Patents by Inventor Nevenko Zunic

Nevenko Zunic has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 6940976
    Abstract: Methods, systems and computer program products are provided which generate an RSA cryptographic value by obtaining user specific information about a user and determining a user specific range of values based on the user specific information. The potential range of RSA prime values is divided into at least two subintervals and the user specific range of values mapped onto a first of the at least two subintervals. A first user-dependent RSA prime is then selected from the range of RSA prime values in the first subinterval corresponding to the mapped user specific range of values.
    Type: Grant
    Filed: June 2, 1999
    Date of Patent: September 6, 2005
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6928163
    Abstract: Methods, systems and computer program products are provided which allow for generation and authentication of RSA encrypted values by utilizing a combination of entity specific information such as biometric information and by incorporating information about the secret seeds into the cryptographic values p and q utilized to encrypt the information. Thus, authentication of an encrypted message may be achieved without requiring storage of the secret seed values utilized to generate the cryptographic values. Furthermore the present invention assures that users with different entity specific information utilize different p and q values.
    Type: Grant
    Filed: July 20, 1999
    Date of Patent: August 9, 2005
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6826686
    Abstract: A secure method for changing a password to a new password when the passwords are being transmitted over a network is presented. The present invention does not require the use of any additional keys (such as symmetric keys or public/private key pairs) to protect the password exchanges. Moreover, the present solution does not require the use of any encryption algorithms (such as DES, RC4/RC5, etc.), it only requires the use of a collision-resistant hash function.
    Type: Grant
    Filed: April 14, 2000
    Date of Patent: November 30, 2004
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Nevenko Zunic
  • Publication number: 20040158714
    Abstract: A method to distribute and authenticate public encryption keys. A client concatenates its ID, its public key, and a secret password known to the client and a server, and hashes the result. The client forms an extended concatenation including the ID, the public key, and the hashed value, and sends the extended concatenation to the server. The server reads the ID and public key, and re-computes the hashed value based on its own knowledge of the password. If the received and the computed hashed values are the same, the server concludes that the client's public key is authentic. An analogous process enables the server to distribute its public key, and enables the client to authenticate the server's distributed public key.
    Type: Application
    Filed: February 10, 2003
    Publication date: August 12, 2004
    Applicant: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20040158715
    Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password, using a pair of random numbers, a pair of Diffie-Hellman public keys computed from the random numbers and the password, a Diffie-Hellman symmetric secret key computed from the Diffie-Hellman public keys and the random numbers, and hashed values of arguments that depend upon these elements.
    Type: Application
    Filed: February 10, 2003
    Publication date: August 12, 2004
    Applicant: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20040158708
    Abstract: A method to exchange and authenticate public cryptographic keys between parties that share a common but secret password. The parties exchange public keys, where the public keys are accompanied by hashed values based on the keys, the password, and random numbers. Each party then encrypts its random number using the public key of the other party, and the encryptions are exchanged. Based on the received encryptions and the known password, each party then re-computes the hashed value received from the other party, and compares the re-computed hashed value with the received hashed value. If the two are the same, the public key that accompanied the hashed value is judged authentic.
    Type: Application
    Filed: February 10, 2003
    Publication date: August 12, 2004
    Applicant: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Publication number: 20040146164
    Abstract: A method for protecting data for access by a plurality of users. A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data. A KEK may be derived from a natural language passphrase by hashing the passphrase, concatenating the result and a predetermined text, hashing the concatenation, and truncating.
    Type: Application
    Filed: January 27, 2003
    Publication date: July 29, 2004
    Applicant: International Business Machines Corporation
    Inventors: Per Erwin Jonas, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6742119
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document and a digital time indication. The time stamp receipt is submitted to a time stamping agent having a trusted clock. The time stamping agent optionally validates the time stamp receipt and then computes the age of the time stamp receipt. If valid, the time stamping agent certifies the time stamp receipt by signing the time stamp receipt with a private signature key. The private signature key is selected from a group of signature keys by the time stamping agent based on the computed age of the time stamp receipt.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: May 25, 2004
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6697947
    Abstract: Methods, systems and computer program products are provided which allow for multi-party authentication by receiving a plurality of biometric authentication messages from a corresponding plurality of users. The biometric authentication messages include biometric data corresponding to the user. It is determined if each of the plurality of received biometric authentication messages is a valid message based on the biometric data contained in the biometric authentication messages so as to determine a quantity of valid biometric authentication messages. An indication of authentication is then provided if the quantity of the valid messages of the received plurality of messages is at least an authentication threshold value.
