Patents by Inventor Hugo M. Krawczyk
Hugo M. Krawczyk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20170242924Abstract: A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query.Type: ApplicationFiled: March 31, 2017Publication date: August 24, 2017Inventors: Charles D. Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo M. Krawczyk, Marcel C. Rosu, Michael Steiner
-
Patent number: 9742557Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: GrantFiled: February 10, 2017Date of Patent: August 22, 2017Assignee: International Business Machines CorporationInventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Publication number: 20170155504Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: ApplicationFiled: February 10, 2017Publication date: June 1, 2017Inventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Patent number: 9646166Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.Type: GrantFiled: August 5, 2013Date of Patent: May 9, 2017Assignee: International Business Machines CorporationInventors: Charles D. Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo M. Krawczyk, Marcel C. Rosu, Michael Steiner
-
Patent number: 9584323Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: GrantFiled: January 12, 2016Date of Patent: February 28, 2017Assignee: International Business Machines CorporationInventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Publication number: 20160127130Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: ApplicationFiled: January 12, 2016Publication date: May 5, 2016Inventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Patent number: 9282082Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: GrantFiled: December 23, 2014Date of Patent: March 8, 2016Assignee: International Business Machines CorporationInventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Publication number: 20150156178Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: ApplicationFiled: December 23, 2014Publication date: June 4, 2015Inventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Publication number: 20150039903Abstract: A method for encrypting a database includes the following step. Keywords in the database are encrypted to obtain encrypted search tags for the keywords. A table of reverse indices is generated for the encrypted search tags. A table of cross keyword indices is generated. A method for searching in an encrypted database includes the following steps. A search is formulated as a conjunct of two or more atomic search queries. One of the conjuncts is selected as a primary atomic search query. Search capabilities are generated for a secondary atomic search query using the primary atomic search query and the secondary atomic search query. Such methods mask query data and the actual composition of the database to reduce computation complexity and privacy leakage.Type: ApplicationFiled: August 5, 2013Publication date: February 5, 2015Inventors: Charles D. Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo M. Krawczyk, Marcel C. Rosu, Michael Steiner
-
Publication number: 20150039885Abstract: A method comprises receiving a first cryptographic token for one search term and a second cryptographic token is generated using the one search term and at least another search term. A first search is conducted using the first cryptographic token to generate a first result set, and the second cryptographic token is used for computing a subset of results of the first result set.Type: ApplicationFiled: August 5, 2013Publication date: February 5, 2015Inventors: Charles D. Cash, Stanislaw Jarecki, Charanjit S. Jutla, Hugo M. Krawczyk, Marcel C. Rosu, Michael Steiner
-
Patent number: 8934630Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: GrantFiled: November 2, 2009Date of Patent: January 13, 2015Assignee: International Business Machines CorporationInventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Patent number: 8646062Abstract: Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends.Type: GrantFiled: November 9, 2010Date of Patent: February 4, 2014Assignee: International Business Machines CorporationInventors: Firas Bouz, Terry D. Escamilla, Hugo M. Krawczyk, Tal D. Rabin
-
Patent number: 8522029Abstract: A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input.Type: GrantFiled: August 5, 2010Date of Patent: August 27, 2013Assignee: International Business Machines CorporationInventors: Dakshi Agrawal, Chatschik Bisdikian, Cagatay Capar, Rosario Gennaro, Hugo M. Krawczyk, Tal Rabin, Murtaza Zafer
-
Patent number: 8422681Abstract: A pairwise key-agreement scheme is provided for creating key agreements non-interactively between pairs of nodes disposed in a hierarchy of nodes. The scheme is non-interactive so that any two nodes can agree on a shared secret key without interaction. In addition, the scheme is identity-based so that any given node only needs to know the identity of peer nodes to compute the shared secret key. All of the nodes are arranged in a hierarchy where an intermediate node in the hierarchy can derive the secret keys for each of its children from its own secret key and the identity of the child. Accordingly, the scheme is fully resilient against compromise of any number of leaves in the hierarchy and of a threshold number of nodes in the upper levels of the hierarchy. The scheme is well-suited for environments such as mobile ad-hoc networks (MANETs), which are very dynamic, have acute bandwidth-constraints and have many nodes are vulnerable to compromise.Type: GrantFiled: March 6, 2008Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Rosario Gennaro, Shai Halevi, Hugo M Krawczyk, Tal Rabin
-
