a digital signature of a digital message by computing a first public curve point as a scalar product of a first secret integer key and a base point of an elliptic curve and applying a transform to data of the received digital message. The applying the transform to the data of the received digital message includes generating a second secret curve point as a scalar product of a second secret integer key and the base point of the elliptic curve, generating a modified secret integer nonce as a modular multiplication of the second secret integer and a secret integer nonce, generating a third curve point as a scalar product of the secret integer nonce and the second secret curve point and generating a signature component as a function of at least the modified secret nonce, the third curve point, and a hash value generated by applying a hash function to at least the data of the received digital message. The digital signature is generated based on the signature component. 1. A method , comprising:computing a first public curve point as a scalar product of a first secret integer key and a base point of an elliptic curve; generating a second secret curve point as a scalar product of a second secret integer key and the base point of the elliptic curve;', 'generating a modified secret integer nonce as a modular multiplication of the second secret integer and a secret integer nonce;', 'generating a third curve point as a scalar product of the secret integer nonce and the second secret curve point; and', 'generating a signature component as a function of at least the modified secret nonce, the third curve point, and a hash value generated by applying a hash function to at least the data of the message; and, 'applying a transform to data of a message, the applying the transform to the data of the message includinggenerating a digital signature based on the ...

Подробнее
Номер записи: 42
10-02-2022 дата публикации

SECURE COMMUNICATION NETWORK

Номер: US20220045855A1
Автор: Shields Andrew James, YUAN Zhiliang
Принадлежит: KABUSHIKI KAISHA TOSHIBA

A method of exchanging a combined cryptographic key between a first node and a second node, 1. A method of exchanging a combined cryptographic key between a first node and a second node ,the first node and the second node being connected through a first communication and a second communication network, wherein the first communication network comprises a quantum communication network wherein information is encoded on weak light pulses, and wherein the first communication network comprises at least one intermediate node, other than the first node and the second node, said intermediate node configured to receive and transmit a signal encoded on weak light pulses; andthe first node and the second node being configured to:exchange one or more first cryptographic keys on the first communication network;exchange one or more second cryptographic keys on the second communication network; andform the combined cryptographic key by combining the one or more first cryptographic keys and the one or more second cryptographic keys, such that the first node and the second node share knowledge of the combined cryptographic key, exchange a quantum cryptographic key with the at least one intermediate node;', 'generate a local secret key, the local secret key being used to form the one or more first cryptographic keys;', 'form a further key using the local secret key and the quantum cryptographic key; and', 'transmit the further key to the at least one intermediate node., 'wherein the first node is configured to send information through the first communication network to2. A method according to claim 1 , wherein the at least one intermediate node is configured to:receive the further key;extract the local secret key using the further key and the exchanged quantum cryptographic key;form a second further key using the local secret key and the second quantum cryptographic key; andtransmit the second further key to another of the at least one intermediate node or to the second node.3. A ...

Подробнее
Номер записи: 43
24-01-2019 дата публикации

METHOD AND SYSTEM FOR DISTRIBUTED CRYPTOGRAPHIC KEY PROVISIONING AND STORAGE VIA ELLIPTIC CURVE CRYPTOGRAPHY

Номер: US20190028275A1
Автор: DAVIS Steven Charles
Принадлежит: MasterCard International Incorporated

A method for distributing multiple cryptographic keys used to access data includes: receiving a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 1, of requested keys; generating n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key; deriving an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm; generating an access public key corresponding to the derived access private key using the key pair generation algorithm; and electronically transmitting a data signal superimposed with a private key included in one of the n key pairs for each of the n key pairs. 1. A method for distributing multiple cryptographic keys used to access data , comprising:receiving, by a receiving device of a processing server, a data signal superimposed with an access key request, wherein the access key request includes at least a number, n, greater than 2, of requested keys;generating, by the processing server, n key pairs using a key pair generation algorithm, wherein each key pair includes a private key and a public key;deriving, by the processing server, an access private key by applying the private key included in each of the n key pairs to a key derivation algorithm;generating, by the processing server, an access public key corresponding to the derived access private key using the key pair generation algorithm; andelectronically transmitting, by a transmitting device of the processing server, a data signal superimposed with a private key included in one of the n key pairs for each of then key pairs.2. The method of claim 1 , further comprising:storing, in a memory of the processing server, a transfer key pair including a transfer public key and a transfer private key;receiving, by the receiving device of the processing server, a data signal superimposed with a shared public key from each of n ...

Подробнее
Номер записи: 44
28-01-2021 дата публикации

COMPUTER-IMPLEMENTED SYSTEM AND METHOD FOR TRUSTLESS ZERO-KNOWLEDGE CONTINGENT PAYMENT

Номер: US20210027294A1
Автор: TREVETHAN Thomas
Принадлежит:

The invention relates to efficient zero knowledge verification of composite statements that involve both arithmetic circuit satisfiability and dependent statements about the validity of public keys (key-statement proofs) simultaneously. The method enables a prover to prove this particular statement in zero-knowledge. More specifically, the invention relates to a computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) in which a prover proves to a verifier that a statement is true while keeping a witness (W) to the statement a secret. The invention also relates to the reciprocal method employed by a verifier who verifies the proof. The method includes the prover sending to the verifier a statement (S) having an arithmetic circuit with m gates and n wires configured to implement a function circuit and determine whether for a given function circuit output (h) and an elliptic curve point (P), the function circuit input (s) to a wire of the function circuit is equal to the corresponding elliptic curve point multiplier (s). The prover also sends individual wire commitments and/or a batched commitment for wires of the circuit, an input for a wire in the arithmetic circuit; and a function circuit output (h). The prover receives from the verifier a challenge value (x) and responding with an opening or additionally sends a proving key (PrK) to the verifier. The statement and the data enables the verifier to determine that the circuit is satisfied and calculate the elliptic curve point (P) and validate the statement, thus determining that the prover holds the witness (W) to the statement. 1. A computer-implemented method for enabling a trustless zero-knowledge contingent payment or exchange of reward data from a buyer or verifier in exchange for access data from a seller or prover , the method including:{'sub': B', 'B, 'receiving from a buyer a buyer public key (pk) derived from multiplying a buyer secret key (sk) with an elliptic curve ...

Подробнее
Номер записи: 45
23-01-2020 дата публикации

Verifiable Encryption Based on Trusted Execution Environment

Номер: US20200028693A1
Автор: Tan Yin, WU Teng
Принадлежит:

A method for verifying a property of plaintext using ciphertext is disclosed. In an embodiment, a computing device may receive the ciphertext at a trusted execution environment (TEE) of the computing device. The TEE may decrypt the ciphertext to generate the plaintext using a private encryption key of an encryption key pair. The encryption key pair comprises a public encryption key and the private encryption key. The TEE may generate a digitally signed validation result by encrypting the validation result using a private signing key of a signing key pair. The signed key pair comprises a public signing key and the private signing key. The private key is retrieved from secure memory of the computing device, and the secure memory may only be accessible by the TEE. The computing device may then transmit the digitally signed validation result. 1. A method for verifying a property of plaintext using ciphertext , the method comprising:receiving, by a trusted execution environment (TEE) of a computing device, the ciphertext;decrypting, by the TEE, the ciphertext to generate the plaintext using a private encryption key of an encryption key pair comprising a public encryption key and the private encryption key;generating, by the TEE, a validation result verifying a property of the plaintext;generating, by the TEE, a digitally signed validation result by encrypting the validation result using a private signing key of a signing key pair comprising a public signing key and the private signing key, the private signing key retrieved from secure memory of the computing device, the secure memory being only accessible by the TEE; andtransmitting, by the computing device, the digitally signed validation result.2. The method of claim 1 , wherein the transmitted digitally signed validation result enables a recipient to confirm the property of the plaintext by verifying the digitally signed validation result using the public signing key.3. The method of claim 1 , wherein the transmitting ...

Подробнее
Номер записи: 46
28-01-2021 дата публикации

KEY LADDER GENERATING A DEVICE PUBLIC KEY

Номер: US20210028933A1
Автор: Chan Tat Keung, Medvinsky Alexander
Принадлежит: ARRIS Enterprises LLC

A method is provided for generating a key ladder for securely communicating between a first device and a second device using a first device symmetric key and a chip-unique private key. The method includes generating a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID), generating a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key, generating a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK), and transmitting the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device. 1. A method of generating a key ladder for securely communicating between a first device and a second device , comprising:generating, in the first device having a processor, a second processor-specific first device symmetric key from a first processor-specific first device symmetric key and a first identifier (CPU_ID);generating, in the first device, a chip-unique first device application private key (CUAPrK) from a second identifier and the second processor-specific first device symmetric key; andgenerating, in the first device, a chip-unique first device application public key (CUAPuK) from the chip-unique first device application private key (CUAPrK).2. The method of claim 1 , further comprising:providing the chip-unique first device application public key (CUAPuK) and an identifier of the processor to the second device.3. The method of claim 1 , further comprising:generating a certificate signing request file including the chip-unique first device application public key (CUAPuK), the first identifier (CPU_ID), and a signature corresponding to the chip-unique first device application private key (CUAPrK);submitting the generated certificate signing request file to a certificate ...

Подробнее
Номер записи: 47
28-01-2021 дата публикации

METHOD AND SYSTEM FOR CHEON RESISTANT STATIC DIFFIE-HELLMAN SECURITY

Номер: US20210028937A1
Автор: Brown Daniel Richard L.
Принадлежит:

A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH), the method including providing a system for message communication between a pair of correspondents, a message being exchanged in accordance with ECDH instructions executable on computer processors of the respective correspondents, the ECDH instructions using a curve selected from a plurality of curves, the selecting including choosing a range of curves; selecting, from the range of curves, curves matching a threshold efficiency; excluding, within the selected curves, curves which may include intentional vulnerabilities; and electing, from non-excluded selected curves, a curve with Cheon resistance, the electing comprising a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48. 1. A method for providing Cheon-resistance security for a static elliptic curve Diffie-Hellman cryptosystem (ECDH) , the method comprising: choosing a range of curves having a threshold efficiency and without intentional vulnerabilities; and', 'electing, from the chosen range of curves, a curve with Cheon resistance, the electing comprising electing a curve from an additive group of order q, wherein q is prime, such that q−1=cr and q+1=ds, where r and s are primes and c and d are integer Cheon cofactors of the group, such that cd≤48;, 'at a first computing device, selecting a curve for message communication between the first computing device and a second computing device, the selecting comprisingselecting a private key for the first computing device;computing a public key for the first computing device from curve parameters of the curve with Cheon resistance and the private key for the first computing device;transmitting the curve parameters of the curve with Cheon resistance and the public key for the first computing device to the second computing ...

