Patents by Inventor Shai Halevi
Shai Halevi has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20130315390Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g(z)?i=0n?1(v(?i)?z), where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).Type: ApplicationFiled: June 19, 2013Publication date: November 28, 2013Inventors: Craig B. Gentry, Shai Halevi
-
Patent number: 8565435Abstract: In one exemplary embodiment of the invention, a method for homomorphic decryption, including: providing a ciphertext with element c, there exists a big set B having N elements zi so B={z1,z2, . . . , zN}, there exists a small set S having n elements sj so S={s1, s2, . . . , sn}, the small set is a subset of the big set, summing up the elements of the small set yields the private key, there exists a bit vector {right arrow over (?)} having N bits ?i so {right arrow over (?)}=?1, ?2, . . . , ?N, ?i=1 if zi ? S else ?i=0, there exists an encrypted vector {right arrow over (d)} having N ciphertexts di so d=d1, d2, . . . , dN, di is an encryption of ?i; post-processing c by multiplying it by all zi to obtain an intermediate vector {right arrow over (y)}=y1, y2, . . . , yN with yi computed yi=c×zi; homomorphically multiplying yi by di obtaining a ciphertext vector {right arrow over (x)} having N ciphertexts xi so {right arrow over (x)}=x1, x2, . . .Type: GrantFiled: August 9, 2011Date of Patent: October 22, 2013Assignee: International Business Machines CorporationInventors: Craig B. Gentry, Shai Halevi
-
Patent number: 8532289Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g ? ( z ) ? = def ? ? i = 0 n - 1 ? ? ( v ? ( ? i ) - z ) , where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free term of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).Type: GrantFiled: August 9, 2011Date of Patent: September 10, 2013Assignee: International Business Machines CorporationInventors: Craig B. Gentry, Shai Halevi
-
Patent number: 8494166Abstract: A method, system and program are provided for enabling selective access to multiple users' encrypted data in a single storage cartridge. A unique, derived key is generated for each user's data by performing cryptographic operations on a combination of a common base key and metadata related to the data to be encrypted (e.g. its total block count). The base data key is wrapped with one or more encryption keys to form one or more encryption encapsulated data keys (EEDKs). The base key and the derived key are wrapped to create a session encrypted data key (SEDK), which along with the EEDKs, are conveyed to the tape drive, where the SEDK is decrypted. The EEDKs are then stored in one or more places on the storage cartridge. The base key and the derived key are used to encrypt a predetermined user's data, with the derived key stored on the cartridge with the encrypted data. The encrypted data may be subsequently decrypted by retrieving the EEDK and decrypting it with a decryption key to extract the base data key.Type: GrantFiled: May 1, 2007Date of Patent: July 23, 2013Assignee: International Business Machines CorporationInventors: Paul M. Greco, Shai Halevi, Glen A. Jaquette
-
Patent number: 8422681Abstract: A pairwise key-agreement scheme is provided for creating key agreements non-interactively between pairs of nodes disposed in a hierarchy of nodes. The scheme is non-interactive so that any two nodes can agree on a shared secret key without interaction. In addition, the scheme is identity-based so that any given node only needs to know the identity of peer nodes to compute the shared secret key. All of the nodes are arranged in a hierarchy where an intermediate node in the hierarchy can derive the secret keys for each of its children from its own secret key and the identity of the child. Accordingly, the scheme is fully resilient against compromise of any number of leaves in the hierarchy and of a threshold number of nodes in the upper levels of the hierarchy. The scheme is well-suited for environments such as mobile ad-hoc networks (MANETs), which are very dynamic, have acute bandwidth-constraints and have many nodes are vulnerable to compromise.Type: GrantFiled: March 6, 2008Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Rosario Gennaro, Shai Halevi, Hugo M Krawczyk, Tal Rabin
-
Patent number: 8121286Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.Type: GrantFiled: October 28, 2008Date of Patent: February 21, 2012Assignee: International Buisness Machines CorporationInventors: Shai Halevi, William Eric Hall, Charanjit S. Jutla
-
