Patents by Inventor Dan Boneh
Dan Boneh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8839451Abstract: Methods, systems, and apparatus, including computer program products, for retaining the function of product activation schemes and other persistent state changes based on hardware identifiers, even when running in a virtual machine monitor. It can tie such schemes to a single identifier, e.g., a USB serial number, instead of the multiple hardware identifiers.Type: GrantFiled: August 7, 2007Date of Patent: September 16, 2014Assignee: Moka5, Inc.Inventors: Monica Sin-Ling Lam, Constantine P. Sapuntzakis, Dan Boneh, Ramesh U. V. Chandra
-
Patent number: 8555081Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: GrantFiled: October 30, 2008Date of Patent: October 8, 2013Assignee: VMware, Inc.Inventors: Xiaoxin Chen, Carl A. Waldspurger, Pratap Subrahmanyam, Tal Garfinkel, Dan Boneh
-
Patent number: 8391488Abstract: A data encryption and decryption system securely geoencrypts data using location-dependent navigation signals. To increase the entropy of the cryptographic key to guard against a brute-force attack, geoencryption is made to depend on largely time-independent characteristics of the navigation signals that are not easily spoofed, including the time difference of arrival, the envelope-to-cycle difference, the differential signal-to-noise, the signal envelope shape, and the directions of arrival of the navigation signal set.Type: GrantFiled: January 15, 2009Date of Patent: March 5, 2013Assignees: Geocodex LLC, Leland Stanford Junior UniversityInventors: Di Qiu, Sherman Lo, Per Enge, Logan Scott, Dan Boneh, Ron Karpf
-
Publication number: 20120322387Abstract: A system for measuring power consumption by a mobile device corresponding to access of web pages is provided. The system includes: the mobile device, configured to access web pages via a wireless network; a power measurement device connected to a battery of the mobile device, configured to measure parameters related to power consumption; and a server, in communication with the mobile device and the power measurement device, configured to control the mobile device's access of web pages and control the power measurement device's measurement of parameters, to receive measurements from the power measurement device, and to process the received measurements so as to correlate the mobile device's access of a web page with an amount of power consumed corresponding to the mobile device's access of the web page.Type: ApplicationFiled: June 15, 2012Publication date: December 20, 2012Applicants: The Board of Trustees of the Leland Stanford Junior University, DEUTSCHE TELEKOM AGInventors: Angela Nicoara, Narendan Thiagarajan, Gaurav Aggarwal, Dan Boneh
-
Patent number: 8320559Abstract: Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.Type: GrantFiled: August 6, 2009Date of Patent: November 27, 2012Assignee: Voltage Security, Inc.Inventors: Dan Boneh, Xavier Boyen
-
Geosecurity methods and devices using geotags derived from noisy location data from multiple sources
Patent number: 8315389Abstract: In a geo-security system, a device receives RF signals from multiple distinct classes of RF communication systems and extracts location-dependent signal parameters. A current geotag is computed from the parameters by fuzzy extractors involving quantization of the parameters and Reed-Solomon decoding to provide a reproducible unique geotag. The current geotag is compared with a stored geotag, and a geo-secured function of the device is executed based on the result of the comparison. The use of multiple signal sources of different types, combined with special fuzzy extractors provides a robust geotag that allows both lower false rejection rate and lower false acceptance rate.Type: GrantFiled: January 25, 2010Date of Patent: November 20, 2012Assignee: The Board of Trustees of the Leland Stanford Junior UniversityInventors: Di Qiu, Sherman Lo, David S. De Lorenzo, Dan Boneh, Per Enge -
Publication number: 20120159188Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. The sender uses a bilinear map to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110]. The receiver [110] uses the bilinear map to decrypt V and recover the original message M. According to one embodiment, the bilinear map is based on a Weil pairing or a Tate pairing defined on a subgroup of an elliptic curve. Also described are several applications of the techniques, including key revocation, credential management, and return receipt notification.Type: ApplicationFiled: February 8, 2012Publication date: June 21, 2012Inventors: Dan Boneh, Matthew Franklin