Подробнее
Номер записи: 48
01-02-2018 дата публикации

METHOD AND SYSTEM FOR DETERMINING DESIRED SIZE OF PRIVATE RANDOMNESS USING TSALLIS ENTROPY

Номер: US20180034634A1
Автор: Benarroch Guenun Daniel Messod, Gurkan Yakov, Zohar Aviv
Принадлежит: QED-it Systems LTD

A method and a system for generating private randomness and/or public randomness are provided. A measurement of a public randomness and/or a measurement of a plaintext may be obtained, and a desired size of a private randomness may be determined based on the measurements. The measurements may be based on one or more Tsallis entropy values of the public randomness and/or the plaintext. Private randomness may be generated, the private randomness may be encrypted, the private randomness may be deleted so that the private randomness is unrecoverable, and the encrypted private randomness may be published. Encrypted private randomness and public randomness may be obtained, and a new public randomness may be generated based on the public randomness and the encrypted private randomness. 1. A system for generating randomness , the system comprising: obtain a measurement based on Tsallis entropy of a public randomness;', 'based on the measurement, determine a desired size of a private randomness; and', 'generate the private randomness, wherein the size of the generated private randomness is at least the determined desired size., 'at least one processing unit configured to2. The system of claim 1 , wherein the at least one processing unit is further configured to:generate a new public randomness based on the public randomness and the private randomness; andpublish the new public randomness.3. The system of claim 1 , wherein the at least one processing unit is further configured to:encrypt the private randomness;delete the private randomness so that the private randomness is unrecoverable; andpublish the encrypted private randomness, wherein the published encrypted private randomness is configured to enable a calculation of a new public randomness based on the private randomness after the deletion of the private randomness.4. The system of claim 1 , wherein the at least one processing unit is further configured to:obtain a measurement of a plaintext; andfurther base the ...

Подробнее
Номер записи: 49
01-02-2018 дата публикации

METHOD AND SYSTEM FOR CREATING PUBLIC RANDOMNESS

Номер: US20180034636A1
Автор: Benarroch Guenun Daniel Messod, Gurkan Yakov, Zohar Aviv
Принадлежит: QED-it Systems LTD

A method and a system for generating public randomness are provided. A measurement of a public randomness and/or a measurement of a plaintext may be obtained, and a desired size of a private randomness may be determined based on the measurements. Private randomness may be generated, the private randomness may be encrypted, the private randomness may be deleted so that the private randomness is unrecoverable, and the encrypted private randomness may be published. Encrypted private randomness and public randomness may be obtained, and a new public randomness may be generated based on the public randomness and the encrypted private randomness. 1. A system for generating randomness , the system comprising: obtain an encrypted private randomness;', 'obtain a public randomness; and', 'generate a new public randomness based on the public randomness and the encrypted private randomness., 'at least one processing unit configured to2. The system of claim 1 , wherein the encrypted private randomness is based on a private randomness claim 1 , and wherein the private randomness is deleted so that the private randomness is unrecoverable before the generation of the new public randomness.3. The system of claim 1 , wherein obtaining the encrypted private randomness comprises receiving the encrypted private randomness from an external device.4. The system of claim 1 , wherein obtaining the encrypted private randomness comprises reading the encrypted private randomness from a public repository.5. The system of claim 1 , wherein obtaining the encrypted private randomness comprises reading the encrypted private randomness from a blockchain.6. The system of claim 1 , wherein obtaining the public randomness comprises reading the public randomness from a public repository.7. The system of claim 1 , wherein obtaining the public randomness comprises reading the public randomness from a blockchain.8. The system of claim 1 , wherein generating the new public randomness comprises a multiparty ...

Подробнее
Номер записи: 50
31-01-2019 дата публикации

Homogenous Atomic Pattern for Double, Add, and Subtract Operations for Digital Authentication Using Elliptic Curve Cryptography

Номер: US20190034170A1
Автор: PEETERS ERIC THIERRY
Принадлежит:

A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed. 1. A method of operating digital logic circuitry to execute a finite field scalar multiplication of a multiplicand representative of a point in the finite field by a binary-valued scalar , comprising the steps of:initializing one or more memory locations storing components of a sum, the sum representative of a point in the finite field; andoperating the digital logic circuitry to execute a plurality of operations comprising, for each of a plurality of bit positions in the scalar:doubling an operand representative of one of the sum and the multiplicand;responsive to the bit position having a “1” value, adding first and second operands, the first and second operands representative of the sum and the multiplicand; andthen advancing to a next bit position in the scalar; a first addition;', 'then a first multiplication followed by a second multiplication;', 'then a second addition;', 'then a third multiplication followed by a fourth multiplication;', 'then a third addition;', 'then a fifth multiplication;', 'then a fourth addition;', 'then a sixth multiplication followed by a seventh multiplication followed by an eighth multiplication;', 'then a fifth addition;', 'then a ninth multiplication;', 'then a sixth addition followed by a seventh addition;', 'then a tenth multiplication; and', 'then an eighth addition;, 'wherein the doubling step is executed using an atomic pattern consisting of a first addition;', 'then a first multiplication followed by a ...

Подробнее
Номер записи: 51
30-01-2020 дата публикации

Systems and Methods for "Machine-to-Machine" (M2M) Communications Between Modules, Servers, and an Application using Public Key Infrastructure (PKI)

Номер: US20200036521A1
Автор: NIX JOHN A.
Принадлежит:

Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module. 1. A method to support secure machine to machine communications comprising:(a) storing, in memory operatively connected to at least one server, a server private key, module identity information associated with at least one module, and a pre-shared secret key associated with the at least one module, wherein the module identity information comprises a permanent identifier for the at least one module;(b) receiving, by the at least one server from a first module, a first module public key derived by the first module, parameters associated with the first module public key, and first module encrypted data, wherein the first module encrypted data comprises data encrypted at the first module;(c) deriving, by the at least one server, a shared secret key using an Elliptic Curve Diffie-Hellman algorithm based at least on the first module public key and the server private key,wherein the derived shared secret key is derived by the first module using the Elliptic Curve Diffie-Hellman algorithm based at least on a server public key corresponding to the server private key and a first ...

Подробнее
Номер записи: 52
04-02-2021 дата публикации

METHODS AND SYSTEMS FOR ENCRYPTION AND HOMOMORPHIC ENCRYPTION SYSTEMS USING GEOMETRIC ALGEBRA AND HENSEL CODES

Номер: US20210036849A1
Автор: Honorio Araujo da Silva David W., Marques de Oliveira Hanes Barbosa, Paz de Araujo Carlos A., Sosa Barillas Bryan S.
Принадлежит: X-Logos, LLC

Disclosed are methods and systems to encrypt/decrypt a data message using Geometric Algebra and Hensel encoding (i.e., finite p-adic arithmetic). The security key(s), message data, and ciphertext are all represented as Geometric Algebra multivectors where a sum of the coefficients of an individual multivector is equal to the numeric value of the corresponding message or security key. Various Geometric Algebra operations with the message and security key multivectors act to encrypt/decrypt the message data. Each coefficient of the security key and message multivectors is further Hensel encoded to provide additional confusion/diffusion for the encrypted values. The Geometric Algebra operations permit homomorphic operations for adding, subtracting, multiplication and division of ciphertext multivectors such that the resulting ciphertext, when decrypted, is equal to corresponding mathematical operations using the unencrypted values. The additional Hensel encoding of the coefficients of the multivectors does not impede the homomorphic aspects of the Geometric Algebra encryption operations. Operations for security key updates and exchanges are also provided. 1. A method for encrypted transfer of numeric message data (m) from a source computing device to a destination computing device that incorporates use of Geometric Algebra multivectors that share a dimension size (N) that is at least two-dimensions and wherein a number of coefficients for each of said Geometric Algebra multivectors utilized herein is increased by a factor of two (2) for each incremental increase in said dimension size (N) , the method comprising:generating by a secret key computing device at least one secret prime number (p) as a random prime number;calculating by said secret key computing device a public modulus (q) as a product of said at least one secret prime number (p) and at least one additional random number;generating by said secret key computing device at least one secret key value (k) as a ...

Подробнее
Номер записи: 53
04-02-2021 дата публикации

ADVANCED CRYPTO TOKEN AUTHENTICATION

Номер: US20210036861A1
Автор: Anderson Lex Aaron, Medvinsky Alexander
Принадлежит:

A system and method for authenticating an application that employs cryptographic keys and functions is provided with white box cryptography employed to secure the application, and to secure communications with the application. The white box includes a transformation of the application and the keys. A secure channel between the white box and a crypto token is used for communications. In some cases, the transformed keys can be employed in authenticating the white box to the crypto token. The presence of a valid crypto token can be periodically determined. In the presence of a valid crypto token, the white box can provide a verifiable message to a remote server. The remote server can verify the message and initiate a service. 1. A method for selective provision of a service , the method comprising the steps of:providing an application operating on a computer system engaged in a service via a remote computing device, the application comprising a cryptographic function and a key;transforming the cryptographic function and the key to provide a transformed cryptographic function and a transformed cryptographic key;providing a crypto token;providing a communications channel between the computer system and the crypto token; andusing the communications channel and the crypto token to determine the presence or absence of an at-risk execution environment, and selectively ceasing provision of the service when an at-risk execution environment is determined to be present.2. The method of wherein the communications channel is used to periodically determine the presence of the crypto token and to provide a verifiable message claim 1 , responsive to the presence of the crypto token claim 1 , the presence of the crypto token and the verifiable message used to determine the presence of absence of the at risk environment.3. The method of claim 2 , wherein the cryptographic function comprises asymmetrical cryptography employing a public/private key pair claim 2 , the method further ...

Подробнее
Номер записи: 54
11-02-2016 дата публикации

Elliptic curve encryption method comprising an error detection

Номер: US20160043863A1
Автор: Vincent Dupaquis
Принадлежит: Inside Secure SA

A method in an elliptic curve cryptographic system, the method being executed by an electronic device and including a multiplication operation of multiplying a point of an elliptic curve by a scalar number, the point having affine coordinates belonging to a Galois field, the multiplication operation including steps of detecting the appearance of a point at infinity during intermediate calculations of the multiplication operation, and of activating an error signal if the point at infinity is detected and if the number of bits of the scalar number processed by the multiplication operation is lower than the rank of the most significant bit of an order of a base point of the cryptographic system.

Подробнее
Номер записи: 55
08-02-2018 дата публикации

System and methods for provisioning devices

Номер: US20180041507A1
Автор: Ramakrishnan Subramanian, Sharma Ochintya, Sivarajan Perumal Raj
Принадлежит: Hubble Connected India Private Limited

System and methods for provisioning devices. Embodiments disclosed herein relate to headless devices, and more particularly to provisioning connectivity for headless devices. Embodiments herein disclose methods and systems for provisioning headless devices. Embodiments herein disclose methods and systems for provisioning headless devices using a provisioning server. 1. A method for provisioning an un-provisioned device , the method comprising{'b': '1', 'generating and sending a device nonce (N) and PFSParams (Perfect Forward Secrecy (PFS) parameters) to a provisioning device by the un-provisioned device;'}{'b': '1', 'providing the N, the PFSParams, location details and device details of the un-provisioned device to a provisioning server by the provisioning device using a mutually authenticated secure transport channel;'}{'b': '2', 'generating a server nonce (N), server PFSParams and a PFSK (Perfect Forward Secrecy (PFS) Key) by the provisioning server;'}determining a device key (DK) for the un-provisioned device by the provisioning server;{'b': 1', '2, 'generating a SetupKey by the provisioning server using the N, the N, the location details, the PFSK and the DK;'}sending the SetupKey to the provisioning device by the provisioning server;{'b': '2', 'sending the N and server PFSParams by the provisioning server to the un-provisioned device through the provisioning device;'}generating a PFSK by the un-provisioned device using the server PFSParams;{'b': 1', '2, 'generating the SetupKey by the un-provisioned device using the N, the N, the PFSK, the location details and the DK;'}setting up a secure communication channel between the un-provisioned device and the provisioning device using the SetupKey; andprovisioning the un-provisioned device by the provisioning device over the secure communication channel.2. The method claim 1 , as claimed in claim 1 , wherein the method comprises of provisioning the DK for the un-provisioned device claim 1 , further comprisinggenerating ...