Publication number: 20120039473Abstract: In one exemplary embodiment of the invention, a method for homomorphic decryption, including: providing a ciphertext with element c, there exists a big set B having N elements zi so B={z1,z2, . . . , zN}, there exists a small set S having n elements sj so S={s1, s2, . . . , sn}, the small set is a subset of the big set, summing up the elements of the small set yields the private key, there exists a bit vector {right arrow over (?)} having N bits ?i so {right arrow over (?)}=?1, ?2, . . . , ?N, ?i=1 if zi ? S else ?i=0, there exists an encrypted vector {right arrow over (d)} having N ciphertexts di so d=d1, d2, . . . , dN, di is an encryption of ?i; post-processing c by multiplying it by all zi to obtain an intermediate vector {right arrow over (y)}=y1, y2, . . . , yN with yi computed yi=c×zi; homomorphically multiplying yi by di obtaining a ciphertext vector {right arrow over (x)} having N ciphertexts xi so z=x1, x2, . . .Type: ApplicationFiled: August 9, 2011Publication date: February 16, 2012Applicant: International Business Machines CorporationInventors: Craig B. Gentry, Shai Halevi
-
Publication number: 20120039465Abstract: In one exemplary embodiment of the invention, a method for computing a resultant and a free term of a scaled inverse of a first polynomial v(x) modulo a second polynomial fn(x), including: receiving the first polynomial v(x) modulo the second polynomial fn(x), where the second polynomial is of a form fn(x)=xn±1, where n=2k and k is an integer greater than 0; computing lowest two coefficients of a third polynomial g(z) that is a function of the first polynomial and the second polynomial, where g(z)?i=0n?1(v(?i)?z), where ?0, ?1, . . . , ?n?1 are roots of the second polynomial fn(x) over a field; outputting the lowest coefficient of g(z) as the resultant; and outputting the second lowest coefficient of g(z) divided by n as the free teen of the scaled inverse of the first polynomial v(x) modulo the second polynomial fn(x).Type: ApplicationFiled: August 9, 2011Publication date: February 16, 2012Applicant: International Business Machines CorporationInventors: Craig B. Gentry, Shai Halevi
-
Publication number: 20120039463Abstract: In one exemplary embodiment of the invention, a method for evaluating at point r one or more polynomials p1(x), . . . , pl(x) of maximum degree up to n?1, where the polynomial pi(x) has a degree of ti?1, the method including: partitioning each polynomial pi(x) into a bottom half pibot(x) with bottom terms of lowest si coefficients and a top half pitop(x) with top terms of remaining ti?si coefficients; recursively partitioning the bottom half pibot(x) and the top half pitop(x) of each polynomial pi(x) obtaining further terms having a lower degree than previous terms, performed until at least one condition is met yielding a plurality of partitioned terms; evaluating the bottom half pibot(x) and the top half pitop(x) at the point r for each polynomial pi(x) by evaluating the partitioned terms at the point r and iteratively combining the evaluated partitioned terms; and evaluating each polynomial pi(x) at the point r by setting pi(r)=rsipitop(r)+pibot(r).Type: ApplicationFiled: August 9, 2011Publication date: February 16, 2012Applicant: International Business Machines CorporationInventors: Craig B. Gentry, Shai Halevi
-
Patent number: 8108683Abstract: The invention includes a method for key creation and recovery based on solutions to puzzles solvable by humans and not computers. In some exemplary embodiments, the key is created and recovered based on the solution(s) in conjunction with the password entered by the user. The puzzle(s) is selected based on the password used by the user from a puzzle database containing multiple puzzles that is greater in number to the number of puzzles used in conjunction with a particular password.Type: GrantFiled: August 10, 2006Date of Patent: January 31, 2012Assignee: International Business Machines CorporationInventors: Ran Canetti, Shai Halevi, Michael Steiner
-