    Type: Grant
    Filed: June 17, 1999
    Date of Patent: February 24, 2004
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6687375
    Abstract: Methods, systems and computer program products are provided which generate a cryptographic key utilizing user specific information to generate a user dependent key. The user specific information may be a user identification or biometric information associated with a user. In particular embodiments of the present invention a seed value is modified with biometric information to generate a user dependent key value. In alternative embodiments a key value is hashed with user specific information or user specific information is hashed and then combined with the key value to generate the user dependent key value. In still another embodiment of the present invention the space of potential key values is divided into subspaces and the subspaces assigned based on user specific information. A key value is then generated from the assigned subspace. Thus, the generated key values for different users are guaranteed to be disjoint.
    Type: Grant
    Filed: June 2, 1999
    Date of Patent: February 3, 2004
    Assignee: International Business Machines Corporation
    Inventors: Stephen Michael Matyas, Jr., Mohammad Peyravian, Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6560337
    Abstract: Systems, methods and computer program products reduce effective key length of a symmetric key cipher by deriving an intermediate value from an initial key, using a one-way cryptographic function. Predetermined bit locations of the intermediate value are selected to obtain an intermediate key. An intermediate shortened key is derived from the intermediate key by setting predetermined bit locations of the intermediate key to predetermined values. A diffused intermediate shortened key is derived from the intermediate shortened key using the one-way cryptographic function. Predetermined bit locations of the diffused intermediate shortened key are then selected to obtain a shortened key. In first embodiments, the one-way cryptographic function is a one-way hash function. Second embodiments use the symmetric key cipher itself to perform the one-way cryptographic function.
    Type: Grant
    Filed: October 28, 1998
    Date of Patent: May 6, 2003
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Stephen Michael Matyas, Jr., Nevenko Zunic
  • Publication number: 20030084339
    Abstract: An improved methodology and implementing computer system are provided in which sensitive information is selectively masked in order to enable such information to be relatively securely and efficiently transmitted over networks without disclosure of such sensitive information at a transmitting or receiving terminal, or at points along the data transmission network.
    Type: Application
    Filed: October 25, 2001
    Publication date: May 1, 2003
    Applicant: International Business Machines Corporation
    Inventors: Allen Leonid Roginsky, Nevenko Zunic
  • Patent number: 6535607
    Abstract: A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K.
    Type: Grant
    Filed: November 2, 1998
    Date of Patent: March 18, 2003
    Assignee: International Business Machines Corporation
    Inventors: Coimbatore S. Chandersekaran, Rosario Gennaro, Sarbari Gupta, Stephen M. Matyas, Jr., David R. Safford, Nevenko Zunic
  • Patent number: 6363154
    Abstract: Secure messages are sent among a group of nodes selected from a plurality of nodes that are connected to a communications network, by defining a random secret key at a first one of the group of nodes. The random secret key is sent from the first one of the group nodes to remaining ones of the group of nodes. A random number is generated at a second one of the group of nodes. A one-way hash of the random number and the random secret key is performed at the second one of the group of nodes to generate a working key. A message is encrypted at the second one of the group of nodes, using the working key. The encrypted message and the random number is sent from the second one of the group of nodes to remaining ones of the group of nodes. The encrypted message and the random number are received at the remaining ones of the group of nodes. Each of the remaining ones of the group of nodes performs a one-way hash of the random number and the random secret key, to regenerate the working key.
    Type: Grant
    Filed: October 28, 1998
    Date of Patent: March 26, 2002
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Stephen Michael Matyas, Jr., Nevenko Zunic
  • Patent number: 6243470
    Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: June 5, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6192129
    Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: February 20, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6189095
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).
    Type: Grant
    Filed: June 5, 1998
    Date of Patent: February 13, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185304
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185679
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6058188
    Abstract: In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver.
    Type: Grant
    Filed: July 24, 1997
    Date of Patent: May 2, 2000
    Assignee: International Business Machines Corporation
    Inventors: Coimbatore S. Chandersekaran, Rosario Gennaro, Sarbari Gupta, Stephen M. Matyas, Jr., David R. Safford, Nevenko Zunic