Подробнее
Номер записи: 56
18-02-2016 дата публикации

SYSTEM AND METHOD FOR HARDWARE BASED SECURITY

Номер: US20160048462A1
Автор: "OLoughlin Daniel Francis", Campagna Matthew John, FULLER Jay Scott, Ku Wei Cheng Joseph, Lattin William Lundy, Poeluev Yuri, SMITH Keelan, STIEMERLING Thomas Rudolf, Struik Marinus
Принадлежит: Certicom Corp.

An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. 118-. (canceled)19. A hardware module for controlling assets to be applied to a device , said hardware module configured to be incorporated into said device , said hardware module comprising:a cryptographic controller for performing cryptographic operations;a random number generator for generating a unique identifier;non volatile memory (NVM), at least a portion thereof being protected for storing feature activation information; anda provisioning interface providing one or more outputs to said device indicating which of a set of features are enabled and which are disabled.20. The hardware module according to wherein said hardware module is integrated into a wafer claim 19 , chip claim 19 , printed circuit board or an electronic device through said provisioning interface.21. The hardware module according to wherein said cryptographic controller is configured to use the Elliptic Curve Menezes-Qu-Vanstone protocol.22. The hardware module according to wherein said NVM comprises a test state for allowing tests to be run on said hardware module claim 19 , an initialization state for generating a static key and a unique identifier claim 19 , and a ...

Подробнее
Номер записи: 57
18-02-2016 дата публикации

ACCESS AUTHORIZATION BASED ON SYNTHETIC BIOMETRIC DATA AND NON-BIOMETRIC DATA

Номер: US20160048669A1
Автор: Kim Lae-Hoon, Nam Juhan, Visser Erik
Принадлежит:

A method of selectively authorizing access includes obtaining, at an authentication device, first information corresponding to first synthetic biometric data. The method also includes obtaining, at the authentication device, first common synthetic data and second biometric data. The method further includes generating, at the authentication device, second common synthetic data based on the first information and the second biometric data. The method also includes selectively authorizing, by the authentication device, access based on a comparison of the first common synthetic data and the second common synthetic data. 1. A method of selectively authorizing access comprising:obtaining, at an authentication device, first information corresponding to first synthetic biometric data;obtaining, at the authentication device, first common synthetic data and second biometric data;generating, at the authentication device, second common synthetic data based on the first information and the second biometric data; andselectively authorizing, by the authentication device, access based on a comparison of the first common synthetic data and the second common synthetic data.2. The method of claim 1 , wherein a first device claim 1 , a user of the first device claim 1 , or both claim 1 , are authorized access by the authentication device in response to determining that the first common synthetic data matches the second common synthetic data.3. The method of claim 1 , wherein the authentication device is further configured claim 1 , in response to determining that the first common synthetic data matches the second common synthetic data claim 1 , to enable operation of a locking mechanism of at least one of a building door claim 1 , a house door claim 1 , a vehicle door claim 1 , or a garage door.4. The method of claim 1 , wherein the authentication device is further configured claim 1 , in response to determining that the first common synthetic data matches the second common synthetic ...

Подробнее
Номер записи: 58
07-02-2019 дата публикации

System, Apparatus And Method For Performing A Plurality Of Cryptographic Operations

Номер: US20190044718A1
Автор: Ghosh Santosh, Reinders Andrew H., Sastry Manoj R., Satpathy Sudhir K.
Принадлежит:

In one embodiment, an apparatus includes: a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation. The hardware accelerator may include: a multiplier circuit comprising a parallel combinatorial multiplier; and an ECC circuit coupled to the multiplier circuit to execute the ECC operation. The ECC circuit may compute a prime field multiplication using the multiplier circuit and reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus. The hardware accelerator may execute the RSA operation using the multiplier circuit. Other embodiments are described and claimed. 1. An apparatus comprising: a multiplier circuit comprising a parallel combinatorial multiplier; and', 'an ECC circuit coupled to the multiplier circuit to execute the ECC operation, the ECC circuit to compute a prime field multiplication using the multiplier circuit and to reduce a result of the prime field multiplication in a plurality of addition and subtraction operations for a first type of prime modulus, wherein the hardware accelerator is to execute the RSA operation using the multiplier circuit., 'a hardware accelerator to execute cryptography operations including a Rivest Shamir Adleman (RSA) operation and an elliptic curve cryptography (ECC) operation, the hardware accelerator comprising2. The apparatus of claim 1 , wherein the ECC circuit is to reduce a result of the prime field multiplication in a plurality of multiplication operations for a second type of prime modulus.3. The apparatus of claim 1 , wherein the multiplier circuit comprises a 27-bit×411-bit parallel combinatorial multiplier to multiply a first 384-bit value and a second 384-bit value in 16 clock cycles.4. The apparatus of claim 1 , wherein the hardware accelerator is to isolate first and second portions of first and second values and send the isolated ...

Подробнее
Номер записи: 59
18-02-2021 дата публикации

Device pairing with optical codes

Номер: US20210051016A1
Автор: Matthew Hanover, Nicolas Dahlquist, Peter BROOK
Принадлежит: Snap Inc

Embodiments for device pairing using optical codes are described. One embodiment is a wearable device with an image sensor configured to capture an image including a first optical code from a first host device. The wearable device decodes the first optical code, and in response to the first optical code, initiates broadcast of a pairing advertisement. The host device displays a second optical code in response to the pairing advertisement, and the wearable device captures and processes the second optical code to determine a host pairing advertisement code. The wearable device then, in response to the second optical code, initiate broadcast of a second pairing advertisement including the host pairing advertisement code. In various embodiments, a secure wireless channel is then established and used for further secure communications.

Подробнее
Номер записи: 60
06-02-2020 дата публикации

ELLIPTIC CURVE CRYPTOGRAPHY SCHEME WITH SIMPLE SIDE-CHANNEL ATTACK COUNTERMEASURE

Номер: US20200044817A1
Автор: HESS Basil, SOUKHAREV Vladimir
Принадлежит:

There is provided an elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices, with a simple side-channel attack countermeasure. The cryptographic scheme includes: transforming a point to Jacobian projective coordinates; constant-time scalar multiplication of the point by a parameter; and transforming the resultant of the scalar multiplication to affine coordinates. The scalar multiplication including: performing iteratively to the value of the parameter either one of: doubling of the point and multiplying any two random field elements; or mixed addition of the point. 1. An elliptic curve cryptography scheme resistant to simple side channel attacks for permitting secure communications between two or more cryptographic correspondent devices , each of the cryptographic correspondent devices comprising a processor and a memory , the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme , the cryptographic scheme comprising:generating a Jacobian projective coordinate representation of a point; doubling of the point and performing a dummy operation; or', 'mixed addition of the point; and, 'performing iteratively in relation to the value of the parameter, for each iteration, either one of, 'performing scalar multiplication of the point by a parameter, the scalar multiplication comprisingtransforming the resultant of the scalar multiplication to affine coordinates.2. The elliptic curve cryptography scheme of claim 1 , wherein the dummy operation has a computational cost of one operation.3. The elliptic curve cryptography scheme of claim 2 , wherein the dummy operation comprises multiplying two field elements of the elliptic curve.4. The elliptic curve cryptography scheme of claim 2 , wherein the field elements are any two random field elements.5. The elliptic curve cryptography scheme of claim 1 , wherein ...

Подробнее
Номер записи: 61
06-02-2020 дата публикации

ELLIPTIC CURVE CRYPTOGRAPHY SCHEME FOR EDWARDS CURVES HAVING A DIFFERENTIAL SIDE-CHANNEL ATTACK COUNTERMEASURE

Номер: US20200044818A1
Автор: HESS Basil, SOUKHAREV Vladimir
Принадлежит:

A system, method and elliptic curve cryptography scheme using an Edwards-form elliptic curve. The elliptic curve cryptography scheme having a blinding protocol resistant to differential side channel attacks. The elliptic curve defined over field F and having a point P with coordinates located on the elliptic curve. The blinding protocol including: randomly selecting a random element I; and determining coordinates of a blinded point Pby performing a multiplication of a random element I by at least one of the coordinates of point P. 1. An elliptic curve cryptography scheme using an Edwards-form elliptic curve , the elliptic curve cryptography scheme comprising a blinding protocol resistant to differential side channel attacks , the elliptic curve cryptography scheme for permitting secure communications between two or more cryptographic correspondent devices , each of the cryptographic correspondent devices comprising a processor and a memory , the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme , the elliptic curve defined over field F and having a point P with coordinates located on the elliptic curve , the blinding protocol comprising:randomly selecting a random element I;{'sub': 'B', 'determining coordinates of a blinded point Pby performing a multiplication of random element I by at least one of the coordinates of point P; and'}{'sub': 'B', 'providing coordinates of blinded point P.'}2. The elliptic curve cryptography scheme of claim 1 , wherein the point P is a generator point of the elliptic curve.3. The elliptic curve cryptography scheme of claim 1 , wherein a new random element I is selected every time the blinding protocol is performed.4. The elliptic curve cryptography scheme of claim 1 , wherein the point P is in affine coordinates claim 1 , and wherein the x-coordinate of blinded point Pis determined to be the random element I multiplied by the x- ...

Подробнее
Номер записи: 62
06-02-2020 дата публикации

CRYPTOGRAPHIC SCHEME WITH FAULT INJECTION ATTACK COUNTERMEASURE

Номер: US20200044819A1
Автор: HESS Basil, SOUKHAREV Vladimir
Принадлежит:

A system, method and elliptic curve cryptography scheme having a fault injection attack resistant protocol. The cryptographic scheme has a first arithmetic operation having at least one of a single input bit, a single output bit, or a single output bit-string that is vulnerable to a fault injection attack. The protocol includes: performing a first arithmetic operation to determine a first output; performing a second arithmetic operation to determine a second output, the second arithmetic operation being a variant of the first arithmetic operation; and comparing the first output and the second output, and if the comparison is incompatible, outputting an invalidity condition, otherwise, outputting the first output. 1. A fault-injection attack resistant protocol for an asymmetric cryptographic scheme , the cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices , each of the cryptographic correspondent devices comprising a processor and a memory , the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme , the cryptographic scheme comprising a first arithmetic operation having at least one of a single input bit , a single output bit , or a single output bit-string that is vulnerable to a fault injection attack , the protocol comprising:performing the first arithmetic operation to determine a first output;performing a second arithmetic operation to determine a second output, the second arithmetic operation being a variant of the first arithmetic operation; andcomparing the first output and the second output, and if the comparison is incompatible, outputting an invalidity condition, otherwise, outputting the first output.2. The protocol of claim 1 , wherein the second arithmetic operation is an inverse of the first arithmetic operation and wherein the comparison is incompatible if the first output and the second output ...

