Patents by Inventor Nadarajah Asokan

Nadarajah Asokan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11522698
    Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.
    Type: Grant
    Filed: August 24, 2020
    Date of Patent: December 6, 2022
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
  • Patent number: 11126710
    Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: September 21, 2021
    Assignee: Conversant Wireless Licensing. S.a r.l.
    Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
  • Publication number: 20200389310
    Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.
    Type: Application
    Filed: August 24, 2020
    Publication date: December 10, 2020
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
  • Patent number: 10797877
    Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.
    Type: Grant
    Filed: November 25, 2016
    Date of Patent: October 6, 2020
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
  • Patent number: 10664353
    Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers includes performing, by a primary node (PN), a prepare procedure that includes computing a prepare message including a unique identifier and multicasting the prepare message to the REPN. The method further includes performing, by the PN, a commit procedure that includes receiving, from each of a portion of the REPN, a prepare message reply signature part and aggregating each of the prepare message reply signature parts to generate a prepare message reply aggregated signature, checking the validity of the prepare message reply aggregated signature, and upon determining that the prepare message reply aggregated signature is valid, computing a commit message including the prepare message reply aggregated signature and multicasting the commit message to the REPN. The method further includes transmitting, to the client, the commit message reply aggregated signature.
    Type: Grant
    Filed: July 4, 2018
    Date of Patent: May 26, 2020
    Assignee: NEC CORPORATION
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
  • Patent number: 10565400
    Abstract: An internal but not integrated security token is provided for a device which includes a first integrated circuitry including a secure processor. The security token is provided by a second integrated circuitry separate from the first circuitry. The second integrated circuitry includes a secure non-volatile storage. The secure processor communicates information to the second circuitry in a secure manner for the secure information to be securely stored in the secure non-volatile storage, and the second integrated circuitry communicates information stored in its secure non-volatile storage to the secure processor in a secure manner. Communications is secured by means of cryptography. The first integrated circuitry and the second integrated circuitry are internal parts of the device. An initialization method for distributing a secure key to be shared between the circuitries and to be used in cryptography is also disclosed.
    Type: Grant
    Filed: October 27, 2015
    Date of Patent: February 18, 2020
    Assignee: Nokia Technologies Oy
    Inventors: Nadarajah Asokan, Jan-Erik Ekberg, Lauri Paatero
  • Publication number: 20200034526
    Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.
    Type: Application
    Filed: October 2, 2019
    Publication date: January 30, 2020
    Inventors: Nadarajah ASOKAN, Janne MANTYLA, Reza SERAFAT
  • Publication number: 20190386829
    Abstract: A method for byzantine fault-tolerance replicating of data on a plurality of n servers includes performing a preprocessing procedure. The n servers include one primary node (PN) and n?1 backup nodes (BN), wherein f servers may arbitrarily fail, and wherein all n servers have a trusted computing entity (TCE). The preprocessing procedure is performed by the TCE of the PN and includes computing a random secret value for a unique, monotonic, sequential counter (UMSC) to be assigned with a request message for requesting an operation to be performed, computing a commitment for the random secret value and the UMSC, and splitting the random secret value into a plurality of shares. The preprocessing procedure further includes computing a server-specific authenticated encryption of each share, and providing the computed server-specific shares and the computed commitment to the respective servers.
    Type: Application
    Filed: November 25, 2016
    Publication date: December 19, 2019
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan
  • Patent number: 10482238
    Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: November 19, 2019
    Assignee: Conversant Wireless Licensing S.a r.l.
    Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
  • Patent number: 10374799
    Abstract: A method, apparatus, system and computer program where an apparatus stores user specific credentials, receives a certificate via the communication interface from a certificate authority and stores the certificate in the memory. The apparatus further stores a private key and a public key in the memory and attempts authenticating of the apparatus to a ticket reader for accessing a service, by transmission of one or more messages, wherein the messages contain an authenticator that has at least one of the following: the certificate or its cryptographic derivative; one or more data items contained by the certificate or a cryptographic derivative thereof. The messages are prepared such that the public key is not recoverable from outside of the authenticator.
    Type: Grant
    Filed: April 13, 2011
    Date of Patent: August 6, 2019
    Assignee: Nokia Technologies Oy
    Inventors: Sandeep Tamrakar, Jan-Erik Ekberg, Jukka Virtanen, Nadarajah Asokan
  • Publication number: 20180329783
    Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers includes performing, by a primary node (PN), a prepare procedure that includes computing a prepare message including a unique identifier and multicasting the prepare message to the REPN. The method further includes performing, by the PN, a commit procedure that includes receiving, from each of a portion of the REPN, a prepare message reply signature part and aggregating each of the prepare message reply signature parts to generate a prepare message reply aggregated signature, checking the validity of the prepare message reply aggregated signature, and upon determining that the prepare message reply aggregated signature is valid, computing a commit message including the prepare message reply aggregated signature and multicasting the commit message to the REPN. The method further includes transmitting, to the client, the commit message reply aggregated signature.
    Type: Application
    Filed: July 4, 2018
    Publication date: November 15, 2018
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
  • Publication number: 20180253546
    Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.
