Patents by Inventor Stephen M. Matyas, Jr.

Stephen M. Matyas, Jr. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7519824
    Abstract: A method for time stamping a digital document employs a two-part time stamp receipt. The first part of the time stamp receipt includes identifying data associated with a document and a nonce. The second part of the time stamp receipt includes a time indication and the nonce. The nonce serves as a link between the first and second parts.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: April 14, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7490241
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt using the document and the current time. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority validates the time stamp receipt by comparing the time value specified in the time stamp receipt to the current time. If the time value specified in the time stamp receipt is within a predetermined time window, the time stamping authority cryptographically binds the time value and document, or the time value and some representation of the document, e.g., by signing the time stamp receipt with its private signature key.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: February 10, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7487359
    Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.
    Type: Grant
    Filed: August 29, 2007
    Date of Patent: February 3, 2009
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 7315948
    Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: January 1, 2008
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6993656
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document or other identifying data and a digital time indication. The time stamp receipt is submitted to a time stamping authority having a trusted clock. The time stamping authority optionally validates the time stamp receipt and then computes the age of the time stamp receipt. The time stamping authority creates an aged time stamp receipt by combining the identifying data and time indication contained in the submitted time stamp receipt with the computed age of the time stamp receipt. The time stamping authority cryptographically binds the time information and identifying data in the aged time stamp receipt, e.g., by signing the combination of the identifying data, time indication, and computed age with a private signature generation key.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: January 31, 2006
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6965998
    Abstract: A time-stamping protocol for time-stamping digital documents uses a time-based signature key. A document or other identifying data is sent to a time stamping authority TSA. The TSA has a time-based signature key that the TSA uses to sign time stamp receipts. The signature key is associated with a fixed time reference that is stored in a public key certificate also containing the public verification key. Upon receiving the document, the TSA creates a time stamp receipt by computing a time difference between the time reference associated with the signature key and the time the document was received. The time difference is appended to the document to create a time stamp receipt and the receipt is then signed by the TSA and transmitted to the requestor.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: November 15, 2005
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6742119
    Abstract: A method for time stamping a digital document is disclosed. The document originator creates a time stamp receipt by combining the document and a digital time indication. The time stamp receipt is submitted to a time stamping agent having a trusted clock. The time stamping agent optionally validates the time stamp receipt and then computes the age of the time stamp receipt. If valid, the time stamping agent certifies the time stamp receipt by signing the time stamp receipt with a private signature key. The private signature key is selected from a group of signature keys by the time stamping agent based on the computed age of the time stamp receipt.
    Type: Grant
    Filed: December 10, 1999
    Date of Patent: May 25, 2004
    Assignee: International Business Machines Corporation
    Inventors: Mohammad Peyravian, Allen Roginsky, Nevenko Zunic, Stephen M. Matyas, Jr.
  • Patent number: 6535607
    Abstract: A method and apparatus for ensuring that a key recovery-enabled (KR-enabled) system communicating with a non-KR-enabled system in a cryptographic communication system transmits the information necessary to permit key recovery by a key recovery entity. In a first embodiment, data is encrypted under a second key K that is generated as a one-way function of a first key K′ and a key recovery block KRB generated on the first key K′. The key recovery block KRB and the encrypted data e(K, data) are transmitted to the receiver, who cannot decrypt the data without regenerating the second key K from the first key K′ and the key recovery block KRB. In a second embodiment, data is encrypted under a second key K that is generated independently of the first key K′. A third key X, generated as a one-way function of the first key K′ and a key recovery block KRB generated on the second key K, is used to encrypt the XOR product Y of the first and second keys K′, K.
    Type: Grant
    Filed: November 2, 1998
    Date of Patent: March 18, 2003
    Assignee: International Business Machines Corporation
    Inventors: Coimbatore S. Chandersekaran, Rosario Gennaro, Sarbari Gupta, Stephen M. Matyas, Jr., David R. Safford, Nevenko Zunic
  • Patent number: 6345098
    Abstract: A method, system and apparatus are described which utilize a trusted third party, or Certification Authority (CA) in the generation of a reliable seed to be used in the generation of prime numbers used in public key cryptography. The inclusion of the trusted third party allows for an independent third party to police against first party attacks on the security of the system without increasing the overhead of the system significantly.
