Patents by Inventor Nadarajah Asokan
Nadarajah Asokan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11522698Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.Type: GrantFiled: August 24, 2020Date of Patent: December 6, 2022Assignee: NEC CORPORATIONInventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
-
Patent number: 11126710Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.Type: GrantFiled: October 2, 2019Date of Patent: September 21, 2021Assignee: Conversant Wireless Licensing. S.a r.l.Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
-
Publication number: 20200389310Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.Type: ApplicationFiled: August 24, 2020Publication date: December 10, 2020Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
-
Patent number: 10797877Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.Type: GrantFiled: November 25, 2016Date of Patent: October 6, 2020Assignee: NEC CORPORATIONInventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
-
Patent number: 10664353Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers includes performing, by a primary node (PN), a prepare procedure that includes computing a prepare message including a unique identifier and multicasting the prepare message to the REPN. The method further includes performing, by the PN, a commit procedure that includes receiving, from each of a portion of the REPN, a prepare message reply signature part and aggregating each of the prepare message reply signature parts to generate a prepare message reply aggregated signature, checking the validity of the prepare message reply aggregated signature, and upon determining that the prepare message reply aggregated signature is valid, computing a commit message including the prepare message reply aggregated signature and multicasting the commit message to the REPN. The method further includes transmitting, to the client, the commit message reply aggregated signature.Type: GrantFiled: July 4, 2018Date of Patent: May 26, 2020Assignee: NEC CORPORATIONInventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
-
Patent number: 10565400Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.Type: GrantFiled: October 27, 2015Date of Patent: February 18, 2020Assignee: Nokia Technologies OyInventors: Nadarajah Asokan, Jan-Erik Ekberg, Lauri Paatero
-
Publication number: 20200034526Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.Type: ApplicationFiled: October 2, 2019Publication date: January 30, 2020Inventors: Nadarajah ASOKAN, Janne MANTYLA, Reza SERAFAT
-
Publication number: 20190386829Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.Type: ApplicationFiled: November 25, 2016Publication date: December 19, 2019Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
-
Patent number: 10482238Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.Type: GrantFiled: December 19, 2017Date of Patent: November 19, 2019Assignee: Conversant Wireless Licensing S.a r.l.Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
-
Patent number: 10374799Abstract: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.Type: GrantFiled: April 13, 2011Date of Patent: August 6, 2019Assignee: Nokia Technologies OyInventors: Sandeep Tamrakar, Jan-Erik Ekberg, Jukka Virtanen, Nadarajah Asokan
-
Publication number: 20180329783Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers includes performing, by a primary node (PN), a prepare procedure that includes computing a prepare message including a unique identifier and multicasting the prepare message to the REPN. The method further includes performing, by the PN, a commit procedure that includes receiving, from each of a portion of the REPN, a prepare message reply signature part and aggregating each of the prepare message reply signature parts to generate a prepare message reply aggregated signature, checking the validity of the prepare message reply aggregated signature, and upon determining that the prepare message reply aggregated signature is valid, computing a commit message including the prepare message reply aggregated signature and multicasting the commit message to the REPN. The method further includes transmitting, to the client, the commit message reply aggregated signature.Type: ApplicationFiled: July 4, 2018Publication date: November 15, 2018Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
-
Publication number: 20180253546Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.Type: ApplicationFiled: December 19, 2017Publication date: September 6, 2018Inventors: Nadarajah ASOKAN, Janne MANTYLA, Reza SERAFAT
-
Patent number: 10049017Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers by a client, wherein the n servers include one primary node (PN) and n?1 replica nodes (REPN), wherein f servers may arbitrarily fail, and wherein all n servers include a trusted computing entity (TCE), includes: performing a request procedure, performing a prepare procedure, performing a commit procedure, and performing a reply procedure. The request procedure includes providing a request message for requesting a certain operation, and transmitting the request message to all n servers. The prepare procedure includes computing a prepare message including at least part of the content of the request message and a unique identifier (UI), the UI being computed by the TCE, the UI being based on a cryptographic signature of the request message and a unique, monotonic, sequential counter (UMSC), and providing the prepare message to the REPN.Type: GrantFiled: October 4, 2016Date of Patent: August 14, 2018Assignee: NEC CorporationInventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
-
Publication number: 20180157558Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers by a client, wherein the n servers include one primary node (PN) and n?1 replica nodes (REPN), wherein f servers may arbitrarily fail, and wherein all n servers include a trusted computing entity (TCE), includes: performing a request procedure, performing a prepare procedure, performing a commit procedure, and performing a reply procedure. The request procedure includes providing a request message for requesting a certain operation, and transmitting the request message to all n servers. The prepare procedure includes computing a prepare message including at least part of the content of the request message and a unique identifier (UI), the UI being computed by the TCE, the UI being based on a cryptographic signature of the request message and a unique, monotonic, sequential counter (UMSC), and providing the prepare message to the REPN.Type: ApplicationFiled: October 4, 2016Publication date: June 7, 2018Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
-
Patent number: 9979545Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.Type: GrantFiled: May 24, 2017Date of Patent: May 22, 2018Assignee: Nokia Technologies OyInventors: Yan Fu, Nadarajah Asokan, Ville Aarni
-
Patent number: 9906528Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.Type: GrantFiled: March 15, 2016Date of Patent: February 27, 2018Assignee: Nokia CorporationInventors: Pekka Laitinen, Philip Ginzboorg, Nadarajah Asokan, Gabor Bajko
-
Patent number: 9881150Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.Type: GrantFiled: August 16, 2016Date of Patent: January 30, 2018Assignee: Conversant Wireless Licensing S.a.r.l.Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
-
Patent number: 9781085Abstract: A method, apparatus and computer program product are disclosed for establishing secure off-network communications between first and second Secure Cellular Devices that each have a cellular identity. The second Secure Cellular Device may assume the role of Remote Device for interaction with the NAF keyserver and may obtain a local key. The first Secure Cellular Device may derive the local key and the two devices may conduct secure communications using the shared local key. The two Secure Cellular Devices may alternate the roles of Secure Host and Remote Device, each twice obtaining or deriving a shared local key such that there are two such keys. The devices may employ one key for secure communication in one direction and the other for communication in the other direction. Alternatively, the devices may derive a unique shared key as a function of the two shared keys.Type: GrantFiled: February 14, 2012Date of Patent: October 3, 2017Assignee: Nokia Technologies OyInventors: Silke Holtmanns, Nadarajah Asokan
-
Publication number: 20170264437Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.Type: ApplicationFiled: May 24, 2017Publication date: September 14, 2017Inventors: Yan FU, Nadarajah ASOKAN, Ville AARNI
-
Patent number: 9756036Abstract: A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.Type: GrantFiled: June 5, 2013Date of Patent: September 5, 2017Assignee: Nokia Technologies OyInventors: Kari Kostiainen, Nadarajah Asokan