Patents by Inventor Roberto Tamassia
Roberto Tamassia has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11468009Abstract: In embodiments, secure compression algorithms are provided that may be employed as a single operation on raw data to produce compressed and encrypted data. In embodiments, the algorithms described herein may be performed using any type of dictionary based encryption. In one embodiment, upon adding a new prefix to a dictionary table, the dictionary table may be permuted to randomize the entries into the table. The randomization may be based upon a permutation value generated by a deterministic pseudo-random generator and/or pseudo-random function. Other embodiments of randomization may be employed to provide secure compression. For example, instead of permuting the entire table upon adding a prefix, the prefix may be randomly added to the table.Type: GrantFiled: September 16, 2019Date of Patent: October 11, 2022Assignee: Brown UniversityInventors: James Kelley, Roberto Tamassia
-
Publication number: 20200012622Abstract: In embodiments, secure compression algorithms are provided that may be employed as a single operation on raw data to produce compressed and encrypted data. In embodiments, the algorithms described herein may be performed using any type of dictionary based encryption. In one embodiment, upon adding a new prefix to a dictionary table, the dictionary table may be permuted to randomize the entries into the table. The randomization may be based upon a permutation value generated by a deterministic pseudo-random generator and/or pseudo-random function. Other embodiments of randomization may be employed to provide secure compression. For example, instead of permuting the entire table upon adding a prefix, the prefix may be randomly added to the table.Type: ApplicationFiled: September 16, 2019Publication date: January 9, 2020Inventors: James KELLEY, Roberto TAMASSIA
-
Patent number: 10417187Abstract: In embodiments, secure compression algorithms are provided that may be employed as a single operation on raw data to produce compressed and encrypted data. In embodiments, the algorithms described herein may be performed using any type of dictionary based encryption. In one embodiment, upon adding a new prefix to a dictionary table, the dictionary table may be permuted to randomize the entries into the table. The randomization may be based upon a permutation value generated by a deterministic pseudo-random generator and/or pseudo-random function. Other embodiments of randomization may be employed to provide secure compression. For example, instead of permuting the entire table upon adding a prefix, the prefix may be randomly added to the table.Type: GrantFiled: June 3, 2014Date of Patent: September 17, 2019Assignee: Brown UniversityInventors: James Kelley, Roberto Tamassia
-
Patent number: 10409845Abstract: Methods and apparatus are provided for authenticated pattern matching and authenticated exact path queries on outsourced data by a third party server. A source of the outsourced data computes verification information for node and suffix accumulators and sends the data, accumulation values and suffix tree or label trie information to the server; and publishes its public key and the verification digests. The verification may comprise an accumulation tree (AT) or any other public key authentication scheme, such as digital signatures, Merkle Trees and publishing the accumulation values. The server receives the query from a client and the server computes an answer ? to the query and a verification proof that are provided to the client. The client then verifies the answer.Type: GrantFiled: March 15, 2013Date of Patent: September 10, 2019Assignee: EMC IP Holding Company LLCInventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos, Dimitrios Papadopoulos, Edward Joseph Tremel
-
Patent number: 9496897Abstract: Methods and apparatus are provided for encoding and decoding via authenticated error correcting codes, such as secure LT codes, secure Raptor codes, block codes and/or rateless codes. Encoded symbols are generated via an authenticated error correcting code by applying a Luby Transform (LT) code to a plurality of message symbols to produce one or more intermediate symbols using a pseudo random number generator (PRNG) to select the plurality of message symbols to combine to produce the intermediate symbols; encrypting the intermediate symbols to produce encrypted symbols; computing an authentication value, such as a message authentication code (MAC), over one or more of the one or more encrypted symbols; and appending the authentication value to the corresponding encrypted symbols to form the encoded symbols. Block scalable and random scalable constructions are also provided, as well as decoding techniques for all of the constructions.Type: GrantFiled: March 31, 2014Date of Patent: November 15, 2016Assignee: EMC IP Holding Company LLCInventors: Nikolaos Triandopoulos, Ari Juels, Roberto Tamassia, James Alan Kelley
-