    Type: Grant
    Filed: July 2, 1998
    Date of Patent: February 5, 2002
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Jr., Allen Roginsky
  • Patent number: 6307938
    Abstract: A method, system and apparatus for generating primes (p and q) for use in cryptography from secret random numbers and an initialization value whereby the initial secret random numbers are encoded into the generated primes. This eliminates the need to retain the initial secret random numbers for auditing purposes. The initialization value may also be generated from information readily available, if so desired, resulting in additional entropy without the requirement of storing additional information.
    Type: Grant
    Filed: July 10, 1998
    Date of Patent: October 23, 2001
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Jr., Allen Roginsky
  • Patent number: 6301362
    Abstract: A method and apparatus for cryptographically transforming an input block into an output block. The input block has a first block size and is partitionable into a plurality of input subblocks having a second block size that is a submultiple of the first block size. To encrypt or decrypt, the input subblocks are passed through respective first substitution functions controlled by one or more keys to generate a first plurality of modified subblocks. The first plurality of modified subblocks are then passed through a mixing function to generate a second plurality of modified subblocks, each of which depends on each of the first plurality of modified subblocks. Finally, the second plurality of modified subblocks are passed through respective second substitution functions controlled by one or more keys to generate a plurality of output subblocks that are combinable into an output block.
    Type: Grant
    Filed: June 12, 1998
    Date of Patent: October 9, 2001
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Jr., Don Coppersmith, Donald B. Johnson
  • Patent number: 6243470
    Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: June 5, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6192129
    Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: February 20, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6189095
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).
    Type: Grant
    Filed: June 5, 1998
    Date of Patent: February 13, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185304
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185679
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6102287
    Abstract: An electronic payment system in which a buyer purchases a product by sending an electronic payment order to a seller is enhanced to provide product survey information. An additional entity, an evaluator, collects product survey information from buyers that have previously purchased products from the seller and provides product survey information to prospective buyers upon request. Various schemes are disclosed for allowing the evaluator to verify that a buyer providing product survey information has actually purchased the product from the seller. In one verification scheme, the buyer generates an authentication code as a one-way function of a randomly generated secret value and includes the authentication code in the payment order. When the buyer later provides survey information to the evaluator, it includes the secret value along with the survey information.
    Type: Grant
    Filed: May 15, 1998
    Date of Patent: August 15, 2000
    Assignee: International Business Machines Corporation
    Inventor: Stephen M. Matyas, Jr.
  • Patent number: 6058188
    Abstract: In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver.
    Type: Grant
    Filed: July 24, 1997
    Date of Patent: May 2, 2000
    Assignee: International Business Machines Corporation
    Inventors: Coimbatore S. Chandersekaran, Rosario Gennaro, Sarbari Gupta, Stephen M. Matyas, Jr., David R. Safford, Nevenko Zunic
  • Patent number: 5764772
    Abstract: Differential work factor cryptographic method, system, and data structure for reducing but not eliminating the work factor required by an authority to break an encrypted message encrypted with a secret encryption key. The secret key is split into at least two partial keys such that knowledge of a first of the partial keys reduces but does not eliminate the work factor required to break the encrypted message. The first partial key is encrypted using a public key of the authority. The encrypted first partial key is provided with the encrypted message to enable the authority, upon obtaining the message, to decrypt the encrypted first partial key using the authority's private key and to break the message using the first partial key. In preferred embodiments, the first partial key is encrypted with additional information which can be reconstructed by the recipient, such as a hash of the secret encryption key, a hash of the secret key concatenated with a salt, all or part of the salt, and control information.
    Type: Grant
    Filed: December 15, 1995
    Date of Patent: June 9, 1998
    Assignee: Lotus Development Coporation
    Inventors: Charles W. Kaufman, Stephen M. Matyas, Jr.
  • Patent number: 5604801
    Abstract: A data communications system is described in which messages are processed using public key cryptography with a private key unique to one or more users (150) under the control of a portable security device (120), such as a smart card, held by each user, the system comprising: a server (130) for performing public key processing using the private key. The server (130) stores, or has access to, the private key for the, or each, user in encrypted form only. The private key is encrypted with a key encrypting key and each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130). The server comprises secure means (360) to retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing using the decrypted private key, and delete the decrypted private key after use.
    Type: Grant
    Filed: February 3, 1995
    Date of Patent: February 18, 1997
    Assignee: International Business Machines Corporation
    Inventors: George M. Dolan, Christopher J. Holloway, Stephen M. Matyas, Jr.