Patents by Inventor Silvio Micali

Silvio Micali has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20150236861
    Abstract: Providing information about digital certificate validity includes ascertaining digital certificate validity status for each of a plurality of digital certificates in a set of digital certificates, generating a plurality of artificially pre-computed messages about the validity status of at least a subset of the set of digital certificate of the plurality of digital certificates, where at least one of the messages indicates validity status of more than one digital certificate and digitally signing the artificially pre-computed messages to provide OCSP format responses that respond to OCSP queries about specific digital certificates in the set of digital certificates, where at least one digital signature is used in connection with an OCSP format response for more than one digital certificate. Generating and digitally signing may occur prior to any OCSP queries that are answered by any of the OCSP format responses.
    Type: Application
    Filed: May 4, 2015
    Publication date: August 20, 2015
    Applicant: Assa Abloy AB
    Inventors: David Engberg, Phil Libin, Silvio Micali
  • Patent number: 8983874
    Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.
    Type: Grant
    Filed: October 14, 2009
    Date of Patent: March 17, 2015
    Assignee: Massachusetts Institute of Technology
    Inventors: Silvio Micali, Ronald L. Rivest
  • Patent number: 8732457
    Abstract: Managing a digital certificate includes a landlord providing a digital certificate, a secure hardware device generating a series of n hash values, the secure hardware device providing an nth hash value to the landlord, wherein other hash values are not readily available to the landlord, the landlord placing the nth hash value in the certificate, the landlord digitally verifying the certificate containing the nth hash value to obtain a digitally signed certificate, a tenant obtaining the digitally signed certificate, the tenant obtaining the n hash values and the tenant managing the certificate by periodically issuing a previous hash value in the series of n hash values in response to the certificate being valid when the previous hash value is issued.
    Type: Grant
    Filed: March 20, 2002
    Date of Patent: May 20, 2014
    Assignee: Assa Abloy AB
    Inventor: Silvio Micali
  • Publication number: 20130120109
    Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.
    Type: Application
    Filed: July 30, 2012
    Publication date: May 16, 2013
    Inventors: Phil LIBIN, Silvio Micali, David Engberg
  • Patent number: 8327149
    Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.
    Type: Grant
    Filed: January 27, 2010
    Date of Patent: December 4, 2012
    Assignee: CoreStreet, Ltd.
    Inventors: Silvio Micali, Phil Libin, Brandon Volbright
  • Publication number: 20120274444
    Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
    Type: Application
    Filed: February 17, 2012
    Publication date: November 1, 2012
    Inventors: Silvio Micali, David Engberg, Phil Libin, Leo Reyzin, Alex Sinelnikov
  • Patent number: 8261319
    Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: September 4, 2012
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Patent number: 8171524
    Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
    Type: Grant
    Filed: February 8, 2008
    Date of Patent: May 1, 2012
    Assignee: Corestreet, Ltd.
    Inventors: Silvio Micali, David Engberg, Phil Libin, Leo Reyzin, Alex Sinelnikov
  • Patent number: 8015597
    Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: September 6, 2011
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
  • Patent number: 7966487
    Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated.
    Type: Grant
    Filed: January 10, 2005
    Date of Patent: June 21, 2011
    Assignee: CoreStreet, Ltd.
    Inventors: David Engberg, Phil Libin, Silvio Micali
  • Patent number: 7827401
    Abstract: We propose new systems for certificate revocation that are more economical and efficient than traditional ones. We also point out what we believe to be a structural problem in traditional public-key infrastructures, and various ways to solve it.
    Type: Grant
    Filed: October 11, 2007
    Date of Patent: November 2, 2010
    Assignee: Corestreet Ltd.
    Inventor: Silvio Micali
  • Patent number: 7822989
    Abstract: Controlling access includes providing a barrier to access that includes a controller that selectively allows access, at least one administration entity generating credentials/proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the controller receiving the credentials/proofs, the controller determining if access is presently authorized, and, if access is presently authorized, the controller allowing access. The credentials/proofs may be in one part or may be in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or the first administration entity may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: October 26, 2010
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Publication number: 20100268956
    Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.
    Type: Application
    Filed: January 27, 2010
    Publication date: October 21, 2010
    Inventors: Silvio Micali, Phil Libin, Brandon Volbright
  • Publication number: 20100241569
    Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value TV. The micropayment scheme minimizes the bank's processing costs, while at the same time eliminating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.
    Type: Application
    Filed: October 14, 2009
    Publication date: September 23, 2010
    Applicant: Massachusetts Institute of Technology
    Inventors: Ronald L. Rivest, Silvio Micali
  • Patent number: 7716486
    Abstract: An entity controlling access of a plurality of users to at least one disconnected door includes mapping the plurality of users to a group, for each time interval d of a sequence of dates, having an authority produce a digital signature indicating that members of the group can access door during time interval d, causing at least one of the members of the group to receive the digital signature during time interval d for presentation to the door in order to pass therethrough, having the at least one member of the group present the digital signature to the door D, and having the door open after verifying that (i) the digital signature is a digital signature of the authority indicating that members of the group can access the door at time interval d, and (ii) that the current time is within time interval d.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: May 11, 2010
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Patent number: 7660994
    Abstract: An administration entity controls access to an electronic device by generating credentials and a plurality of corresponding proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs. The electronic device receives the credentials and, if access is authorized at a particular time, the electronic device receives a proof corresponding to the particular time and confirms the proof using the credentials. A single administration entity may generate the credentials and generate the proofs and/or there may be a first administration entity that generates the credentials and other administration entities that generate proofs. The credentials may be a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
    Type: Grant
    Filed: June 24, 2004
    Date of Patent: February 9, 2010
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali
  • Patent number: 7657751
    Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.
    Type: Grant
    Filed: May 13, 2004
    Date of Patent: February 2, 2010
    Assignee: CoreStreet, Ltd.
    Inventors: Silvio Micali, Phil Libin, Brandon Volbright
  • Publication number: 20090276631
    Abstract: A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
    Type: Application
    Filed: March 24, 2009
    Publication date: November 5, 2009
    Inventor: Silvio Micali
  • Patent number: 7600129
    Abstract: Determining access includes determining if particular credentials/proofs indicate that access is allowed, determining if there is additional data associated with the credentials/proofs, wherein the additional data is separate from the credentials/proofs, and, if the particular credentials/proofs indicate that access is allowed and if there is additional data associated with the particular credentials/proofs, then deciding whether to deny access according to information provided by the additional data. The credentials/proofs may be in one part or in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: October 6, 2009
    Assignee: CoreStreet, Ltd.
    Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
  • Patent number: 7529928
    Abstract: A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
    Type: Grant
    Filed: May 13, 2004
    Date of Patent: May 5, 2009
    Assignee: Corestreet, Ltd.
    Inventor: Silvio Micali