Publication number: 20160124983Abstract: In embodiments, secure compression algorithms are provided that may be employed as a single operation on raw data to produce compressed and encrypted data. In embodiments, the algorithms described herein may be performed using any type of dictionary based encryption. In one embodiment, upon adding a new prefix to a dictionary table, the dictionary table may be permuted to randomize the entries into the table. The randomization may be based upon a permutation value generated by a deterministic pseudo-random generator and/or pseudo-random function. Other embodiments of randomization may be employed to provide secure compression. For example, instead of permuting the entire table upon adding a prefix, the prefix may be randomly added to the table.Type: ApplicationFiled: June 3, 2014Publication date: May 5, 2016Inventors: James KELLY, Roberto TAMASSIA
-
Patent number: 9152716Abstract: An improved search engine technique allows a user to ensure that an untrusted search engine provides complete and correct search results without requiring large proofs for large data collections. Thus techniques are presented for a trusted crawler to index a distributed collection of documents and create an authenticated search structure that allows an untrusted search server to return reliably complete and correct search results.Type: GrantFiled: December 31, 2012Date of Patent: October 6, 2015Assignee: EMC CorporationInventors: Nikolaos Triandopoulos, Michael T. Goodrich, Duy Nguyen, Olga Ohrimenko, Charalampos Papamanthou, Roberto Tamassia, Cristina Videira Lopes
-
Patent number: 9098725Abstract: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.Type: GrantFiled: February 26, 2014Date of Patent: August 4, 2015Assignee: Brown UniversityInventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 8997198Abstract: A method is performed by a data server of a plurality of data servers connected to a network, the data server including data storage managed by a remote metadata server, the metadata server managing storage of data across the plurality of data servers. The method includes (a) receiving, via the network, an access request from a client, the access request requesting access to a portion of the data storage of the data server, (b) testing whether the access request includes a data server specific token authenticating that the client has been authorized by the metadata server to access the portion of data storage, and (c) in response to testing, providing the client with access to the portion of data storage on condition that the access request includes the token authenticating that the client has been authorized by the metadata server to access the portion of data storage.Type: GrantFiled: December 31, 2012Date of Patent: March 31, 2015Assignee: EMC CorporationInventors: James Alan Kelley, Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 8978155Abstract: In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node.Type: GrantFiled: July 24, 2009Date of Patent: March 10, 2015Assignee: Brown UniversityInventors: Charles Christopher Erway, Alptekin Küpçü, Charalampos Papamanthou, Roberto Tamassia
-
Publication number: 20140245006Abstract: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.Type: ApplicationFiled: February 26, 2014Publication date: August 28, 2014Applicant: Brown UniversityInventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 8726034Abstract: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.Type: GrantFiled: August 28, 2009Date of Patent: May 13, 2014Assignee: Brown UniversityInventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 8572385Abstract: A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries.Type: GrantFiled: July 29, 2011Date of Patent: October 29, 2013Assignees: Brown University, Boston UniversityInventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Publication number: 20130198854Abstract: In one exemplary embodiment, a method includes: storing data for a file, organized as blocks, each having a portion of the file; and maintaining a skip list for the data. The skip list is an ordered tree structure having a root node, internal nodes and leaf nodes. Each leaf node corresponds to a block. Each node has a rank value corresponding to size of a subtree rooted at the node. The skip list employs a hashing scheme. The hash value of the root node and internal nodes is computed from a level of the node, the rank value and an interval between the node and another linked node to the right of or below the node. The hash value of the leaf nodes is computed from a level of the node, the rank value and an interval associated with the node.Type: ApplicationFiled: July 24, 2009Publication date: August 1, 2013Inventors: Charles Christopher Erway, Alptekin küpçü, Charalampos Papamanthou, Roberto Tamassia
-