-
Publication number: 20120159604Abstract: An embodiment of the present invention includes a system for communicating digital data from a preferably small battery powered device (e.g., key-chain or pocket-sized form-factor) to a personal electronic device (e.g., a smartphone such as an iPhone or a Nexus One). The communication mechanism of the present invention can be used as second factor authentication. The present invention can also be used as a key for accessing physical locations such as building. Alternatively, the present invention can be used as a manner for transmitting digital data to a personal electronic device such as a smart phone.Type: ApplicationFiled: August 11, 2011Publication date: June 21, 2012Applicant: The Board of Trustees of the Leland Stanford, Junior, UniversityInventors: Hristo Bojinov, Dan Boneh
-
Patent number: 8130964Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s.Type: GrantFiled: October 28, 2009Date of Patent: March 6, 2012Assignees: The Board of Trustees of the Leland Stanford Junior University, The Regents of the University of California, DavisInventors: Dan Boneh, Matthew Franklin
-
Patent number: 8120533Abstract: Location systems and methods are implemented using a variety of arrangements and methods. Using one such system location information is provided in response to a utility-line arrangement propagating signals that represent a wireless radio-frequency (RF) communication originating from one or more remote transmitters. The system includes a receiver circuit communicatively coupled and responsive to the utility-line arrangement. The system also includes a signal-processing logic circuit, communicatively coupled and responsive to the utility-line arrangement. The signal processing logic circuit is arranged to derive location information from characteristics of the signals that are indicative of a location of the receiver circuit relative to the remote transmitters.Type: GrantFiled: September 28, 2007Date of Patent: February 21, 2012Assignee: The Board of Trustees of the Leland Stanford Junior UniversityInventors: Sherman Chih Lo, Per Enge, C. O. Lee Boyce, Jr., Nicolai V. Alexeev, Dan Boneh
-
Geosecurity methods and devices using geotags derived from noisy location data from multiple sources
Publication number: 20110181470Abstract: In a geo-security system, a device receives RF signals from multiple distinct classes of RF communication systems and extracts location-dependent signal parameters. A current geotag is computed from the parameters by fuzzy extractors involving quantization of the parameters and Reed-Solomon decoding to provide a reproducible unique geotag. The current geotag is compared with a stored geotag, and a geo-secured function of the device is executed based on the result of the comparison. The use of multiple signal sources of different types, combined with special fuzzy extractors provides a robust geotag that allows both lower false rejection rate and lower false acceptance rate.Type: ApplicationFiled: January 25, 2010Publication date: July 28, 2011Inventors: Di Qiu, Sherman Lo, David S. De Lorenzo, Dan Boneh, Per Enge -
Patent number: 7970141Abstract: The present invention relates to a method for traitor tracing. One embodiment of a method for determining at least one traced private key used by a decoder to decrypt an encrypted message includes defining an input ciphertext, the input ciphertext being associated with a tracing private key and having a sublinear size, calling the decoder on the input ciphertext, and associating the tracing private key with a set of traced private keys if the decoder is able to correctly decrypt the encrypted message in accordance with the input ciphertext, the set of traced private keys including at least one private key.Type: GrantFiled: September 13, 2007Date of Patent: June 28, 2011Assignees: The Regents of the University of California, SRI International, The Board of Trustees of the Leland Stanford Junior UniversityInventors: Dan Boneh, Amit Sahai, Brent Waters
-
Publication number: 20100208895Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s.Type: ApplicationFiled: October 28, 2009Publication date: August 19, 2010Inventors: Dan Boneh, Matthew Franklin
-
