Patents by Inventor AHTO TRUU
AHTO TRUU has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11316698Abstract: Data security is provided in the form of a method for digitally signing a data message. A client device issues a issuing a signature request to a server and generates a first signature part as functions of selected ones of first signature parameters. It then receives from the server a second signature part, said second signature part having been computed by the server as functions of second signature parameters and at least one of the first signature parameters. The client device then attempts to verify components of the second signature part and generates a final digital signature of the message only if the components of the second signature part are valid. Part of the computational effort of creating the signature is thus offloaded to the server, even though the server may not be fully trusted.Type: GrantFiled: July 17, 2020Date of Patent: April 26, 2022Assignee: Guardtime SAInventors: Ahto Truu, Denis Firsov
-
Patent number: 11184176Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.Type: GrantFiled: December 17, 2019Date of Patent: November 23, 2021Assignee: Guardtime SAInventors: Henri Lakk, Ahto Truu
-
Patent number: 11057187Abstract: A set of secret, indexed keys is generated and used in requests from a signing entity to a signing server for digital signature of messages. The signing server maintains a counter as well as a hash tree that aggregates requests during a round into a root value that is stored in an append-only data structure in a repository. Each signing entity is associated with a leaf of the hash tree. After a signature is formed, the counter for the requesting signing entity is incremented, whereby the secret key that was used cannot be used again.Type: GrantFiled: August 4, 2019Date of Patent: July 6, 2021Assignee: Guardtime SAInventors: Ahto Buldas, Risto Laanoja, Ahto Truu
-
Patent number: 11018856Abstract: Parties communicate input values to a central entity by first decomposing them according to a chosen operation into share values, which are sent either directly or, in a transformed form such as being hashed and/or encrypted, via a bulletin board data structure, to respective nodes, such that no node receives the input value itself. The nodes then combine the share values using the operation and pass these respective node values to the central entity for computation of a global value. The operation of the parties and of the nodes may be made verifiable by aggregating the share values within a party or the received share values within a node using a data and computational structure such as a hash tree or skip list. Digital signing and timestamping may also be applied.Type: GrantFiled: September 11, 2019Date of Patent: May 25, 2021Assignee: Guardtime SAInventors: Ahto Truu, Rando Mihkelsaar, Hema Krishnamurthy, Jeffrey Pearce
-
Publication number: 20210075595Abstract: Parties communicate input values to a central entity by first decomposing them according to a chosen operation into share values, which are sent either directly or, in a transformed form such as being hashed and/or encrypted, via a bulletin board data structure, to respective nodes, such that no node receives the input value itself. The nodes then combine the share values using the operation and pass these respective node values to the central entity for computation of a global value. The operation of the parties and of the nodes may be made verifiable by aggregating the share values within a party or the received share values within a node using a data and computational structure such as a hash tree or skip list. Digital signing and timestamping may also be applied.Type: ApplicationFiled: September 11, 2019Publication date: March 11, 2021Applicant: Guardtime SAInventors: Ahto TRUU, Rando MIHKELSAAR, Hema KRISHNAMURTHY, Jeffrey PEARCE
-
Publication number: 20210021429Abstract: Data security is provided in the form of a method for digitally signing a data message. A client device issues a issuing a signature request to a server and generates a first signature part as functions of selected ones of first signature parameters. It then receives from the server a second signature part, said second signature part having been computed by the server as functions of second signature parameters and at least one of the first signature parameters. The client device then attempts to verify components of the second signature part and generates a final digital signature of the message only if the components of the second signature part are valid. Part of the computational effort of creating the signature is thus offloaded to the server, even though the server may not be fully trusted.Type: ApplicationFiled: July 17, 2020Publication date: January 21, 2021Applicant: Guardtime SAInventors: Ahto TRUU, Denis FIRSOV
-
Publication number: 20200127849Abstract: During a period of uni-directional, device-to-collector communication, a digital signature is created for at least one data set based on a public key, which is computed from at least one time-bound secret key. When collector-to-device communication becomes available, the collector signals to the device that the current data collection period may end, at which point the time-bound secret key(s) previously used may be revealed but are not longer usable.Type: ApplicationFiled: December 17, 2019Publication date: April 23, 2020Applicant: Guardtime SAInventors: Henri LAKK, Ahto TRUU