Подробнее
Номер записи: 63
06-02-2020 дата публикации

COUNTERMEASURES AND OPTIMIZATIONS IN ELLIPTIC CURVE CRYPTOGRAPHIC SCHEMES

Номер: US20200044845A1
Автор: HESS Basil, SOUKHAREV Vladimir
Принадлежит:

A method, system and elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices, the cryptographic scheme including a plurality of cryptographic operations applied to cryptographic parameters, the cryptographic operations including scalar multiplication of a point and a parameter, the elliptic curve cryptographic scheme characterized by selectively applying countermeasures and optimizations to the scalar multiplications by: applying a simple side-channel attack countermeasure for scalar multiplications that include a secret parameter as the parameter; applying a differential side-channel attack countermeasure for scalar multiplications when the elliptic curve point is not a generator point of the elliptic curve; and selectively applying optimizations. 1. An elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices , each of the cryptographic correspondent devices comprising a processor and a memory , the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme , the cryptographic scheme comprising a plurality of cryptographic operations applied to cryptographic parameters , the cryptographic operations comprising scalar multiplication of a point and a parameter , the elliptic curve cryptographic scheme characterized by selectively applying countermeasures and optimizations to the scalar multiplications by:applying a simple side-channel attack countermeasure for scalar multiplications comprising a secret scalar as the parameter;applying a differential side-channel attack countermeasure for scalar multiplications comprising a secret scalar as the parameter when the point is not a generator point of the elliptic curve;applying a fixed-base comb optimization for scalar multiplications when the generator point is fixed;applying a fixed- ...

Подробнее
Номер записи: 64
06-02-2020 дата публикации

SYSTEM AND METHOD FOR OPTIMIZED ELLIPTIC CURVE CRYPTOGRAPHY OPERATIONS

Номер: US20200044846A1
Автор: HESS Basil, SOUKHAREV Vladimir
Принадлежит:

A method and protocol for determining linear combinations of a first and second point for an elliptic curve cryptography scheme, including determining a first scalar multiplication of the first point with a first scalar, the first scalar multiplication including performing iteratively in relation to the value of the first scalar either one of: doubling of the first point in Jacobian projective coordinates; or mixed addition with the first point in affine coordinates; determining a combination point by adding the second point to the resultant of the first scalar multiplication; obtaining an affine coordinate representation of the combination point; determining a second scalar multiplication of the combination point with a second scalar, the second scalar multiplication including performing iteratively in relation to the value of the second scalar either one of: doubling of the combination point in Jacobian projective coordinates; or mixed addition with the combination point in affine coordinates. 1. A protocol for determining linear combinations of a first point and a second point for an elliptic curve cryptography scheme , the elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices , each of the cryptographic correspondent devices comprising a processor and a memory , the memory configured to store a plurality of instructions which when executed by the processor cause the processor to implement the cryptographic scheme , the first point and the second point in affine coordinates , the protocol comprising:obtaining a Jacobian projective coordinate representation of the first point; doubling of a current value of the first point in Jacobian projective coordinates; or', 'mixed addition of a current value of the first point with the initial value of the first point in affine coordinates;, 'determining a first scalar multiplication of the first point with a first scalar, the first scalar ...

Подробнее
Номер записи: 65
16-02-2017 дата публикации

ENCRYPTING DEVICE, ENCRYPTING METHOD, AND RECORDING MEDIUM

Номер: US20170048067A1
Автор: ITOH Kouichi, Takenaka Masahiko, Yajima Jun, YAMAMOTO Dai
Принадлежит: FUJITSU LIMITED

From the least significant bit of the current secret key, k bits are retrieved, obtaining a binary window sequence. A binary bit string of concatenation of the random number to the more significant bits of the window sequence is obtained if the most significant bit of the window sequence is 0, subtracting a bit string from the current secret key to obtain a new secret key, or the bit string of a complement of the base number for the window sequence in binary system is calculated if the most significant bit of the window sequence is 1, obtaining a bit string by adding a minus sign to a bit string obtained by concatenating the random number to the more significant bits of the bit string, subtracting the bit string from the current secret key to obtain a new secret key. 1. An encrypting device which performs an encrypting operation on a point A on an elliptical curve by a secret key d using b , m , k , i , and j as natural numbers excluding 0 , and a random number s , each window sequence w(i) , and a correction value d′ corresponding to the secret key d , the secret key d being a (b+m×k) bits of binary secret key d in elliptical curve cryptography , the encrypting device comprising:a window sequence storage that stores each window sequence w(i);a correction value storage that stores the correction value d′;a random number storage that stores the random number s;a memory that stores instructions; and performing scalar multiplication on the point A using as a scalar value an index value obtained by concatenating the random number s, stored in the random number storage, of a more significant bit side of a bit string of k bits corresponding to a number of bits of each window sequence w(i) stored in the window sequence storage while sequentially changing a value of the bit string of the k bits,', 'generating a randomized table by storing a calculation result of the scalar multiplication as table data corresponding to the index value obtained,', performing a first process ...

Подробнее
Номер записи: 66
16-02-2017 дата публикации

ID-BASED CONTROL UNIT-KEY FOB PAIRING

Номер: US20170048701A1
Автор: Ho Jin-Meng, Peeters Eric
Принадлежит:

A method for pairing a key fob with a control unit is provided. The key fob executes an ID authenticated key agreement protocol with a pairing device based on a key fob identification to authenticate one another and to generate a first encryption key. The pairing device encrypts a control unit identification using the first encryption key. The key fob receives the encrypted control unit identification transmitted from the pairing device. The key fob then executes an ID authenticated key agreement protocol with the control unit based on the control unit identification to authenticate one another and to generate a second encryption key. The key fob then receives an operational key transmitted from the control unit that is encrypted with the second encryption key. 1. A key fob device comprising:a transceiver that transmits and receives signals;memory that stores a first operational key corresponding to a control unit, the first operational key being encrypted by a first secret encryption key; and send a signal, using the transceiver, to initiate an operational key change operation;', 'receive, using the transceiver, a second operational key encrypted using the first operational key; and', 'use the second operational key to transmit commands using the transceiver., 'a processor communicatively coupled to the transceiver and memory that executes instructions stored in the memory to2. The key fob device of claim 1 , wherein prior to receiving the second operational key claim 1 , the first operational key is usable by the key fob device to transmit commands using the transceiver.3. The key fob device of claim 2 , wherein after receiving the second operational key claim 2 , the first operational key is no longer usable by the key fob device to transmit commands.4. The key fob device of claim 3 , wherein the instructions stored in the memory and executed by the processor causes the first operational key to be erased from the memory after the second operational key is ...

Подробнее
Номер записи: 67
14-02-2019 дата публикации

DETERMINING A COMMON SECRET FOR THE SECURE EXCHANGE OF INFORMATION AND HIERARCHICAL, DETERMINISTIC CRYPTOGRAPHIC KEYS

Номер: US20190052458A1
Автор: Savanah Stephane, Wright Craig Steven
Принадлежит:

A method () and system () of determining a common secret for two nodes (). Each node () has a respective asymmetric cryptography pair, each pair including a master private key and a master public key. Respective second private and public keys may be determined based on the master private key, master public key and a deterministic key. A common secret may be determined at each of the nodes based on the second private and public keys. In one example, a node () may determine the common secret based on (i) a second private key based on the node's own master private key and the deterministic key; and (ii) a second public key based on the other node's master public key and the deterministic key. The invention may be suited for use with, but not limited to, digital wallets, blockchain (e.g. Bitcoin) technologies and personal device security. 143.-. (canceled)44. A computer-implemented method of determining , at a first node (C) , a common secret (CS) that is common with the first node (C) , and a second node (S) , wherein the first node (C) is associated with a first asymmetric cryptography pair of a cryptography system having a homomorphic property , the first asymmetric cryptography pair having a first node master private key (V) and a first node master public key (P) , and the second node (S) is associated with a second asymmetric cryptography pair of the cryptography system , the second asymmetric cryptography pair having a second node master private key (V) and a second node master public key (P) , wherein the first node master public key and second node master public key are based on encryption of respective first node master private key and second node master private key using the cryptography system common with the first and second nodes , and wherein the method comprises:{'sub': 2C', '1C, 'determining a first node second private key (V) based on at least the first node master private key (V) and a deterministic key (DK) common with the first and second nodes;'}{' ...

Подробнее
Номер записи: 68
14-02-2019 дата публикации

FLEXIBLE PROVISIONING OF ATTESTATION KEYS IN SECURE ENCLAVES

Номер: US20190052469A1
Автор: Beaney, Cabre Eduardo, Johnson Simon P., JR. JAMES D., MCKEEN FRANCIS X., Rozas Carlos V., Scarlata Vincent R., Smith Wesley H., ZHANG BO, Zmijewski Piotr
Принадлежит: Intel Corporation

A computing platform implements one or more secure enclaves including a first provisioning enclave to interface with a first provisioning service to obtain a first attestation key from the first provisioning service, a second provisioning enclave to interface with a different, second provisioning service to obtain a second attestation key from the second provisioning service, and a provisioning certification enclave to sign first data from the first provisioning enclave and second data from the second provisioning enclave using a hardware-based provisioning attestation key. The signed first data is used by the first provisioning enclave to authenticate to the first provisioning service to obtain the first attestation key and the signed second data is used by the second provisioning enclave to authenticate to the second provisioning service to obtain the second attestation key. 1. One or more non-transitory computer-readable media having instructions stored thereon that , upon execution of the instructions by one or more processors of a computing device , are to cause the computing device to:instantiate a first logical component on a computing device;identify a first request from a second logical component, wherein the first request is related to use of the hardware-based key to sign first data based on the hardware-based key, wherein the first logical component is to maintain the hardware-based key;sign, by the first logical component, the first data based on the hardware-based key; andreturn the signed first data to the second logical component, wherein the signed first data is to authenticate the second logical component to a first service in association with generation of a second key that is to attest characteristics of a first application on the computing-device.2. The one or more non-transitory computer-readable media of claim 1 , wherein the hardware-based key is based on a root key persistently stored on the computing-device.3. The one or more non-transitory ...

Подробнее
Номер записи: 69
22-02-2018 дата публикации

Method and system for secure fido development kit with embedded hardware

Номер: US20180054312A1
Автор: Ashfaq Kamal
Принадлежит: Mastercard International Inc

A method for registration of a biometric template in a computing device includes: storing, in a first memory of a computing device, a biometric module; receiving, by an input device of the computing device, biometric data of a user; generating, by the biometric module of the computing device, a template based on the biometric data; generating, by a generation module of the computing device, a cryptographic key pair comprised of a private key and a corresponding public key using an encryption algorithm; encrypting, by an encryption module of the computing device, the generated template using the private key; storing, in a second memory of the computing device, the private key, wherein the second memory is a trusted execution environment; and storing, in the computing device, the encrypted template.

