Patents by Inventor Stephen M. Matyas

Stephen M. Matyas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 6301362
    Abstract: A method and apparatus for cryptographically transforming an input block into an output block. The input block has a first block size and is partitionable into a plurality of input subblocks having a second block size that is a submultiple of the first block size. To encrypt or decrypt, the input subblocks are passed through respective first substitution functions controlled by one or more keys to generate a first plurality of modified subblocks. The first plurality of modified subblocks are then passed through a mixing function to generate a second plurality of modified subblocks, each of which depends on each of the first plurality of modified subblocks. Finally, the second plurality of modified subblocks are passed through respective second substitution functions controlled by one or more keys to generate a plurality of output subblocks that are combinable into an output block.
    Type: Grant
    Filed: June 12, 1998
    Date of Patent: October 9, 2001
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Jr., Don Coppersmith, Donald B. Johnson
  • Patent number: 6243812
    Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.
    Type: Grant
    Filed: August 23, 2000
    Date of Patent: June 5, 2001
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Sean William Smith
  • Patent number: 6243470
    Abstract: A method and apparatus for an advanced symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: June 5, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6192129
    Abstract: A method and apparatus for an advanced byte-oriented symmetric key cipher for encryption and decryption, using a block cipher algorithm. Different block sizes and key sizes are supported, and a different sub-key is used in each round. Encryption is computed using a variable number of rounds of mixing, permutation, and key-dependent substitution. Decryption uses a variable number of rounds of key-dependent inverse substitution, inverse permutation, and inverse mixing. The variable length sub-keys are data-independent, and can be precomputed.
    Type: Grant
    Filed: February 4, 1998
    Date of Patent: February 20, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6189095
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. This cipher uses multiple stages with a modified Type-3 Feistel network, and a modified Unbalanced Type-1 Feistel network in an expansion box forward function. The cipher allows the block size, key size, number of rounds of expansion, and number of stages of ciphering to vary. The modified Type-3 cipher modifies the word used as input to the expansion box in certain rounds, to speed the diffusion properties of the ciphering. The modified Type-3 and Type-1 ciphers are interleaved, and provide excellent resistance to both linear and differential attacks. The variable-length subkeys and the S-box can be precomputed. A minimal amount of computer storage is required to implement this cipher, which can be implemented equally well in hardware or software (or some combination thereof).
    Type: Grant
    Filed: June 5, 1998
    Date of Patent: February 13, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185679
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-1 and Type-3 are both used, each during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using data-dependent rotation in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6185304
    Abstract: The present invention provides a technique, system, and computer program for a symmetric key block cipher. Variable block sizes and key sizes are supported, as well as a variable number of rounds. The cipher uses multiple stages of processing, where the stages have different structures and different subround functions, to provide excellent resistance to both linear and differential attacks. Feistel Type-3 networks are used, with different networks during different stages. The number of rounds may vary among stages. Subkeys are used in some, but not all, stages. The variable-length keys can be precomputed. A novel manner of using multiplication in a cipher is defined.
    Type: Grant
    Filed: February 23, 1998
    Date of Patent: February 6, 2001
    Assignee: International Business Machines Corporation
    Inventors: Don Coppersmith, Rosario Gennaro, Shai Halevi, Charanjit S. Jutla, Stephen M. Matyas, Jr., Luke James O'Connor, Mohammed Peyravian, David Robert Safford, Nevenko Zunic
  • Patent number: 6161180
    Abstract: Authentication is provided for secure devices with limited cryptography, particularly for devices which do not have the capability to do public-key cryptography and generate random numbers. An initialization process is disclosed for limited-power Devices which are unable to perform public-key cryptography and generate random-numbers, as well as for full-power Devices which have the capability to do public-key cryptography and generate random numbers. A Challenge-Response procedure is also disclosed for ensuring the secure state of a device.
    Type: Grant
    Filed: August 29, 1997
    Date of Patent: December 12, 2000
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Sean William Smith
  • Patent number: 6102287
    Abstract: An electronic payment system in which a buyer purchases a product by sending an electronic payment order to a seller is enhanced to provide product survey information. An additional entity, an evaluator, collects product survey information from buyers that have previously purchased products from the seller and provides product survey information to prospective buyers upon request. Various schemes are disclosed for allowing the evaluator to verify that a buyer providing product survey information has actually purchased the product from the seller. In one verification scheme, the buyer generates an authentication code as a one-way function of a randomly generated secret value and includes the authentication code in the payment order. When the buyer later provides survey information to the evaluator, it includes the secret value along with the survey information.
    Type: Grant
    Filed: May 15, 1998
    Date of Patent: August 15, 2000
    Assignee: International Business Machines Corporation
    Inventor: Stephen M. Matyas, Jr.
