Patents by Inventor Silvio Micali

Silvio Micali has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20080232590
    Abstract: A method of producing an offer package includes defining, within the offer package, a description of an offered product. The cost of the offered product and the merchant making the offer are also defined within the offer package, which includes an encrypted version of the offered product.
    Type: Application
    Filed: January 23, 2004
    Publication date: September 25, 2008
    Inventors: Ronald L. Rivest, Silvio Micali, Perry Solomon, Robert Nix, Robert Carney, Prasad Jonnalagadda, Joseph Bergeron III, Mark Bates
  • Publication number: 20080211624
    Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
    Type: Application
    Filed: February 8, 2008
    Publication date: September 4, 2008
    Inventors: Silvio Micali, David Engberg, Phil Libin, Leo Reyzin, Alex Sinelnikov
  • Publication number: 20080163338
    Abstract: We propose new systems for certificate revocation that are more economical and efficient than traditional ones. We also point out what we believe to be a structural problem in traditional public-key infrastructures, and various ways to solve it.
    Type: Application
    Filed: October 11, 2007
    Publication date: July 3, 2008
    Inventor: Silvio Micali
  • Patent number: 7353396
    Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
    Type: Grant
    Filed: April 8, 2003
    Date of Patent: April 1, 2008
    Assignee: CoreStreet, Ltd.
    Inventors: Silvio Micali, David Engberg, Phil Libin, Leo Reyzin, Alex Sinelnikov
  • Patent number: 7337315
    Abstract: A method and system for overcoming the problems associated with certificate revocation lists (CRL's), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.
    Type: Grant
    Filed: March 21, 2003
    Date of Patent: February 26, 2008
    Assignee: Corestreet, Ltd.
    Inventor: Silvio Micali
  • Publication number: 20060149671
    Abstract: A payment processing system includes one transaction processor that aggregates cost data associated with low-priced sales transactions between a consumer and a merchant. The transaction processor sends data that represents the aggregated cost data to an acquiring banking entity associated with the merchant. The system also includes another transaction processor that stores data that represents each individual low-priced sales transaction. The stored data is accessible by one or more banking entities associated with the merchant.
    Type: Application
    Filed: June 27, 2005
    Publication date: July 6, 2006
    Inventors: Robert Nix, Alek Mesarovich, Theodore Schwartz, Jeffrey Schachter, Peter Masters, Jason Mondanaro, Ronald Rivest, Silvio Micali, Prasad Jonnalagadda
  • Publication number: 20050193204
    Abstract: Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated.
    Type: Application
    Filed: January 10, 2005
    Publication date: September 1, 2005
    Inventors: David Engberg, Phil Libin, Silvio Micali
  • Publication number: 20050154878
    Abstract: Providing information about digital certificate validity includes ascertaining digital certificate validity status for each of a plurality of digital certificates in a set of digital certificates, generating a plurality of artificially pre-computed messages about the validity status of at least a subset of the set of digital certificate of the plurality of digital certificates, where at least one of the messages indicates validity status of more than one digital certificate and digitally signing the artificially pre-computed messages to provide OCSP format responses that respond to OCSP queries about specific digital certificates in the set of digital certificates, where at least one digital signature is used in connection with an OCSP format response for more than one digital certificate. Generating and digitally signing may occur prior to any OCSP queries that are answered by any of the OCSP format responses.
    Type: Application
    Filed: January 10, 2005
    Publication date: July 14, 2005
    Inventors: David Engberg, Phil Libin, Silvio Micali
  • Publication number: 20050154879
    Abstract: Providing information about digital certificate validity includes obtaining a plurality of signing key/verification key pairs, where each signing key provides a digital signature and a corresponding one of the verification keys verifies the digital signature and where digitally signing together a plurality of data elements using the signing keys is computationally more efficient than digitally signing each of the data elements individually, ascertaining digital certificate validity status for each certificate in a set of digital certificates, generating a plurality of artificially pre-computed messages about the validity status of at least a subset of the set of digital certificates, and digitally signing together the artificially pre-computed messages using signing keys from the pairs. Ascertaining digital certificate validity status may include obtaining authenticated information about digital certificates.
    Type: Application
    Filed: January 10, 2005
    Publication date: July 14, 2005
    Inventors: David Engberg, Phil Libin, Silvio Micali
  • Publication number: 20050055548
    Abstract: A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
    Type: Application
    Filed: May 13, 2004
    Publication date: March 10, 2005
    Inventor: Silvio Micali
  • Publication number: 20050055567
    Abstract: Controlling access includes providing a barrier to access that includes a controller that selectively allows access, at least one administration entity generating credentials/proofs, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the controller receiving the credentials/proofs, the controller determining if access is presently authorized, and, if access is presently authorized, the controller allowing access. The credentials/proofs may be in one part or may be in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or the first administration entity may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
    Type: Application
    Filed: July 16, 2004
    Publication date: March 10, 2005
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Publication number: 20050044376
    Abstract: Issuing and disseminating a data about a credential includes having an entity issue authenticated data indicating that the credential has been revoked, causing the authenticated data to be stored in a first card of a first user, utilizing the first card for transferring the authenticated data to a first door, having the first door store information about the authenticated data, and having the first door rely on information about the authenticated data to deny access to the credential. The authenticated data may be authenticated by a digital signature and the first door may verify the digital signature. The digital signature may be a public-key digital signature. The public key for the digital signature may be associated with the credential. The digital signature may be a private-key digital signature. The credential and the first card may both belong to the first user.