Подробнее
Номер записи: 70
23-02-2017 дата публикации

CRYPTO DEVICES, STORAGE DEVICES HAVING THE SAME, AND ENCRYPTION AND DECRYPTION METHODS THEREOF

Номер: US20170054550A1
Автор: CHOI Hong-Mook, LEE Heonsoo, Park Sang-Hyun
Принадлежит: SAMSUNG ELECTRONICS CO., LTD.

A method for encryption, decryption, or encryption and decryption of data in a crypto device having at least one crypto core may include: generating a tweak value corresponding to block data, which is placed at a random position from which the encryption, decryption, or encryption and decryption starts, from among sequential block data; and/or performing the encryption, decryption, or encryption and decryption from the block data using the tweak value. A method for encryption, decryption, or encryption and decryption of block data may include: generating a tweak value corresponding to the block data at a random position; and/or performing the encryption, decryption, or encryption and decryption of the block data using the tweak value. 1. A method for encryption , decryption , or encryption and decryption of data in a crypto device having at least one crypto core , the method comprising:generating a tweak value corresponding to block data, which is placed at a random position from which the encryption, decryption, or encryption and decryption starts, from among sequential block data; andperforming the encryption, decryption, or encryption and decryption from the block data using the tweak value.2. The method of claim 1 , wherein the generating of the tweak value comprises:performing a multiplication operation in which a primitive element is multiplied by an encrypted initial tweak value.3. The method of claim 2 , further comprising:generating the encrypted initial tweak value by encrypting an initial tweak value.4. The method of claim 3 , wherein the encrypting of the initial tweak value comprises:repeatedly updating the multiplication operation by a serial number corresponding to the random position.5. The method of claim 4 , wherein a number of cycles which are required to update the multiplication operation is smaller than a number of cycles which are required to perform the encryption claim 4 , decryption claim 4 , or encryption and decryption with respect to one ...

Подробнее
Номер записи: 71
13-02-2020 дата публикации

TECHNIQUE FOR MANAGING PROFILE IN COMMUNICATION SYSTEM

Номер: US20200052907A1
Автор: LEE Duc-key, Lee Hye-won, LEE Sang-Soo, PARK Jong-han, Yeoum Tae-Sun
Принадлежит:

Disclosed are: a communication technique and a system therefor for fusing, with IoT technology, a 5G communication system for supporting a data transmission rate higher than that of a 4G system. Provided is a method for installing a profile of a terminal having an embed universal integrated circuit card (eUICC) in a mobile communication system, the method comprising: requesting for an eUICC authentication certificate to an eUICC and receiving the eUICC authentication certificate; and transferring a profile package to the eUICC so as to install a profile, wherein the received eUICC authentication certificate further comprises an eUICC manufacturer (EUM) authentication certificate. 1. A method of a terminal having a local profile assistant (LPA) and an embedded universal integrated circuit card (eUICC) in a mobile communication system , the method comprising:transmitting, by the LPA, a first message including first information of the eUICC and an eUICC challenge to a server;receiving, by the LPA, a first response message including at least one certificate of the server from the server;transmitting, by the LPA, the at least one certificate of the server to the eUICC;receiving, by the LPA, second information of the eUICC including a signature value of the eUICC;transmitting, by the LPA, a second message including the second information of the eUICC to the server;receiving, by the LPA, a second response message including a profile package from the server; andtransmitting, by the LPA, the profile package to the eUICC to install the profile package.2. The method of claim 1 , further comprising:transmitting, by the LPA, a request for the first information of the eUICC to the eUICC; andreceiving, by the LPA, the first information of the eUICC from the eUICC in response to the request for the first information.3. The method of claim 1 , further comprising:transmitting, by the LPA, a request for the eUICC challenge to the eUICC; andreceiving, by the LPA, the eUICC challenge ...

Подробнее
Номер записи: 72
23-02-2017 дата публикации

APPARATUS AND METHOD FOR SHARING WIFI SECURITY DATA IN AN INTERNET OF THINGS (IOT) SYSTEM

Номер: US20170055148A1
Автор: Aiuto Chris, Holland Shannon, JENG Evan, Liu Clif, ZIMMERMAN SCOTT
Принадлежит:

An apparatus and method are described for connecting an Internet of Things (IoT) hub to a wireless network. For example, one embodiment of a method comprises establishing a secure communication channel between an Internet of Things (IoT) hub and an IoT service using a first secret, the secure communication channel being established through a client device; generating a second secret on the client device and transmitting the second secret to the IoT hub; encrypting a wireless key using the second secret on the client device to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network; transmitting the first-encrypted key to the IoT service; encrypting the first-encrypted key at the IoT service using the first secret to generate a twice-encrypted key; transmitting the twice-encrypted key to the IoT hub over the secure communication channel; decrypting the twice-encrypted key at the IoT hub using the first secret to generate the first-encrypted key and decrypting the first-encrypted key at the IoT hub using the second secret to generate the wireless key; and using the wireless key to establish a secure wireless connection between the IoT hub and the local wireless network. 1. A method comprising:establishing a secure communication channel between an Internet of Things (IoT) hub and an IoT service using a first secret, the secure communication channel being established through a client device;generating a second secret on the client device and transmitting the second secret to the IoT hub;encrypting a wireless key using the second secret on the client device to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network;transmitting the first-encrypted key to the IoT service;encrypting the first-encrypted key at the IoT service using the first secret to generate a twice-encrypted key;transmitting the twice-encrypted key to the IoT ...

Подробнее
Номер записи: 73
10-03-2022 дата публикации

Protection of cryptographic operations by intermediate randomization

Номер: US20220075879A1
Автор: Michael Alexander HAMBURG, Michael Hutter, Michael Tunstall
Принадлежит: Cryptography Research Inc

Aspects of the present disclosure involve a method and a system to support execution of the method to perform a cryptographic operation involving a first vector and a second vector, by projectively scaling the first vector, performing a first operation involving the scaled first vector and the second vector to obtain a third vector, generating a random number, storing the third vector in a first location, responsive to the random number having a first value, or in a second location, responsive to the random number having a second value, and performing a second operation involving a first input and a second input, wherein, based on the random number having the first value or the second value, the first input is the third vector stored in the first location or the second location and the second input is a fourth vector stored in the second location or the first location.

Подробнее
Номер записи: 74
05-03-2015 дата публикации

PRIVATE TWO-PARTY COMPUTATION USING PARTIALLY HOMOMORPHIC ENCRYPTION

Номер: US20150063563A1
Автор: Vaya Shailesh
Принадлежит: XEROX CORPORATION

A product of prime numbers and a quadratic non-residue of one of the prime numbers are received as a public key from a first party. The product of prime numbers comprises a first group and the prime numbers respectively comprise a first sub-group and a second sub-group of the first group. Data of the first party is automatically encrypted bit-wise using a computerized device by encrypting first bit values of the data of the first party as quadratic residue and encrypting second bit values of the data of the first party as quadratic non-residue to produce a first intermediate number. The first intermediate number is automatically multiplied by the quadratic non-residue of the public key using the computerized device to complete encryption of the data of the first party. A square root of a value is received from a second party. The second party does not have the quadratic residue and the quadratic non-residue. A single bit of the data of the first party is automatically decrypted for the second party by factoring the product of prime numbers to evaluate whether the single bit has a square root in the first sub-group or the second sub-group based on the square root of the value from the second party. 1. A method comprising:receiving a product of prime numbers and a quadratic non-residue of one of said prime numbers as a public key from a first party, said product of prime numbers comprising a first group and said prime numbers respectively comprising a first sub-group and a second sub-group of said first group;automatically encrypting data of said first party, bit-wise, using a computerized device, by encrypting first bit values of said data of said first party as quadratic residue and encrypting second bit values of said data of said first party as quadratic non-residue to produce a first intermediate number;automatically multiplying said first intermediate number by said quadratic non-residue of said public key using said computerized device to complete encryption of ...

Подробнее
Номер записи: 75
05-03-2015 дата публикации

Method for ensuring security and privacy in a wireless cognitive network

Номер: US20150063570A1
Автор: Apurva N. Mody, Ranga Reddy, Thomas Kiernan
Принадлежит: BAE Systems Information and Electronic Systems Integration Inc

In some embodiments, authentication, confidentiality, and privacy are enhanced for a wireless network of cognitive radios by encryption of network management and control messages as well as data traffic, thereby protecting information pertaining to node identification, node location, node-sensed incumbent transmissions, CRN frequency channel selections, and such like. During initial network registration, a temporary ID can be issued to a node, and then replaced once encrypted communication has been established. This prevents association of initial, clear-text messages with later encrypted transmissions. Elliptic curve cryptography can be used for mutual authentication between subscribers and the base station. ECC-based implicit digital certificates can be embedded in co-existence beacons used by CRN nodes to coordinate use of frequency channels, thereby preventing denial of service attacks due to transmitting of falsified beacons. Similar certificates can be embedded within identity beacons used to protect certain incumbents from interference by the CRN.

Подробнее
Номер записи: 76
10-03-2022 дата публикации

ARITHMETIC DEVICE AND METHOD

Номер: US20220078012A1
Автор: INOUE Kazuki
Принадлежит: Kioxia Corporation

According to an embodiment, the arithmetic device includes a controller. The controller is configured to: convert a bit string of m bits (where m is an integer of 4 or more) representing a multiplication value k when a certain condition is satisfied; set a value based on a coordinate value P of a specific point for a first variable and a second variable based on a second bit value from a least significant bit of the bit string; perform loop processing (m−3) times for multiplication processing of performing multiplication on the first variable and addition processing of adding two different points which are not infinite points by adding the first variable and the second variable; and output a coordinate value kP obtained by a scalar multiplication of the coordinate value P with the multiplication value k based on processing for a most significant bit of the bit string. 1. An arithmetic device comprising a controller ,the controller being configured to:convert a bit string of m bits (where m is an integer of 4 or more) representing a multiplication value k when a certain condition is satisfied;set a value based on a coordinate value P of a specific point for a first variable and a second variable based on a second bit value from a least significant bit of the bit string;perform loop processing (m−3) times for multiplication processing of performing multiplication on the first variable and addition processing of adding two different points which are not infinite points by adding the first variable and the second variable; andoutput a coordinate value kP obtained by a scalar multiplication of the coordinate value P with the multiplication value k based on processing for a most significant bit of the bit string.2. The arithmetic device according to claim 1 , wherein the controller is configured to perform the multiplication processing of performing multiplication on the first variable claim 1 , and the addition processing of adding the first variable and the second ...