-
Publication number: 20200052886Abstract: A set of secret, indexed keys is generated and used in requests from a signing entity to a signing server for digital signature of messages. The signing server maintains a counter as well as a hash tree that aggregates requests during a round into a root value that is stored in an append-only data structure in a repository. Each signing entity is associated with a leaf of the hash tree. After a signature is formed, the counter for the requesting signing entity is incremented, whereby the secret key that was used cannot be used again.Type: ApplicationFiled: August 4, 2019Publication date: February 13, 2020Applicant: Guardtime SAInventors: Ahto BULDAS, Risto LAANOJA, Ahto TRUU
-
Patent number: 10200199Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.Type: GrantFiled: December 26, 2017Date of Patent: February 5, 2019Assignee: Guardtime Holdings LimitedInventors: Ahto Truu, Andres Kroonmaa
-
Publication number: 20180139057Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with either a function of a signature of a child computational node, or of a child entity attestation value derived from an HMAC value of the child entity, or both. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one child entity in the hash tree path used for its initial registration in the infrastructure.Type: ApplicationFiled: December 26, 2017Publication date: May 17, 2018Applicant: Guardtime IP Holdings LimitedInventors: Ahto TRUU, Andres KROONMAA
-
Patent number: 9853819Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.Type: GrantFiled: October 17, 2016Date of Patent: December 26, 2017Assignee: GUARDTIME IP HOLDINGS LTD.Inventors: Ahto Truu, Andres Kroonmaa, Michael Gault, Jeffrey Pearce
-
Patent number: 9614682Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.Type: GrantFiled: April 11, 2015Date of Patent: April 4, 2017Assignee: GUARDTIME IP HOLDINGS, LTD.Inventors: Ahto Buldas, Risto Laanoja, Ahto Truu
-
Publication number: 20170033932Abstract: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.Type: ApplicationFiled: October 17, 2016Publication date: February 2, 2017Applicant: Guardtime IP Holdings LimitedInventors: Ahto TRUU, Andres KROONMAA, Michael GAULT, Jeffrey PEARCE
-
Patent number: 9473306Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.Type: GrantFiled: August 5, 2013Date of Patent: October 18, 2016Assignee: GUARDTIME IP HOLDINGS, LTD.Inventors: Ahto Buldas, Ahto Truu, Andres Kroonmaa
-
Publication number: 20160119152Abstract: Occurrence of an event is detected within a device such as a computer, a communications device, a machine or process component. A non-deterministic time value (NDT) is requested for and associated with the detected event. Each NDT value is generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure.Type: ApplicationFiled: December 31, 2015Publication date: April 28, 2016Applicant: Guardtime IP Holdings LimitedInventors: Michael Gault, Ahto Truu, Martin Ruubel, Jeffrey Pearce
-
Publication number: 20150365242Abstract: A non-deterministic time value (NDT) is generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. A clock displays the NDT value, which it may derive from a sub-set of the calendar value, and presents the NDT to a user in either visual or audible form, or both. may be presented to is presented may also be generated simply for display by a clock, for example as an NDT time zone.Type: ApplicationFiled: August 25, 2015Publication date: December 17, 2015Applicant: Guardtime IP Holdings LimitedInventors: Michael GAULT, Ahto TRUU, Martin RUUBEL, Jeffrey PEARCE
-
Patent number: 9178708Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.Type: GrantFiled: December 2, 2013Date of Patent: November 3, 2015Assignee: GUARDTIME IP HOLDINGS LIMITEDInventors: Michael Gault, Ahto Truu, Ahto Buldas, Martin Ruubel, Jeffrey Pearce
-
Publication number: 20150295720Abstract: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.Type: ApplicationFiled: April 11, 2015Publication date: October 15, 2015Applicant: GUARDTIME IP HOLDINGS, LTD.Inventors: Ahto BULDAS, Risto LAANOJA, Ahto TRUU
-
Publication number: 20150156026Abstract: A capture device such as a camera and/or sound recorder records an event, which includes a visual and/or audible presentation of a time value that is non-deterministic, yet a function of physical time. The non-deterministic time value (NDT) may be generated as a function of a calendar value created at time intervals as a root hash value of a distributed, hash-tree document authentication infrastructure. If the NDT value included in the recording of the event does not match the NDT value corresponding to the calendar value from which it was generated, the recording may be assumed to be altered. Digital time-stamping may be included for the recording of the event to reduce the opportunity for back-dating of the recording. NDT may also be generated simply for display by a clock, for example as an NDT time zone.Type: ApplicationFiled: December 2, 2013Publication date: June 4, 2015Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: Michael GAULT, Ahto TRUU, Ahto BULDAS, Martin RUUBEL, Jeffrey PEARCE
-
Publication number: 20150039893Abstract: At least one node in a distributed hash tree document verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure.Type: ApplicationFiled: August 5, 2013Publication date: February 5, 2015Applicant: GUARDTIME IP HOLDINGS LIMITEDInventors: AHTO BULDAS, AHTO TRUU, ANDRES KROONMAA