Patent number: 7757278Abstract: A method and apparatus are provided for protecting sensitive information within server or other computing environments. Numerous electronic requests addressed to a server system are received over network couplings and evaluated. The evaluation scans for sensitive information including credit card information and private user information. Upon detecting sensitive data, cryptographic operations are applied to the sensitive data. When the sensitive data is being transferred to the server system, the cryptographic operations encrypt the sensitive data prior to transfer among components of the server system. When sensitive data is being transferred from the server system, the cryptographic operations decrypt the sensitive data prior to transfer among the network couplings. The cryptographic operations also include hash, and keyed hash operations.Type: GrantFiled: January 2, 2002Date of Patent: July 13, 2010Assignee: SafeNet, Inc.Inventors: Dan Boneh, Rajeev Chawla, Alan Frindell, Eu-Jin Goh, Nagendra Modadugu, Panagiotis Tsirigotis
-
Publication number: 20090316900Abstract: A data encryption and decryption system securely geoencrypts data using location-dependent navigation signals. To increase the entropy of the cryptographic key to guard against a brute-force attack, geoencryption is made to depend on largely time-independent characteristics of the navigation signals that are not easily spoofed, including the time difference of arrival, the envelope-to-cycle difference, the differential signal-to-noise, the signal envelope shape, and the directions of arrival of the navigation signal set.Type: ApplicationFiled: January 15, 2009Publication date: December 24, 2009Inventors: Di QIU, Sherman LO, Per ENGE, Logan SCOTT, Dan BONEH, Ron KARPF
-
Patent number: 7634087Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s.Type: GrantFiled: May 9, 2006Date of Patent: December 15, 2009Assignees: The Board of Trustees of the Leland Stanford Junior University, The Regents of the University of California, DavisInventors: Dan Boneh, Matthew Franklin
-
Patent number: 7590236Abstract: Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.Type: GrantFiled: March 25, 2005Date of Patent: September 15, 2009Assignees: Voltage Security, Inc., The Board of Trustees of the Leland Stanford Junior UniversityInventors: Dan Boneh, Xavier Boyen
-
Patent number: 7587605Abstract: In at least one implementation, described herein, P and Q1, . . . , Qn are public points on an elliptic curve over a finite field, but the ratios of Qi to P are private. Those ratios are the components (?1, . . . , ?n) of a private key, where Qi=?i P. This implementation generates short digital ciphers (i.e., signatures), at least in part, by mapping a message M to a point T on the elliptic curve and then scaling that point T based upon the private key ? to get S. At least one other implementation, described herein, verifies those ciphers by comparing pairing values of two pairs, where one pair is the public point P and the scaled point S and another pair is public Q and the point T. This implementation tests whether log(Q)/log(P)=log(S)/log(T), without computing any elliptic curve discrete logarithm directly.Type: GrantFiled: March 19, 2004Date of Patent: September 8, 2009Assignee: Microsoft CorporationInventors: Ramarathnam Venkatesan, Dan Boneh, Peter L. Montgomery, Victor Boyko
-
Publication number: 20090113216Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.Type: ApplicationFiled: October 30, 2008Publication date: April 30, 2009Applicant: VMware, Inc.Inventors: Xiaoxin CHEN, Carl A. WALDSPURGER, Pratap SUBRAHMANYAM, Tal GARFINKEL, Dan BONEH
-
Publication number: 20090034714Abstract: A method and system for encrypting a first piece of information M to be sent by a sender [100] to a receiver [110] allows both sender and receiver to compute a secret message key using identity-based information and a bilinear map. In a one embodiment, the sender [100] computes an identity-based encryption key from an identifier ID associated with the receiver [110]. The identifier ID may include various types of information such as the receiver's e-mail address, a receiver credential, a message identifier, or a date. The sender uses a bilinear map and the encryption key to compute a secret message key gIDr, which is then used to encrypt a message M, producing ciphertext V to be sent from the sender [100] to the receiver [110] together with an element rP. An identity-based decryption key dID is computed by a private key generator [120] based on the ID associated with the receiver and a secret master key s.Type: ApplicationFiled: May 9, 2006Publication date: February 5, 2009Inventors: Dan Boneh, Matthew Franklin