    Type: Application
    Filed: December 19, 2017
    Publication date: September 6, 2018
    Inventors: Nadarajah ASOKAN, Janne MANTYLA, Reza SERAFAT
  • Patent number: 10049017
    Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers by a client, wherein the n servers include one primary node (PN) and n?1 replica nodes (REPN), wherein f servers may arbitrarily fail, and wherein all n servers include a trusted computing entity (TCE), includes: performing a request procedure, performing a prepare procedure, performing a commit procedure, and performing a reply procedure. The request procedure includes providing a request message for requesting a certain operation, and transmitting the request message to all n servers. The prepare procedure includes computing a prepare message including at least part of the content of the request message and a unique identifier (UI), the UI being computed by the TCE, the UI being based on a cryptographic signature of the request message and a unique, monotonic, sequential counter (UMSC), and providing the prepare message to the REPN.
    Type: Grant
    Filed: October 4, 2016
    Date of Patent: August 14, 2018
    Assignee: NEC Corporation
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
  • Publication number: 20180157558
    Abstract: A method for byzantine fault-tolerant replication of data on a plurality of n servers by a client, wherein the n servers include one primary node (PN) and n?1 replica nodes (REPN), wherein f servers may arbitrarily fail, and wherein all n servers include a trusted computing entity (TCE), includes: performing a request procedure, performing a prepare procedure, performing a commit procedure, and performing a reply procedure. The request procedure includes providing a request message for requesting a certain operation, and transmitting the request message to all n servers. The prepare procedure includes computing a prepare message including at least part of the content of the request message and a unique identifier (UI), the UI being computed by the TCE, the UI being based on a cryptographic signature of the request message and a unique, monotonic, sequential counter (UMSC), and providing the prepare message to the REPN.
    Type: Application
    Filed: October 4, 2016
    Publication date: June 7, 2018
    Inventors: Ghassan Karame, Wenting Li, Jian Liu, Nadarajah Asokan, Andrew Paverd
  • Patent number: 9979545
    Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.
    Type: Grant
    Filed: May 24, 2017
    Date of Patent: May 22, 2018
    Assignee: Nokia Technologies Oy
    Inventors: Yan Fu, Nadarajah Asokan, Ville Aarni
  • Patent number: 9906528
    Abstract: An approach is provided for performing authentication in a communication system. In one embodiment, a key is established with a terminal in a communication network according to a key agreement protocol. The agreed key is tied to an authentication procedure to provide a security association that supports reuse of the key. A master key is generated based on the agreed key. In another embodiment, digest authentication is combined with key exchange parameters (e.g., Diffie-Hellman parameters) in the payload of the digest message, in which a key (e.g., SMEKEY or MN-AAA) is utilized as a password. In yet another embodiment, an authentication algorithm (e.g., Cellular Authentication and Voice Encryption (CAVE)) is employed with a key agreement protocol with conversion functions to support bootstrapping.
    Type: Grant
    Filed: March 15, 2016
    Date of Patent: February 27, 2018
    Assignee: Nokia Corporation
    Inventors: Pekka Laitinen, Philip Ginzboorg, Nadarajah Asokan, Gabor Bajko
  • Patent number: 9881150
    Abstract: A method for verifying the integrity of platform software of an electronic device is provided, the method comprising accessing a module of said platform software, obtaining a signature (S), obtaining a verification key (VK), said verification key (VK) corresponding to a signing key (SK), verifying if said signature (S) was derived by signing said platform software module with said signing key (SK), by using said verification key (VK), and establishing a positive verification of said platform software module if said verification is successful. The invention also provides a method for providing a platform software module to perform the aforementioned method, and a device on which the aforementioned method can be performed.
    Type: Grant
    Filed: August 16, 2016
    Date of Patent: January 30, 2018
    Assignee: Conversant Wireless Licensing S.a.r.l.
    Inventors: Nadarajah Asokan, Janne Mantyla, Reza Serafat
  • Patent number: 9781085
    Abstract: A method, apparatus and computer program product are disclosed for establishing secure off-network communications between first and second Secure Cellular Devices that each have a cellular identity. The second Secure Cellular Device may assume the role of Remote Device for interaction with the NAF keyserver and may obtain a local key. The first Secure Cellular Device may derive the local key and the two devices may conduct secure communications using the shared local key. The two Secure Cellular Devices may alternate the roles of Secure Host and Remote Device, each twice obtaining or deriving a shared local key such that there are two such keys. The devices may employ one key for secure communication in one direction and the other for communication in the other direction. Alternatively, the devices may derive a unique shared key as a function of the two shared keys.
    Type: Grant
    Filed: February 14, 2012
    Date of Patent: October 3, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Silke Holtmanns, Nadarajah Asokan
  • Publication number: 20170264437
    Abstract: Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.
    Type: Application
    Filed: May 24, 2017
    Publication date: September 14, 2017
    Inventors: Yan FU, Nadarajah ASOKAN, Ville AARNI
  • Patent number: 9756036
    Abstract: A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.
    Type: Grant
    Filed: June 5, 2013
    Date of Patent: September 5, 2017
    Assignee: Nokia Technologies Oy
    Inventors: Kari Kostiainen, Nadarajah Asokan