Подробнее
Номер записи: 77
01-03-2018 дата публикации

SECURE ELLIPTIC CURVE CRYPTOGRAPHY INSTRUCTIONS

Номер: US20180062843A1
Автор: Gopal Vinodh
Принадлежит:

A processor of an aspect includes a decode unit to decode an elliptic curve cryptography (ECC) point-multiplication with obfuscated input information instruction. The ECC point-multiplication with obfuscated input information instruction is to indicate a plurality of source operands that are to store input information for an ECC point-multiplication operation. At least some of the input information that is to be stored in the plurality of source operands is to be obfuscated. An execution unit is coupled with the decode unit. The execution unit, in response to the ECC point-multiplication with obfuscated input information instruction, is to store an ECC point-multiplication result in a destination storage location that is to be indicated by the ECC point-multiplication with obfuscated input information instruction. Other processors, methods, systems, and instructions are disclosed. 1. A processor comprising:a decode unit to decode an elliptic curve cryptography (ECC) point-multiplication with obfuscated input information instruction, the ECC point-multiplication with obfuscated input information instruction to indicate a plurality of source operands that are to store input information for an ECC point-multiplication operation, wherein at least a portion of the input information that is to be stored in the plurality of source operands is to be obfuscated; andan execution unit coupled with the decode unit, the execution unit, in response to the ECC point-multiplication with obfuscated input information instruction, to store an ECC point-multiplication result in a destination storage location that is to be indicated by the ECC point-multiplication with obfuscated input information instruction.2. The processor of claim 1 , wherein the plurality of source operands are to store at least one of an obfuscated scalar multiplier claim 1 , an obfuscated base point claim 1 , or an obfuscated modulus.3. The processor of claim 1 , wherein the plurality of source operands are to ...

Подробнее
Номер записи: 78
01-03-2018 дата публикации

SYSTEMS AND METHODS FOR OPERATING SECURE ELLIPTIC CURVE CRYPTOSYSTEMS

Номер: US20180062844A1
Автор: Dubeuf Jeremy, Lhermet Frank, Loisel Yann Yves Rene
Принадлежит: MAXIM INTEGRATED PRODUCTS, INC.

Various embodiments of the invention implement countermeasures designed to withstand attacks by potential intruders who seek partial or full retrieval of elliptic curve secrets by using known methods that exploit system vulnerabilities, including elliptic operation differentiation, dummy operation detection, lattice attacks, and first real operation detection. Various embodiments of the invention provide resistance against side-channel attacks, such as sample power analysis, caused by the detectability of scalar values from information leaked during regular operation flow that would otherwise compromise system security. In certain embodiments, system immunity is maintained by performing elliptic scalar operations that use secret-independent operation flow in a secure Elliptic Curve Cryptosystem. 1. A secure Elliptic Curve Cryptosystem (ECC) for performing elliptic scalar operations , the system comprising:a secure microcontroller comprising a cryptography circuit, the cryptography circuit configured to implement a countermeasure while preventing secret scalar leakage;a memory to store a secret scalar that comprises secret key bits; anda processor to perform elliptic scalar operations, the processor comprising instructions for:receiving an elliptic point and the secret scalar;initializing a value Q to the elliptic point that does not include an initial value at an infinity point;processing the secret key bits of the secret scalar in a sequential manner, wherein processing includes doubling Q;performing elliptic operations comprising elliptical point subtraction and addition; andperforming an elliptical point subtraction by subtracting at least a fraction of the elliptic point from the value Q.2. The secure ECC according to claim 1 , further comprising a state machine that performs one or more of the elliptic scalar operations.3. The secure ECC according to claim 1 , further comprising a register claim 1 , the register is initialized to a point other than a point at ...

Подробнее
Номер записи: 79
01-03-2018 дата публикации

SYSTEMS AND METHODS FOR PERFECT FORWARD SECRECY (PFS) TRAFFIC MONITORING VIA A HARDWARE SECURITY MODULE

Номер: US20180062854A1
Автор: KANCHARLA Phanikumar, MANAPRAGADA Ram Kumar, Singh Tejinder, Yerra Girish Kumar
Принадлежит:

A new approach is proposed to support monitoring Perfect Forward Secrecy (PFS) network traffic by utilizing a hardware security module (HSM) appliance. Here, the HSM appliance is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security hardware with embedded firmware, which can be used for management and sharing of ephemeral keys used in a secured PFS communication session between two parties. Specifically, the HSM allows a server to share one or more of its ephemeral keys and/or parameters used in PFS traffic during the session with a third party under specified access rights and/or authorization, wherein the third party can be but is not limited to a traffic monitoring module. The HSM allows the third party to access the ephemeral keys stored on the HSM under the specified access rights and/or authorization so that the third party may decrypt and run analytics on the PFS traffic captured during the session. 1. A system to support Perfect Forward Secrecy (PFS) network traffic monitoring , comprising: generate and store on the HSM one or more ephemeral public and private keys and/or parameters used for secured communications between a server running on a host and a client device intends to access the server during a current session;', 'compute and store on the HSM a pre-master secret (PMS) to be shared between the server and the client device based on the public and private keys and/or parameters, wherein the PMS is used to encrypt and decrypt PFS communications between the server and the client device only during the current session;', 'maintain policy data on third party access rights and/or authorization on the HSM along with the keys, the parameters, and the PMS stored on the HSM;', 'determine if a third PFS traffic monitoring module monitoring the PFS communications between the server and the client device is allowed access to the PMS stored on the HSM based on the policy data on third party access rights and/or authorization ...

Подробнее
Номер записи: 80
01-03-2018 дата публикации

METHODS AND SYSTEMS FOR PKI-BASED AUTHENTICATION

Номер: US20180062858A1
Автор: Hao Ying, Trevino Jose Rios, Xu Minghua
Принадлежит:

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing. 1. A computer-implemented method comprising:receiving, by a first computer in a first low security zone of a first system, a first application programming interface (API) message from a second system for a first service provided by the first system, the first system comprising a first high security zone behind a first firewall and the first low security zone in front of the first firewall, the second system comprising a second high security zone behind a second firewall and a second low security zone in front of the second firewall, the first API message generated by a second computer in the second high security zone of the second system using a cryptographic algorithm and a private key associated with the second system;authenticating, by the first computer in the first low security zone of the first system, the first API message using the cryptographic algorithm and a public key that corresponds to the private key associated with the second system; andtransmitting the authenticated first API message to a third computer in the first high ...

Подробнее
Номер записи: 81
02-03-2017 дата публикации

Generating Cryptographic Function Parameters From Compact Source Code

Номер: US20170063534A1
Автор: Daniel Richard L. Brown
Принадлежит: Certicom Corp

Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, source code that defines seed information and a pseudorandom function is accessed. A parameter for a cryptographic function by operation of one or more data processors is generated. The parameter is generated from the seed information and the pseudorandom function. The parameter has a larger size in memory than the source code that defines the seed information and the pseudorandom function.

Подробнее
Номер записи: 82
02-03-2017 дата публикации

Generating Cryptographic Function Parameters From a Puzzle

Номер: US20170063535A1
Автор: Brown Daniel Richard L.
Принадлежит: Certicom Corp.

Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, a solution to a puzzle is obtained. A pseudorandom generator is seeded based on the solution. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated. The parameter is generated from the output from the pseudorandom generator. 1. A cryptography method comprising:obtaining a solution to a puzzle;seeding a pseudorandom generator based on the solution;after seeding the pseudorandom generator, obtaining an output from the pseudorandom generator; andgenerating a parameter for a cryptographic function by operation of one or more data processors, the parameter being generated from the output from the pseudorandom generator.2. The method of claim 1 , wherein obtaining the solution to the puzzle comprises generating claim 1 , by operation of one or more processors claim 1 , a puzzle solution by applying a puzzle function to a puzzle input claim 1 , and wherein generating the puzzle solution has a higher computational cost than verifying the puzzle solution.3. The method of claim 2 , comprising performing multiple iterations of an iterative process claim 2 , wherein each iteration comprises:generating a puzzle solution for the iteration by applying the puzzle function to a puzzle input for the iteration;seeding the pseudorandom generator based on the puzzle solution for the iteration; andafter seeding the pseudorandom generator, obtaining from the pseudorandom generator an output for the iteration;wherein the puzzle input for at least one iteration is based on the output for a prior iteration.4. The method of claim 1 , wherein the cryptographic function comprises an elliptic curve function claim 1 , and the parameter comprises a constant for the elliptic curve function.5. The method of claim 1 , wherein generating the parameter comprises deriving the parameter ...

Подробнее
Номер записи: 83
02-03-2017 дата публикации

Generating Cryptographic Function Parameters Based on an Observed Astronomical Event

Номер: US20170063536A1
Автор: Brown Daniel Richard L.
Принадлежит: Certicom Corp.

Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator. 1. A cryptography method comprising:obtaining astronomical data from an observed astronomical event;seeding a pseudorandom generator based on the astronomical data;after seeding the pseudorandom generator, obtaining an output from the pseudorandom generator; andgenerating a parameter for a cryptographic function by operation of one or more data processors, the parameter being generated from the output from the pseudorandom generator.2. The method of claim 1 , wherein the observed astronomical event comprises an event that is globally observable and globally verifiable.3. The method of claim 1 , wherein the observed astronomical event comprises a sunspot claim 1 , and obtaining the astronomical data comprises computing the astronomical data based on an attribute of the sunspot.4. The method of claim 1 , wherein the observed astronomical event comprises a supernova claim 1 , and obtaining the astronomical data comprises computing the astronomical data based on an attribute of the supernova.5. The method of claim 1 , wherein the observed astronomical event comprises a meteoroid discovery claim 1 , and obtaining the astronomical data comprises computing the astronomical data based on an attribute of the meteoroid.6. The method of claim 1 , wherein the observed astronomical event comprises an event on an extraterrestrial planet claim 1 , and obtaining the astronomical data comprises computing the astronomical data based on an attribute of the event.7. ...

Подробнее
Номер записи: 84
12-03-2015 дата публикации

Power Management and Security for Wireless Modules in "Machine-to-Machine" Communications

Номер: US20150071139A1
Автор: John A. Nix
Принадлежит: Individual

Methods and systems are provided for power management and security for wireless modules in “Machine-to-Machine” communications. A wireless module operating in a wireless network and with access to the Internet can efficiently and securely communicate with a server. The wireless network can be a public land mobile network (PLMN) or a wireless local area network (LAN). The wireless module may include a sensor and may be installed next to a monitored unit. The wireless module may utilize active states for collecting and sending data, and sleep states at other times to conserve a battery and/or energy usage. The wireless module minimize the time spent in a radio resource control (RRC) connected state. Messages between the wireless module and server can be transmitted according to a user datagram protocol (UDP). The wireless module and server can utilize public key infrastructure (PKI) for encryption and digital signatures.