  • Patent number: 6058188
    Abstract: In a cryptographic communications system, a method and apparatus for allowing a sender of encrypted data to demonstrate to a receiver its ability to correctly generate key recovery information that is transmitted along with the encrypted data and from which law enforcement agents or others may recover the original encryption key. Initially, the sender generates a key pair comprising a private signature key and a corresponding public verification key and sends the latter to a key recovery validation service (KRVS). Upon a satisfactory demonstration by the sender of its ability to correctly generate key recovery information, the KRVS generates a certificate certifying the public verification key and the ability of the sender to correctly generate key recovery information. The sender uses its private signature key to generate a digital signature on the key recovery information, which is sent along with the key recovery information and encrypted data to the receiver.
    Type: Grant
    Filed: July 24, 1997
    Date of Patent: May 2, 2000
    Assignee: International Business Machines Corporation
    Inventors: Coimbatore S. Chandersekaran, Rosario Gennaro, Sarbari Gupta, Stephen M. Matyas, Jr., David R. Safford, Nevenko Zunic
  • Patent number: 5764772
    Abstract: Differential work factor cryptographic method, system, and data structure for reducing but not eliminating the work factor required by an authority to break an encrypted message encrypted with a secret encryption key. The secret key is split into at least two partial keys such that knowledge of a first of the partial keys reduces but does not eliminate the work factor required to break the encrypted message. The first partial key is encrypted using a public key of the authority. The encrypted first partial key is provided with the encrypted message to enable the authority, upon obtaining the message, to decrypt the encrypted first partial key using the authority's private key and to break the message using the first partial key. In preferred embodiments, the first partial key is encrypted with additional information which can be reconstructed by the recipient, such as a hash of the secret encryption key, a hash of the secret key concatenated with a salt, all or part of the salt, and control information.
    Type: Grant
    Filed: December 15, 1995
    Date of Patent: June 9, 1998
    Assignee: Lotus Development Coporation
    Inventors: Charles W. Kaufman, Stephen M. Matyas, Jr.
  • Patent number: 5642421
    Abstract: The security provided by encryption of ATM cells is enhanced by testing each cell for low data content level. If a cell has a low data content, its contents are nevertheless compressed and the resulting string is used to replace the original data. A length character and a randomly generated number which are added to the freed-up byte positions in the data field of the cell. The entire, modified data field is encrypted before the cell is transmitted. At a receiving system, a compression indicator is checked to determine whether the cell contains original or compressed data. If necessary, the length field and the random number are stripped and the remaining cell data is decompressed before the cell data is decrypted.
    Type: Grant
    Filed: September 15, 1995
    Date of Patent: June 24, 1997
    Assignee: International Business Machines Corporation
    Inventors: James P. Gray, Stephen M. Matyas, Mohammad Peyravian, Gene Tsudik
  • Patent number: 5604801
    Abstract: A data communications system is described in which messages are processed using public key cryptography with a private key unique to one or more users (150) under the control of a portable security device (120), such as a smart card, held by each user, the system comprising: a server (130) for performing public key processing using the private key. The server (130) stores, or has access to, the private key for the, or each, user in encrypted form only. The private key is encrypted with a key encrypting key and each security device (120) comprises means for storing or generating the key encrypting key and providing the key encrypting key to the server (130). The server comprises secure means (360) to retrieve the encrypted private key for the user, decrypt the private key using the key encrypting key, perform the public key processing using the decrypted private key, and delete the decrypted private key after use.
    Type: Grant
    Filed: February 3, 1995
    Date of Patent: February 18, 1997
    Assignee: International Business Machines Corporation
    Inventors: George M. Dolan, Christopher J. Holloway, Stephen M. Matyas, Jr.
  • Patent number: 5592553
    Abstract: A system for authenticating a user located at a requesting node to a resource such as a host application located at an authenticating node using one-time passwords that change pseudorandomly with each request for authentication. At the requesting node a non-time-dependent value is generated from nonsecret information identifying the user and the host application, using a secret encryption key shared with the authenticating node. The non-time-dependent value is combined with a time-dependent value to generate a composite value that is encrypted to produce an authentication parameter. The authentication parameter is reversibly transformed into an alphanumeric character string that is transmitted as a one-time password to the authenticating node. At the authenticating node the received password is transformed back into the corresponding authentication parameter, which is decrypted to regenerate the composite value.
