Patents by Inventor Ahto Buldas
Ahto Buldas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9178708Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.Type: GrantFiled: December 2, 2013Date of Patent: November 3, 2015Assignee: GUARDTIME IP HOLDINGS LIMITEDInventors: Michael Gault, Ahto Truu, Ahto Buldas, Martin Ruubel, Jeffrey Pearce
-
Publication number: 20150295720Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.Type: ApplicationFiled: April 11, 2015Publication date: October 15, 2015Applicant: GUARDTIME IP HOLDINGS, LTD.Inventors: Ahto BULDAS, Risto LAANOJA, Ahto TRUU
-
Patent number: 9122846Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current calendar value or onward to a composite calendar value that is a function of calendar values in a calendar, which comprises a set of computed calendar values, such that the calendar values have a time correspondence. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value, indicating authentication of the candidate digital record. The authentication process as such is independent of any trust authority that issues cryptographic keys.Type: GrantFiled: April 30, 2014Date of Patent: September 1, 2015Assignee: GUARDTIME IP HOLDINGS LIMITEDInventors: Ahto Buldas, Märt Saarepera
-
Publication number: 20150156026Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.Type: ApplicationFiled: December 2, 2013Publication date: June 4, 2015Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: Michael GAULT, Ahto TRUU, Ahto BULDAS, Martin RUUBEL, Jeffrey PEARCE
-
Publication number: 20150052615Abstract: A code is added as a marking to a document and encodes an identifier that maps to a copy of the document stored in a database. Database copies of stored documents are preferably digitally signed. Using a device such as a smart phone, a user may extract the document identifier from the marking on a purported authentic version of the document and retrieve a copy of the document from the corresponding location in the database. The user can then visually compare the purported authentic version of the document with the retrieved database copy.Type: ApplicationFiled: August 14, 2013Publication date: February 19, 2015Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: Michael GAULT, Risto LAANOJA, Ahto BULDAS, Martin RUUBEL, Peter RAJNAK, David F. A. PIESSE
-
Publication number: 20150039893Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.Type: ApplicationFiled: August 5, 2013Publication date: February 5, 2015Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: AHTO BULDAS, AHTO TRUU, ANDRES KROONMAA
-
Patent number: 8874921Abstract: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.Type: GrantFiled: June 20, 2011Date of Patent: October 28, 2014Assignee: Guardtime IP Holdings, Ltd.Inventors: Ahto Buldas, Andres Kroonmaa, Märt Saarepera
-
Publication number: 20140282863Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current calendar value or onward to a composite calendar value that is a function of calendar values in a calendar, which comprises a set of computed calendar values, such that the calendar values have a time correspondence. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value, indicating authentication of the candidate digital record. The authentication process as such is independent of any trust authority that issues cryptographic keys.Type: ApplicationFiled: April 30, 2014Publication date: September 18, 2014Applicant: Guardtime IP Holdings LimitedInventors: Ahto BULDAS, Märt SAAREPERA
-
Publication number: 20140245020Abstract: An authentication system for digital records has a hash tree structure that computes an uppermost, root hash value that may be digitally signed. A random or pseudo-random number is hashed together with hash values of the digital records and acts as a blinding mask, making the authentication system secure even for relative low-entropy digital records. A candidate digital record is considered verified if, upon recomputation through the hash tree structure given sibling hash values in the recomputation path and the pseudo-random number, the same root hash value is computed.Type: ApplicationFiled: May 24, 2013Publication date: August 28, 2014Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: AHTO BULDAS, AHTO TRUU
-
Patent number: 8719576Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.Type: GrantFiled: September 24, 2012Date of Patent: May 6, 2014Assignee: Guardtime IP Holdings, LtdInventors: Ahto Buldas, Märt Saarepera
-
Publication number: 20130276058Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.Type: ApplicationFiled: September 24, 2012Publication date: October 17, 2013Inventors: Ahto Buldas, Mart Saarepera
-
Patent number: 8347372Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: GrantFiled: January 29, 2010Date of Patent: January 1, 2013Assignee: Guardtime IP Holdings LimitedInventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20120324229Abstract: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.Type: ApplicationFiled: June 20, 2011Publication date: December 20, 2012Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: Ahto Buldas, Andres Kroonmaa, Märt Saarepera
-
Patent number: 8312528Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: GrantFiled: January 29, 2010Date of Patent: November 13, 2012Assignee: Guardtime IP Holdings LimitedInventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20100199342Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: ApplicationFiled: January 29, 2010Publication date: August 5, 2010Applicant: GUARDTIME ASInventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20100199087Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: ApplicationFiled: January 29, 2010Publication date: August 5, 2010Applicant: GUARDTIME ASInventors: Mart Saarepera, Ahto Buldas
-
Patent number: 7698557Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: GrantFiled: December 7, 2004Date of Patent: April 13, 2010Assignee: Guardtime ASInventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20050138361Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.Type: ApplicationFiled: December 7, 2004Publication date: June 23, 2005Inventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20040193872Abstract: A system, method, and computer program product is provided for generating new digitally signed statements (certificates). The generated new certificates can be used within a renewal procedure for compromised signatures. The generated new certificates can also be used within an extension procedure for adding new signatures to existing certificates. The system, method, and computer program product can generate new certificates by receiving an initial list of certificates comprising a plurality of certificates, verify the authenticity of each of the plurality of certificates, compute a new certificate using a composition algorithm, sign the new certificate, revise the list of certificates, and attach the list, as revised, to the new certificate.Type: ApplicationFiled: January 8, 2004Publication date: September 30, 2004Inventors: Mart Saarepera, Ahto Buldas
-
Publication number: 20010032314Abstract: Method and system are described for validating a digital signature. More particularly, a signed message and a corresponding certificate are received. The certificate is checked for validation. A validation statement is generated, and the certificate validation and the signed message provide a status. This status represents a request for validation, and is provided along with a set of validations among which such status is an element. A digest is generated using a Merkle authentication tree corresponding to the set of validations, and this digest is signed with a private key. Accordingly, a notary may provide the signed digest, status and the set of validations for subsequent confirmation of the digital signature.Type: ApplicationFiled: February 9, 2001Publication date: October 18, 2001Inventors: Arne Ansper, Ahto Buldas, Meelis Roos, Jan Villemson