Подробнее
Номер записи: 85
17-03-2022 дата публикации

Technology To Provide Fault Tolerance For Elliptic Curve Digital Signature Algorithm Engines

Номер: US20220083439A1
Автор: Ghosh Santosh, Juliato Marcio, Sastry Manoj R.
Принадлежит:

A data processing system includes technology for detecting and tolerating faults. The data processing system comprises an electronic control unit (ECU) with a processing core and a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine. The fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs). The data processing system also comprises nonvolatile storage in communication with the processing core and ECU software in the nonvolatile storage. The ECU software, when executed, enables the data processing system to operate as a node in a distributed data processing system, including receiving digitally signed messages from other nodes in the distributed data processing system. The ECU further comprises a known-answer built-in self-test unit (KA-BISTU). Also, the ECU software comprises fault-tolerant ECDSA engine (FTEE) management software which, when executed by the processing core, utilizes the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults. Other embodiments are described and claimed. 1. An electronic control unit (ECU) with technology for detecting and tolerating faults , the ECU comprising:a processing core;nonvolatile storage in communication with the processing core;a signing state machine (SSM) in communication with the processing core;a fault-tolerant elliptic curve digital signature algorithm (ECDSA) engine in communication with the processing core, wherein the fault-tolerant ECDSA engine comprises multiple verification state machines (VSMs) to verify digital signatures;a known-answer built-in self-test unit (KA-BISTU) in communication with the fault-tolerant ECDSA engine; and{'claim-text': ['utilize the KA-BISTU to periodically test the fault-tolerant ECDSA engine for faults;', 'utilize the SSM to generate a digital signature; and', 'in response to generation of the digital signature by the SSM, automatically utilize the VSMs to verify that the SSM generated the digital signature properly ...

Подробнее
Номер записи: 86
28-02-2019 дата публикации

Secret Data Access Control Systems and Methods

Номер: US20190065764A1
Автор: Czaban Piotr, Gotchac Nicolas, Kappler Kenneth, Nikolsii Sviatoslav, Wood Gavin
Принадлежит:

The decentralized and distributed architecture of blockchain makes it challenging to store secret data. A Secure Document Access Control System (SEDACS) can store secret data using distributed components without compromising on the distributed security features of the blockchain. SEDACS can include a Secret Store, a blockchain, and a decentralized file system. The blockchain can store rules and permissions for documents that contain the secret data. The Secret Store can generate secret keys that can be used to access the documents. The decentralized file system can store the documents that are encrypted using the secret keys. A user can retrieve the encrypted document provided that the user has the permission to do so. The user can decrypt the encrypted document by decrypting the secret key and using the decrypted secret key to decrypt the document. 1. A method of storing an encrypted file using a blockchain , the method comprising:creating a cryptographic hash of the encrypted file;associating file permissions with the cryptographic hash;sending a transaction representing the cryptographic hash and the file permissions from an originator to the blockchain, the blockchain storing the transaction; andtransmitting the encrypted file from the originator to a host.2. The method of claim 1 , wherein creating the cryptographic hash includes using a first key from a key store at the originator.3. The method of claim 1 , wherein the originator includes a middleware claim 1 , the middleware interconnecting the originator and the host.4. The method of claim 3 , wherein transmitting the encrypted file includes transmitting the encrypted file to the host via the middleware.5. The method of claim 1 , wherein the originator is directly connected to a decentralized file system in the host.6. The method of claim 5 , wherein transmitting the encrypted file to the host includes inserting the encrypted file into the decentralized file system via a blockchain Application Programming ...

Подробнее
Номер записи: 87
28-02-2019 дата публикации

CRYPTOGRAPHIC METHOD AND SYSTEM FOR SECURE EXTRACTION OF DATA FROM A BLOCKCHAIN

Номер: US20190066228A1
Автор: Wright Craig Steven
Принадлежит:

The invention relates generally to cryptographic techniques for secure processing, transmission and exchange of data. It also relates to peer-to-peer distributed ledgers such as (but not limited to) the Bitcoin blockchain. In particular, it relates to control solutions for identifying, protecting, extracting, transmitting and updating data in a cryptographically controlled and secure manner. It also relates to system inter-operability and the ability to communicate data between different and distinct computing systems. The invention provides a computer implemented method (and corresponding systems) comprising the steps of identifying a set of first structure public keys comprising at least one public root key associated with a first structure of interest of an entity and one or more associated public sub-keys; deriving a deterministic association between the at least one public root key and the one or more associated public sub-keys; and extracting data from a plurality of transactions (TXs) from a blockchain. The data comprises data indicative of a blockchain transaction (Tx) between the first structure and at least one further structure; and a first structure public key associated with the first structure. The first structure public key is part of a cryptographic public/private key. The method includes the step of generating an output for the first structure of interest by matching at least part of the set of first structure public keys to the extracted transaction data using the deterministic association. The one or more public sub-keys is generated or determined using Elliptic Curve Cryptography (ECC) and a deterministic key (DK) that is based on a cryptographic hash of a message (M). The one or more public sub-keys is determined based on a scalar addition of an associated public parent key and the scalar multiplication of a deterministic key (DK) and a generator (G). 1. A computer implemented method comprising:identifying a set of first structure public keys ...

Подробнее
Номер записи: 88
17-03-2022 дата публикации

Approximate algebraic operations for homomorphic encryption

Номер: US20220085972A1
Автор: Charles C. Schneider, David R. Zaret, Deanna T. Hlavacek, II Gary L. Jackson, Kiel R. Gordon, Prathibha S. Rama, Robert S. Barr
Принадлежит: JOHNS HOPKINS UNIVERSITY

Disclosed herein are system, method, and computer program product embodiments for performing a set of operations on one or more encrypted numbers to be an approximation of performing an algebraic operation on the one or more encrypted number. A server can receive from a client, a public key of a fully homomorphic encryption scheme and one or more encrypted numbers, and perform a set of operations comprising a square root function, a rectified linear activation function (ReLU), or a multiplicative inverse function on the one or more encrypted numbers to generate an encrypted operational result. The encrypted operational result generated by the set of operations can be an approximation of performing an algebraic operation on the one or more encrypted number. The server can further transmit to the client the encrypted operational result.

Подробнее
Номер записи: 89
10-03-2016 дата публикации

Method and apparatus for scalar multiplication secure against differential power attacks

Номер: US20160072622A1
Автор: Hilal Houssain, Turki F. Al-Somani
Принадлежит: Umm al-Qura University

A method of scalar multiplication to obtain the scalar product between a key and a point on an elliptic curve, wherein the secret is m bits long. In selected embodiments, the first step is to partition the secret into two partitions each with m/2 bits. Point-doubling operations are performed on the point and stored into three buffers. Point additions are performed at randomized time intervals thereby preventing the method from being susceptible to differential power analysis attacks.

Подробнее
Номер записи: 90
12-03-2015 дата публикации

ELECTRONIC CIRCUIT AND METHOD FOR MONITORING A DATA PROCESSING

Номер: US20150074422A1
Автор: Meyer Bernd
Принадлежит: INFINEON TECHNOLOGIES AG

According to one embodiment, an electronic circuit is described comprising a processing circuit configured to perform a data processing including a plurality of successive operations, wherein in at least some of the plurality of operations, a predetermined input value is processed; a check value memory; a controller configured to check, for each operation of the data processing performed by the processing circuit, whether the predetermined input value is processed in the operation, and, if the predetermined input value is processed in the operation, combine the predetermined input value to the content of the check value memory and a detector configured to check, when the processing is complete, whether the content of the check value memory is equal to a predetermined value. 1. An electronic circuit comprising:a processing circuit configured to perform a data processing including a plurality of successive operations, wherein in at least some of the plurality of operations, a predetermined input value is processed;a check value memory;a controller configured to check, for each operation of the data processing performed by the processing circuit, whether the predetermined input value is processed in the operation, and, if the predetermined input value is processed in the operation, combine the predetermined input value to the content of the check value memory; anda detector configured to check, when the processing is complete, whether the content of the check value memory is equal to a predetermined value.2. The electronic circuit according to claim 1 , wherein combining the predetermined input value to the content of the check value memory comprises combining the predetermined input value with the content of the check value memory to generate an updated content of the check value memory and storing the updated content of the check value memory in the check value memory.3. The electronic circuit according to claim 1 , wherein the detector is further configured to ...

Подробнее
Номер записи: 91
08-03-2018 дата публикации

DECRYPTING ENCRYPTED DATA ON AN ELECTRONIC DEVICE

Номер: US20180069699A1
Автор: Bowman Roger Paul, PECHKIN Dmitri
Принадлежит: BlackBerry Limited

Systems, methods, and software can be used to encrypt and decrypt data. In some aspects, a decryption request to decrypt the encrypted data is received from an application on an electronic device. A first secret key from a shared secret is generated. The shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data. A first encrypted secret key is generated using the first secret key and a context key. The context key is generated based on the master private key. A first portion of the encrypted data is decrypted using the first secret key. A second secret key is generated from the first secret key. The first secret key is deleted. At least a segment of the decrypted first portion of the encrypted data is sent to the application. 1. A method of decrypting encrypted data , the method comprising:receiving, from an application on an electronic device, a decryption request to decrypt the encrypted data;generating, by a hardware processor, a first secret key from a shared secret, wherein the shared secret is generated based on a master private key and an ephemeral public key associated with the encrypted data;generating, by the hardware processor, a first encrypted secret key using the first secret key and a context key, wherein the context key is generated based on the master private key;decrypting a first portion of the encrypted data using the first secret key;generating a second secret key from the first secret key;deleting the first secret key; andsending at least a segment of the decrypted first portion of the encrypted data to the application.2. The method of claim 1 , wherein the first secret key is generated from the shared secret using a key derivation function claim 1 , and the second secret key is generated from the first secret key using the key derivation function.3. The method of claim 1 , further comprising:decrypting a second portion of the encrypted data using the second secret key;generating a ...

Подробнее
Номер записи: 92
09-03-2017 дата публикации

PROTECTION OF A CALCULATION AGAINST SIDE-CHANNEL ATTACKS

Номер: US20170070341A1
Автор: Teglia Yannick
Принадлежит:

A method for protecting a ciphering algorithm executing looped operations on bits of a first quantity and on a first variable initialized by a second quantity, wherein, for each bit of the first quantity, a random number is added to the state of this bit to update a second variable maintained between two thresholds. 1. A method , comprising:executing a ciphering algorithm including executing looped operations on bits of a first quantity and on a first variable initialized by a second quantity; andprotecting the ciphering algorithm, the protecting including, for each bit of the first quantity, updating a second variable maintained between two thresholds, the updating including adding a random number to a state of the bit of the first quantity.2. The method of wherein said second variable is used in one of plural operations performed for each bit of the first quantity.3. The method of wherein the random number is drawn for each bit of the first quantity.4. The method of claim 1 , comprising claim 1 , after updating the second variable for each bit of the first quantity claim 1 , updating the first variable by a calculation taking into account said second variable and the second quantity.5. The method of wherein the second variable includes no more than 8 bits.6. The method of wherein said plural operations comprise an addition and a doubling claim 2 , said second variable being taken into account during the addition.7. The method of wherein the executing includes multiplying a point of an elliptic curve by a scalar number claim 6 , said scalar number representing the first quantity and said point representing the second quantity.8. The method of wherein said plural operations comprise a squaring and a multiplication claim 2 , said second variable being taken into account in the multiplication.9. The method of wherein the executing includes performing a modular exponentiation of the second quantity claim 8 , the first quantity representing an exponent of the modular ...