Patent number: 8099781Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: GrantFiled: July 23, 2009Date of Patent: January 17, 2012Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Patent number: 8087090Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range by mapping the effectiveness of performing the mitigation measures to determine a residual risk after a mitigation measure has been implemented.Type: GrantFiled: June 2, 2008Date of Patent: December 27, 2011Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20110243320Abstract: In one exemplary embodiment, a computer readable storage medium tangibly embodying a program of instructions executable by a machine for performing operations including: receiving information B to be encrypted as a ciphertext C in accordance with an encryption scheme having an encrypt function; and encrypting B in accordance with the encrypt function to obtain C, the scheme utilizes at least one public key A, where B, C, and A are matrices, the encrypt function receives as inputs A and B and outputs C as C?AS+pX+B (mod q), S is a random matrix, X is an error matrix, p is in integer, q is an odd prime number. In other exemplary embodiments, the encryption scheme includes a decrypt function that receives as inputs at least one private key T (a matrix) and C and outputs B as B=T?1·(TCTt mod q)·(Tt)?1 mod p.Type: ApplicationFiled: March 30, 2010Publication date: October 6, 2011Applicant: International Business Machines CorporationInventors: Shai Halevi, Craig B. Gentry, Vinod Vaikuntanathan
-
Patent number: 7965844Abstract: A method, system and program are disclosed for efficiently processing host data which comprises encrypted and non-encrypted data and is to be written to a storage medium. The encrypted data is written to the storage medium in encrypted form. The non-encrypted data is encrypted by a storage device using a well known encryption key and written to the storage medium. In this way, the data that is processed by the storage device to and from the storage medium can always be processed through a single encryption engine.Type: GrantFiled: March 20, 2007Date of Patent: June 21, 2011Assignee: International Business Machines CorporationInventors: Paul Merrill Greco, Shai Halevi, Glen Alan Jaquette
-
Patent number: 7921294Abstract: Provided are a method, system, and article of manufacture in which a non-reversible signature of a symmetric cryptographic key is computed, wherein the symmetric cryptographic key is used to symmetrically encrypt data at rest in a storage device. The non-reversible signature is stored in association with the symmetrically encrypted data at rest in the storage device. The non-reversible signature is used to determine validity of a cryptographic key provided by a host for accessing the symmetrically encrypted data at rest in the storage device.Type: GrantFiled: September 7, 2006Date of Patent: April 5, 2011Assignee: International Business Machines CorporationInventors: Paul Merrill Greco, Shai Halevi, Glen Alan Jaquette
-
Patent number: 7832007Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: GrantFiled: January 10, 2006Date of Patent: November 9, 2010Assignee: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20100104095Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.Type: ApplicationFiled: October 28, 2008Publication date: April 29, 2010Inventors: Shai Halevi, William Eric Hall, Charanjit S. Jutla
-
Publication number: 20090282487Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.Type: ApplicationFiled: July 23, 2009Publication date: November 12, 2009Applicant: International Business Machines CorporationInventors: Kay S. Anderson, Pau-Chen Cheng, Mark D. Feblowitz, Genady Grabarnik, Shai Halevi, Nagui Halim, Trent R. Jaeger, Paul Ashley Karger, Zhen Liu, Ronald Perez, Anton V. Riabov, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner
-
Publication number: 20090225986Abstract: A pairwise key-agreement scheme is provided for creating key agreements non-interactively between pairs of nodes disposed in a hierarchy of nodes. The scheme is non-interactive so that any two nodes can agree on a shared secret key without interaction. In addition, the scheme is identity-based so that any given node only needs to know the identity of peer nodes to compute the shared secret key. All of the nodes are arranged in a hierarchy where an intermediate node in the hierarchy can derive the secret keys for each of its children from its own secret key and the identity of the child. Accordingly, the scheme is fully resilient against compromise of any number of leaves in the hierarchy and of a threshold number of nodes in the upper levels of the hierarchy. The scheme is well-suited for environments such as mobile ad-hoc networks (MANETs), which are very dynamic, have acute bandwidth-constraints and have many nodes are vulnerable to compromise.Type: ApplicationFiled: March 6, 2008Publication date: September 10, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Rosario Gennaro, Shai Halevi, Hugo M. Krawczyk, Tal Rabin
-
Patent number: 7530110Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.Type: GrantFiled: May 6, 2005Date of Patent: May 5, 2009Assignee: International Business Machines CorporationInventors: Pau-Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M. Wagner