Publication number: 20120117639Abstract: Embodiments of the invention provide for authenticating users of web-based applications by presenting a previously acquired signed digital signature. Examples establish secure user sessions between a client and a user in response to a verification of an identification of the user by the client, the client creating a unique username for the user and unlocking access by the user to a client digital signature for use with a request for service from a third party web server. A secure facilitator session is established between the client and a third party web server, wherein messages exchanged with the unique username and a unique session identification indicia of the secure facilitator session signed by the unlocked digital signature result in executed processes requested by the service identifier data if the messages are validated without the client requiring the user to verify user identification for any message until a secure facilitator session ends.Type: ApplicationFiled: November 9, 2010Publication date: May 10, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Firas Bouz, Terry D. Escamilla, Hugo M. Krawczyk, Tal D. Rabin
-
Publication number: 20120036362Abstract: A mechanism is provided for establishing a shared secret-key for secure communication between nodes in a wireless network. A first node in the wireless network provides a spreading code to a second node of the wireless network. The second node provides a first input for the key establishment to the first node using communication encoded with the spreading code. Responsive to obtaining the first input from the second node, the first node provides a second input for the key establishment to the second node using communication encoded with the spreading code. Then, the first node and the second node establish the shared secret-key using the first input and the second input.Type: ApplicationFiled: August 5, 2010Publication date: February 9, 2012Applicant: International Business Machines CorporationInventors: Dakshi Agrawal, Chatschik Bisdikiant, Cagatay Capar, Rosario Gennaro, Hugo M. Krawczyk, Tal Rabin, Murtaza Zafer
-
Publication number: 20110103580Abstract: A method, system and computer program product are disclosed for compressing encrypted data, wherein the data is encrypted by using a block encryption algorithm in a chained mode of operation, and the encrypted data is comprised of a set of N encrypted blocks, C1 . . . CN. In one embodiment, the method comprises leaving block CN uncompressed, and compressing all of the blocks C1 . . . CN in a defined sequence using a Slepian-Wolf code. In an embodiment, the data is encrypted using an encryption key K, and the compressing includes compressing all of the blocks C1 . . . CN without using the encryption key. In one embodiment, the compressing includes outputting the blocks C1 . . . CN as a set of compressed blocks CmprC1 . . . CmprCN-1, and the method further comprises decrypting CN to generate a reconstructed block {tilde over (X)}n, and decrypting and decompressing the set of compressed blocks using {tilde over (X)}n.Type: ApplicationFiled: November 2, 2009Publication date: May 5, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Camit Hazay, Ashish Jagmohan, Demijan Klinc, Hugo M. Krawczyk, Tal Rabin
-
Patent number: 7747865Abstract: A method (and structure) of exchange between two parties interconnected by a device or network. A recipient party (verifier) chooses a secret value x for computing a value X=F1(x), where F1 comprises a first predetermined function having at least one argument, the value x being one of the at least one argument of F1. A signing party (signer) chooses a secret value y for computing a value Y=F2(y), where F2 comprises a second predetermined function having at least one argument, the value y being one of the at least one argument of F2. The signer obtains the value X, and the signer has a private key b and a public key B. The signer computes a value s=F3(y,b,X), where F3 comprises a third predetermined function having at least three arguments: the value y, the private key b, and the value X being three arguments of the at least three arguments of F3.Type: GrantFiled: February 7, 2006Date of Patent: June 29, 2010Assignee: International Business Machines CorporationInventor: Hugo M. Krawczyk
-
Publication number: 20090225986Abstract: A pairwise key-agreement scheme is provided for creating key agreements non-interactively between pairs of nodes disposed in a hierarchy of nodes. The scheme is non-interactive so that any two nodes can agree on a shared secret key without interaction. In addition, the scheme is identity-based so that any given node only needs to know the identity of peer nodes to compute the shared secret key. All of the nodes are arranged in a hierarchy where an intermediate node in the hierarchy can derive the secret keys for each of its children from its own secret key and the identity of the child. Accordingly, the scheme is fully resilient against compromise of any number of leaves in the hierarchy and of a threshold number of nodes in the upper levels of the hierarchy. The scheme is well-suited for environments such as mobile ad-hoc networks (MANETs), which are very dynamic, have acute bandwidth-constraints and have many nodes are vulnerable to compromise.Type: ApplicationFiled: March 6, 2008Publication date: September 10, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rosario Gennaro, Shai Halevi, Hugo M. Krawczyk, Tal Rabin
-
Publication number: 20080281966Abstract: A method for network communication privacy between network devices includes communicating first and second network enabled devices with a network, the first and second network devices in communication via a main communication channel. Respective network addresses of the first and second network enabled devices are dynamically and automatically changed while maintaining the main communication channel between the first and second network enabled devices. Subsequent network addresses of the first and second network enabled devices are created in one of a symmetric manner using a secret key or predetermined list shared between the first and second network enabled devices or created in an asymmetric manner. The asymmetric manner includes communicating the subsequent network addresses of the first and second network enabled devices over a back channel separate from the main communication channel.Type: ApplicationFiled: May 7, 2007Publication date: November 13, 2008Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Raymond B. Jennings, III, Hugo M. Krawczyk, Debanjan Saha