Подробнее
Номер записи: 93
09-03-2017 дата публикации

LOCATION AWARE CRYPTOGRAPHY

Номер: US20170070485A1
Автор: Beitel Daniel Robert, Kumar Ambuj, Marson Mark Evan
Принадлежит:

Encrypted data transmitted from a second entity to a first entity may be received. The encrypted data may be encrypted by a location based public key based on a public key and a location associated with the second entity. A location associated with the first entity may be identified. A location based private key may be generated based on a private key that corresponds to the public key and the location associated with the first entity. Furthermore, the encrypted data may be decrypted with the location based private key when the location associated with the first entity matches the location associated with the second entity. 1. A method comprising:receiving encrypted data transmitted from a second entity to a first entity, wherein the encrypted data is encrypted by a location based public key that is based on a public key and a location associated with the second entity;identifying a location associated with the first entity;generating, by a processing device, a location based private key that is based on a private key that corresponds to the public key and the location associated with the first entity; anddecrypting the encrypted data with the location based private key when the location associated with the first entity matches the location associated with the second entity.2. The method of claim 1 , wherein the encrypted data comprises an additional key claim 1 , the method further comprising:encrypting, by the first entity, additional data with the additional key after the decrypting of the encrypted data with the location based private key when the location associated with the first entity matches the location associated with the second entity; andtransmitting the encrypted additional data from the first entity to the second entity.3. The method of claim 2 , wherein the generating of the location based private key is further based on a combination of the private key and the location associated with the first entity claim 2 , and wherein the location based private ...

Подробнее
Номер записи: 94
11-03-2021 дата публикации

DEVICE FOR STORING DIGITAL KEYS FOR SIGNING TRANSACTIONS ON A BLOCKCHAIN

Номер: US20210073795A1
Автор: ALFONSO REYES Ruben, PILOTO FONSECA Carlos David, ROETEN Brian, RUIZ Emmanuel
Принадлежит:

A physical device is designed to store digital keys for carrying out transactions on a blockchain. The physical device comprises a microphone, a loudspeaker, and a DSP processor comprising a secured element in which the pairs of secret keys and public keys are stored, the DSP also comprising an acoustic codec using a dictionary S containing words that represent random or pseudo-random ultrasonic signals stored in the memory of the DSP. The DSP is designed to decode a message consisting of words from S, received from an acoustic channel via the microphone, to sign the thus decoded message by a private key and to transmit the signature obtained in this way in the form of a response consisting of successive words from S, over the acoustic channel, via the loudspeaker. 1213217219250213217. Device for storing digital keys for signing transactions on a blockchain , the device comprising a microphone () , a loudspeaker () and a DSP processor () having a secure element intended to store at least one secret key , the DSP further comprising an encoder/decoder using a codebook , S , the codewords of which , stored in a memory of the DSP or in a secure memory solely accessible to the DSP , represent random or pseudorandom ultrasound signals , the DSP communicating with the outside of the device only through an acoustic channel () , the DSP being suitable for decoding a message consisting of words of S , received from an acoustic channel , via the microphone () , for signing the message thus decoded by means of said private key and for transmitting in response a signature of said message in the form of a response consisting of successive words of S , on said acoustic channel , via the loudspeaker ().2. Digital-key storage device according to claim 1 , further comprising a Human Machine interface by means of which the user can enter a private key or a seed for generating a succession of private keys claim 1 , said private key or keys being stored in the secure element of the DSP ...

Подробнее
Номер записи: 95
27-02-2020 дата публикации

SYSTEMS AND METHODS FOR MASKING ECC OPERATIONS

Номер: US20200067693A1
Автор: Dubeuf Jeremy, Lhermet Frank, Loisel Yann Yves Rene
Принадлежит: MAXIM INTEGRATED PRODUCTS, INC.

Presented are low-cost secure systems and methods that protect cryptographic systems against attacks that seek to exploit the shortcomings of common software-based erasure mechanisms. Various embodiments, protect an Elliptic-Curve Cryptography (ECC) secret from fault attacks. This may be accomplished, for example, by not exposing ECC secrets from the Modular Arithmetic Accelerator (MAA) memory after a Destructive Reset Source (DRS). 1. A method for protecting confidential data comprising:at a secure device, processing a secret value that is associated with a public key to obtain a plurality of parameters of a function such that at least two of the plurality of parameters of the function are necessary to recover the secret value;storing the plurality of parameters in a secure memory in the secure device;at a first time, providing, from the plurality of parameters, a first subset of parameters to a non-secure memory to perform one or more cryptographic operations on the first subset of parameters;at a second time, providing, from the plurality of parameters, a second subset of parameters to the non-secure memory to perform one or more cryptographic operations on the second subset of parameters;in response to a manipulation being detected, erasing data from the secure memory, such that without the erased data the function cannot be recovered from either the secure memory or the non-secure memory; andusing the function to compute the public key.2. The method according to claim 1 , further comprising claim 1 , updating at least some of the plurality of parameters of the function to obtain a modified function from which the secret value can be recovered.3. The method according to claim 1 , wherein the non-secure memory is external to the secure device.4. The method according to claim 1 , wherein the secret value is an integer.5. The method according to claim 1 , wherein the manipulation is indicative of one of at least one of a software attack and a hardware attack.6. The ...

Подробнее
Номер записи: 96
11-03-2021 дата публикации

Computer-implemented systems and methods for performing computational tasks across a group operating in a trust-less or dealer-free manner

Номер: US20210075600A1
Автор: Thomas TREVETHAN
Принадлежит: Nchain Licensing AG

The invention relates to secure determination of a solution (S) to a computational task by a dealer-free threshold signature group. Access to a resource or reward is offered in exchange for the solution. The method enables individuals in said group to work together in a trust-less, or dealer-free manner. To achieve this, individuals generate their own key pair and use their public key to establish with the group an initial shared public key that they can all use, in parallel, to find a solution to the task. Their own private keys remain secret and, therefore, the collaboration is trust¬less, and operates efficiently, because a verified shared public key is created using the initial shared public key that was used when a solution is found and verified. The resource or reward can be secured by the verified shared public key. Because the private keys of each participant were used in the determination of the initial shared public key that lead to the solution then participants must then collaborate to unlock the resource or reward because the corresponding shared private key can only be generated by all participants or a pre-agreed threshold of participants. Efficiency is achievable by using an initial shared public key and calculating with the group a verified shared public key after the solution has been found. The invention enables the task to be trust-less by using the homomorphic properties of elliptic curve cryptography when applying Shamir's secret sharing scheme. The inventive concept resides in the secure, trust-less and efficient way in which a group can collaborate. The invention can be agnostic to the task.

Подробнее
Номер записи: 97
11-03-2021 дата публикации

SYSTEM AND METHOD FOR MULTI-PARTY GENERATION OF BLOCKCHAIN-BASED SMART CONTRACT

Номер: US20210075610A1
Автор: COVACI Alexandra, MADEO Simone, MOTYLINSKI Patrick, Vincent Stéphane
Принадлежит:

Systems and methods described herein relate to techniques that allow for multiple parties to jointly generate or jointly agree upon the parameters for generation of a smart contract, such as a verification key. Execution of the smart contract may be performed by a third party, for example, a worker node on a blockchain network. Techniques described herein may be utilised as part of a protocol in which parties of a smart contract share powers of a secret in a manner that allows each party to determine an identical common reference string, agree on parameters for a smart contract agree and/or make proportionate contributions the smart contract, and combinations thereof. The smart contract may be published to a blockchain network (e.g., Bitcoin Cash). The protocol may be a zero-knowledge protocol. 1. A computer-implemented method comprising , at a first computing entity:determining, based at least in part on a first polynomial and at least two elliptic curve points, a set of elliptic curve points for a second computing entity;making a subset of the set of elliptic curve points available to the second computing entity;receiving a second set of elliptic curve points generated using a second polynomial;determining a power of a secret based at least in part on the first set and the second set;determining, based at least in part on the power of the secret, a common reference string comprising a verification key and an evaluation key, wherein the common reference string is also determinable by the second computing entity as a result of the first computing entity providing the subset to the second computing entity; andgenerating a smart contract comprising a first transaction input provided by the first computing entity and a second transaction input provided by the second computing entity, wherein correct execution of the smart contract by a third computing entity results in the third computing entity being able to generate a blockchain transaction using an output of the ...

Подробнее
Номер записи: 98
07-03-2019 дата публикации

METHODS AND SYSTEMS FOR PKI-BASED AUTHENTICATION

Номер: US20190074979A1
Автор: Hao Ying, Trevino Jose Rios, Xu Minghua
Принадлежит:

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing. 1. A computer-implemented method comprising performing , by a first computer in a first high security zone of a first system:transmitting, over a network, a public key to be obtained by a second computer in a low security zone of a second system, wherein the public key corresponds to a private key associated with the first system, the first system comprising the first high security zone behind a first firewall and a first low security zone in front of the first firewall, the second system comprising a second high security zone behind a second firewall and a second low security zone in front of the second firewall;receiving, over the network, a key ID that identifies the public key;generating a first application programming interface (API) message that includes the key ID;obtaining data to be signed from the first API message;generating a signature token by signing the data using a cryptographic algorithm and the private key associated with the first system; andtransmitting the first API message to the second computer in the low security zone ...

Подробнее
Номер записи: 99
07-03-2019 дата публикации

MANAGING EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD (eUICC) PROVISIONING WITH MULTIPLE CERTIFICATE ISSUERS (CIs)

Номер: US20190074983A1
Автор: AHN David I., Haggerty David T., Li Li, MUELLER Clark P., NARASIMHAN Avinash, Padova Jean-Marc, Yang Xiangying
Принадлежит:

Embodiments provided herein identify a certificate issuer (CI) to be relied on as a trusted third party by an electronic subscriber identity module (eSIM) server in remote SIM provisioning (RSP) transactions with an embedded universal integrated circuit card (eUICC). In an RSP ecosystem, multiple CIs may exist. Parties rely on public key infrastructure (PKI) techniques for establishment of trust. Trust may be established based on a trusted third party such as a CI. Parties need to agree on the CI in order for some PKI techniques to be useful. Embodiments provided herein describe approaches for an eUICC and an eSIM server to arrive at an agreed-on CI. Candidate or negotiated CIs may be indicated on a public key identifier (PKID) list. A PKID list is distributed, in some embodiments, by means of a discovery server, via an activation code (AC) and/or during the establishment of a profile provisioning session. 1. A method comprising: receiving, from an embedded universal integrated circuit card (eUICC), a public key identifier (PKID) list and an eUICC challenge;', 'selecting a certificate issuer (CI) to be used by the eSIM server as a trusted third party, wherein the selecting is based on the PKID list and produces a selected CI;', 'signing the eUICC challenge using a private key during a profile installation flow to create a signature, wherein a public key corresponding to the private key is included in a certificate of the eSIM server signed by the selected CI; and', 'sending, to the eUICC, the certificate signed by the selected CI, the signature, and an indication of a CI to be used by the eUICC for signing operations., 'by an electronic subscriber identity module (eSIM) server2. The method of claim 1 , wherein the CI to be used by the eUICC for signing operations is the selected CI.3. The method of claim 1 , wherein the CI to be used by the eUICC for signing operation is different from the selected CI.4. The method of claim 1 , wherein:the certificate is a ...

Подробнее
Номер записи: 100