Publication number: 20120030468Abstract: A system and method for cryptographically checking the correctness of outsourced set operations performed by an untrusted server over a dynamic collection of sets that are owned (and updated) by a trusted source is disclosed. The system and method provides new authentication mechanisms that allow any entity to publicly verify a proof attesting the correctness of primitive set operations such as intersection, union, subset and set difference. Based on a novel extension of the security properties of bilinear-map accumulators as well as on a primitive called accumulation tree, the system and method achieves optimal verification and proof complexity, as well as optimal update complexity, while incurring no extra asymptotic space overhead. The method provides an efficient proof construction, adding a logarithmic overhead to the computation of the answer of a set-operation query. Applications of interest include efficient verification of keyword search and database queries.Type: ApplicationFiled: July 29, 2011Publication date: February 2, 2012Inventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Publication number: 20110225429Abstract: In one exemplary embodiment, an apparatus includes a memory storing data and a processor performing operations. The apparatus generates or maintains an accumulation tree for the stored data—an ordered tree structure with a root node, leaf nodes and internal nodes. Each leaf node corresponds to a portion of the data. A depth of the tree remains constant. A bound on a degree of each internal node is a function of a number of leaf nodes of a subtree rooted at the internal node. Each node of the tree has an accumulation value. Accumulation values of the root and internal nodes are determined by hierarchically employing an accumulator over the accumulation values of the nodes lying one level below the node in question. The accumulation value of the root node is a digest for the tree.Type: ApplicationFiled: August 28, 2009Publication date: September 15, 2011Inventors: Charalampos Papamanthou, Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 7974221Abstract: In one exemplary embodiment, a method includes: providing an abstract tree structure having a root node, tree nodes, and leaf nodes, each leaf node corresponds to a portion of data; mapping first network nodes of a distributed network to the tree nodes; mapping second network nodes to the leaf nodes; assigning unique identifiers to the root node, tree nodes, and leaf nodes; storing, at each first network node, the unique identifier of the corresponding tree node, the unique identifier of a parent, and the unique identifiers of children; storing, at each second network node, the portion of data and path information; providing a distributed hash tree wherein the DHT includes a hash value for each node of the ATS signing the top hash value for the root node; and storing, at each second network node, the corresponding hash value of the tree node and the hash values of children.Type: GrantFiled: January 24, 2007Date of Patent: July 5, 2011Assignee: Brown UniverstiyInventors: Roberto Tamassia, Nikolaos Triandopoulos
-
Publication number: 20100110935Abstract: A method and distributed network are provided.Type: ApplicationFiled: January 24, 2007Publication date: May 6, 2010Applicant: BROWN UNIVERSITYInventors: Roberto Tamassia, Nikolaos Triandopoulos
-
Patent number: 7257711Abstract: An efficient and practical method for dynamically maintaining an authenticated dictionary uses a skip list data structure and communicative hash functions to provide a dictionary database (201) that stores information objects so that any individual object can be authenticated as belonging or not belonging to the dictionary. The authentication consists of a short sequence of vales that begin with an element and a sequence of values that, when hashed in order using a cryptographic associative hash function, create the same value as the hashed digest of the entire dictionary. Rather than hashing up a dynamic 2-3 tree, hashes are created in a skip list. Validation of the result of the authenticating step is provided if the hash of the short sequence matches a signed hash of the entire skip list.Type: GrantFiled: November 8, 2001Date of Patent: August 14, 2007Assignees: The Johns Hopkins University, Brown UniversityInventors: Michael T. Goodrich, Roberto Tamassia
-
Publication number: 20040107346Abstract: An efficient and practical method for dynamically maintaining an authenticated dictionary uses a skip list data structure and communicative hash functions to provide a dictionary database (201) that stores information objects so that any individual object can be authenticated as belonging or not belonging to the dictionary. The authentication consists of a short sequence of vales that begin with an element and a sequence of values that, when hashed in order using a cryptographic associative hash function, create the same value as the hashed digest of the entire dictionary. Rather than hashing up a dynamic 2-3 tree, hashes are created in a skip list. Validation of the result of the authenticating step is provided if the hash of the short sequence matches a signed hash of the entire skip list.Type: ApplicationFiled: May 7, 2003Publication date: June 3, 2004Inventors: Michael T Goodrich, Roberto Tamassia