    Type: Application
    Filed: July 16, 2004
    Publication date: February 24, 2005
    Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
  • Publication number: 20050044386
    Abstract: Determining access includes determining if particular credentials/proofs indicate that access is allowed, determining if there is additional data associated with the credentials/proofs, wherein the additional data is separate from the credentials/proofs, and, if the particular credentials/proofs indicate that access is allowed and if there is additional data associated with the particular credentials/proofs, then deciding whether to deny access according to information provided by the additional data. The credentials/proofs may be in one part or in separate parts. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not generate proofs. The credentials may correspond to a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
    Type: Application
    Filed: July 16, 2004
    Publication date: February 24, 2005
    Inventors: Phil Libin, Silvio Micali, David Engberg, Alex Sinelnikov
  • Publication number: 20050044402
    Abstract: Logging events associated with accessing an area includes recording an event associated with accessing the area to provide an event recording and authenticating at least the event recording to provide an authenticated recording. Recording an event may include recording a time of the event. Recording an event may include recording a type of event. The event may be an attempt to access the area. Recording an event may include recording credentials/proofs used in connection with the attempt to access the area. Recording an event may include recording a result of the attempt. Recording an event may include recording the existence of data other than the credentials/proofs indicating that access should be denied. Recording an event may include recording additional data related to the area. Authenticating the recording may include digitally signing the recording.
    Type: Application
    Filed: July 16, 2004
    Publication date: February 24, 2005
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Publication number: 20050033962
    Abstract: An entity controlling access of a plurality of users to at least one disconnected door includes mapping the plurality of users to a group, for each time interval d of a sequence of dates, having an authority produce a digital signature indicating that members of the group can access door during time interval d, causing at least one of the members of the group to receive the digital signature during time interval d for presentation to the door in order to pass therethrough, having the at least one member of the group present the digital signature to the door D, and having the door open after verifying that (i) the digital signature is a digital signature of the authority indicating that members of the group can access the door at time interval d, and (ii) that the current time is within time interval d.
    Type: Application
    Filed: July 16, 2004
    Publication date: February 10, 2005
    Inventors: Phil Libin, Silvio Micali, David Engberg
  • Publication number: 20050010783
    Abstract: At least one administration entity controls access to an electronic device by the at least one administration entity generating credentials and a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the electronic device receiving the credentials, if access is authorized at a particular time, the electronic device receiving a proof corresponding to the particular time, and the electronic device confirming the proof using the credentials. The at least one administration entity may generate proofs after generating the credentials. A single administration entity may generate the credentials and generate the proofs. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not.
    Type: Application
    Filed: June 24, 2004
    Publication date: January 13, 2005
    Inventors: Phil Libin, Silvio Micali
  • Publication number: 20040237031
    Abstract: Indicating data currentness includes, on any date of a sequence of dates, issuing a proof indicating the currentness status of the data during a particular time interval. The proof may be a digital signature. The time interval may be in the form of a current date and an amount of time. The proof may include a digital signature of the time interval. The proof may include a digital signature of the time interval and the data. The proof may include a digital signature of the time interval and a compact form of the data, such as a hash. Indicating data currentness may also include distributing the proofs to a plurality of unsecure units that respond to requests by users for the proofs. Indicating data currentness may also include gathering a plurality of separate pieces of data and providing a single proof for the separate pieces of data. The data may be electronic documents.
    Type: Application
    Filed: May 13, 2004
    Publication date: November 25, 2004
    Inventors: Silvio Micali, Phil Libin, Brandon Volbright
  • Publication number: 20040199475
    Abstract: A micropayment system and method is presented for a payor U to establish payment to payee M for a transaction T, which typically has a very low value Tv. The micropayment scheme minimizes the bank's processing costs, while at the same time climinating the need for users and merchants to interact in order to determine whether a given micropayment should be selected for payment. In one embodiment, the micropayment scheme includes time constraints, which require that an electronic check C for the transaction T be presented to a bank B for payment within a predetermined time/date interval. In another embodiment, the micropayment scheme includes a selective deposit protocol, which guarantees that a user is never charged in excess of what he actually spends, even within a probabilistic framework. In another embodiment, the micropayment scheme includes a deferred selection protocol, which provides the bank with control and flexibility over the payment selection process.
    Type: Application
    Filed: June 1, 2004
    Publication date: October 7, 2004
    Inventors: Ronald L. Rivest, Silvio Micali
  • Patent number: 6766450
    Abstract: A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
    Type: Grant
    Filed: July 25, 2001
    Date of Patent: July 20, 2004
    Assignee: CoreStreet, Ltd.
    Inventor: Silvio Micali
  • Publication number: 20040049675
    Abstract: A system and method are disclosed for controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
    Type: Application
    Filed: April 8, 2003
    Publication date: March 11, 2004
    Inventors: Silvio Micali, David Engberg, Phil Libin, Leo Reyzin, Alex Sinelnikov