    Type: Grant
    Filed: February 8, 1996
    Date of Patent: January 7, 1997
    Assignee: International Business Machines Corporation
    Inventors: Richard H. Guski, Raymond C. Larson, Stephen M. Matyas, Jr., Donald B. Johnson, Don Coppersmith
  • Patent number: 5432849
    Abstract: The invention described herein suggests methods of cryptographic key management based on control vectors in which the control vectors are generated or derived internal to a cryptographic facility implementing a set of cryptographic operations. The methods of alternate control vector enforcement described in the present application provide a high-integrity facility to ensure that cryptographic keys are used in a manner consistent with the type and usage attributes assigned to the keys by the originator of those keys. Since the control vectors are generated or derived internal to the cryptographic facility on the basis of data contained in each cryptographic service request to the cryptographic facility, control vectors need not be stored or managed outside the cryptographic facility.
    Type: Grant
    Filed: August 10, 1993
    Date of Patent: July 11, 1995
    Assignee: International Business Machines Corporation
    Inventors: Donald B. Johnson, An V. Le, Stephen M. Matyas, Rostislaw Prymak, John D. Wilkins
  • Patent number: 5414833
    Abstract: A system and method provide a security agent, consisting of a monitor and a responder, that respond to a detected security event in a data communications network, by producing and transmitting a security alert message to a network security manager. The alert is a security administration action which includes setting a flag in an existing transmitted protocol frame to indicate a security event has occurred. The security agent detects the transmission of infected programs and data across a high-speed communications network. The security agent includes an adaptive, active monitor using finite state machines, that can be dynamically reprogrammed in the event it becomes necessary to dynamically reconfigure it to provide real time detection of the presence of a suspected offending virus.
    Type: Grant
    Filed: October 27, 1993
    Date of Patent: May 9, 1995
    Assignee: International Business Machines Corporation
    Inventors: Paul C. Hershey, Donald B. Johnson, An V. Le, Stephen M. Matyas, John G. Waclawsky, John D. Wilkins
  • Patent number: 5323464
    Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.
    Type: Grant
    Filed: October 16, 1992
    Date of Patent: June 21, 1994
    Assignee: International Business Machines Corporation
    Inventors: Robert C. Elander, Christopher J. Holloway, Donald B. Johnson, Michael J. Kelly, An V. Le, Paul G. Lubold, Stephen M. Matyas, James D. Randall
  • Patent number: 5319705
    Abstract: A method and system are disclosed for securely distributing a plurality of software files from a software distribution processor to a user processor, while selectively enabling the user processor to only use a subset of a lesser plurality of the software files. This is achieved by employing a customer key which includes a clear customer number and a derived portion derived from the customer number. The customer key is transformed into a second customer key which serves as a key expression for encrypting a file encryption key specifically intended for a respective one of the plurality of files. A plurality of software files can be stored together, for example on a CD-ROM, with each file encrypted under a corresponding file encryption key. The CD-ROM can be distributed to many user processors. When a specific user processor needs to run one of the software files, a request will be transmitted from the user processor to the software distribution processor.
    Type: Grant
    Filed: October 21, 1992
    Date of Patent: June 7, 1994
    Assignee: International Business Machines Corporation
    Inventors: Bernard J. Halter, Alphonse M. Bracco, Donald B. Johnson, An V. Le, Stephen M. Matyas, Rostislaw Prymak, deceased, James D. Randall, John D. Wilkins
  • Patent number: 5301231
    Abstract: In a cryptographic module, a User Defined Function (UDF) facility is provided which provides users with the capability of defining and creating custom functions to meet their cryptographic processing needs. The cryptographic module is contained within a physically and logically secure environment and comprises a processing unit and memory connected to the processing unit. The memory includes code for translating User Defined Functions (UDFs) into a machine-readable form and at least one command for operating on the UDFs. The UDFs are loaded into and executed in the secure area of the cryptographic module without compromising the total security of the transaction security system.
    Type: Grant
    Filed: February 12, 1992
    Date of Patent: April 5, 1994
    Assignee: International Business Machines Corporation
    Inventors: Dennis G. Abraham, Daniela Henningsmeyer, John M. Hudson, Donald B. Johnson, An V. Le, Stephen M. Matyas, James V. Stevens
  • Patent number: 5265164
    Abstract: A computer apparatus, program and method function in a data processing system to replicate a cryptographic facility. The system includes a first cryptographic facility containing a portable part which personalizes the first cryptographic facility. The system also includes a second cryptographic facility which is linked to the first cryptographic facility by a public key cryptographic system. The portable part of the first cryptographic facility is encrypted and transferred to the second cryptographic facility, where it is decrypted and used to personalize the second cryptographic facility to enable replication of the first cryptographic facility. In one application, personalization of the second cryptographic facility can be in response to the detection of a failure in the first cryptographic facility. In another application, multiple cryptographic facilities can be brought on-line for parallel operation in the data processing system.
    Type: Grant
    Filed: October 31, 1991
    Date of Patent: November 23, 1993
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Donald B. Johnson, An V. Le, Rostislaw Prymak, William C. Martin, William S. Rohland, John D. Wilkins