Patents by Inventor Xavier Boyen
Xavier Boyen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9716587Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.Type: GrantFiled: August 8, 2012Date of Patent: July 25, 2017Assignee: ENTIT SOFTWARE LLCInventor: Xavier Boyen
-
Patent number: 9246926Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: July 29, 2013Date of Patent: January 26, 2016Assignee: Google Inc.Inventors: Ulfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Publication number: 20130311782Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark hits. The watermarks are inserted, into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: ApplicationFiled: July 29, 2013Publication date: November 21, 2013Applicant: Google Inc.Inventors: Ulfar ERLINGSSON, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8522034Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: August 19, 2011Date of Patent: August 27, 2013Assignee: Google Inc.Inventors: Úlfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8331560Abstract: Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.Type: GrantFiled: February 9, 2009Date of Patent: December 11, 2012Assignee: Microsoft CorporationInventors: Xavier Boyen, Zhenyu Qian, Dan Teodosiu
-
Patent number: 8320559Abstract: Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.Type: GrantFiled: August 6, 2009Date of Patent: November 27, 2012Assignee: Voltage Security, Inc.Inventors: Dan Boneh, Xavier Boyen
-
Patent number: 8254571Abstract: A halting key derivation function is provided. A setup process scrambles a user-supplied password and a random string in a loop. When the loop is halted by user input, the setup process may generate verification information and a cryptographic key. The key may be used to encrypt data. During a subsequent password verification and key recovery process, the verification information is retrieved, a user-supplied trial password obtained, and both are used together to recover the key using a loop computation. During the loop, the verification process repeatedly tests the results produced by the looping scrambling function against the verification information. In case of match, the trial password is correct and a cryptographic key matching the key produced by the setup process may be generated and used for data decryption. As long as there is no match, the loop may continue indefinitely until interrupted exogenously, such as by user input.Type: GrantFiled: December 21, 2007Date of Patent: August 28, 2012Assignee: Voltage Security, Inc.Inventor: Xavier Boyen
-
Patent number: 8156223Abstract: Binary executables are distributed in a distributed manner by equipping a server with a bootstrap program. The server provides the bootstrap program to a client computer in response to the client's request for the binary executables. The bootstrap program is designed to enable the client computer to obtain the binary executables in one or more portions from one or more peer locations that have already downloaded the said binary executables. In one embodiment, the bootstrap program also monitors the performance associated with obtaining the portions of the binary executables, and reports the performance data to a resource naming service that tracks peer locations that cache the binary executables. In one embodiment, the binary executables also includes a component that registers the client computer as a peer location that caches the binary executables, and provides the binary executables to other client computers responsive to their requests. In various embodiments, content is distributed in like manner.Type: GrantFiled: April 21, 2005Date of Patent: April 10, 2012Assignee: Microsoft CorporationInventors: Dan Teodosiu, Xavier Boyen
-
Publication number: 20120036367Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: ApplicationFiled: August 19, 2011Publication date: February 9, 2012Applicant: Google, Inc.Inventors: Ûlfar ERLINGSSON, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8108678Abstract: Systems and methods are provided for performing digital signing and encryption using identity-based techniques. A message may be signed and encrypted in a single operation and may be decrypted and verified in two separate operations. Messages may be sent anonymously and confidentially. The systems and methods support message confidentiality, signature non-repudiation, and ciphertext authentication, ciphertext unlinkability, and anonymity.Type: GrantFiled: February 9, 2004Date of Patent: January 31, 2012Assignee: Voltage Security, Inc.Inventor: Xavier Boyen
-
Patent number: 8090951Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: July 25, 2003Date of Patent: January 3, 2012Assignee: Google Inc.Inventors: Úlfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8068612Abstract: Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.Type: GrantFiled: April 21, 2008Date of Patent: November 29, 2011Assignee: Voltage Security, Inc.Inventors: Guido Appenzeller, Terence Spies, Xavier Boyen
-
Patent number: 8023646Abstract: IBE extensions to IBE schemes may be provided by creating multiple instances of the same IBE scheme, where each instance has an associated IBE master key and corresponding IBE public parameters. During encryption, an IBE extension identity for each instance of the IBE scheme may be mapped to a corresponding component identity. A message may be encrypted using the component identities to create multiple ciphertexts. The ciphertexts can be combined and sent to a recipient. The recipient can request a private key. The private key may be generated by mapping the IBE extension identity into a component identity in each instance, by extracting private keys for each of the component identities, and by combining the private keys into a single IBE extension private key.Type: GrantFiled: November 6, 2007Date of Patent: September 20, 2011Assignee: Voltage Security, Inc.Inventor: Xavier Boyen
-
Patent number: 8018929Abstract: A communication protocol service in support of TCP based communication is modified to improve the operational efficiency of a server for a particular type of client-server application. The service is modified to support connection pools and connection groups within the connection pools, to enable connections with clients to be grouped and share a common file descriptor. The service is provided with an API to allow an application server to create the connection pools, connection groups and connections. The API also include receive and send services adapted to support the connection pool and connection group architecture, and to allow explicit acknowledgement of received transmissions under control of the application server. Further, in various embodiments, the buffering architecture of the service, as well as acknowledgement of request packets by the service are also modified.Type: GrantFiled: May 25, 2005Date of Patent: September 13, 2011Assignee: Microsoft CorporationInventors: Roger L. Soles, Dan Teodosiu, Joseph C. Pistritto, Xavier Boyen
-
Patent number: 7720996Abstract: Internet Protocol (IP) address assignment information is collected from Address Allocation Tables (AATs) of a plurality of IP address assigning registrars. The information is processed and stored into one or more data structures. The information is accessed to determine a proximity measure for any two given IP addresses. In one embodiment, the proximity determination includes the determination of superblock memberships of the IP addresses, comparison of the assigning registrars, as well as the location countries of the IP addresses. In one embodiment, the proximity detection is applied to locating IP addresses of peer providers of a resource. In one embodiment, Autonomous System (AS) numbers and IP addresses for a plurality of peer providers for a plurality of resources are also collected and organized into one or more data structures; this organized information of the peer providers is also used in locating the closest peer providers of a resource in terms of network topology.Type: GrantFiled: July 18, 2001Date of Patent: May 18, 2010Assignee: Microsoft CorporationInventors: L. Roger Soles, Xavier Boyen, Dan Teodosiu
-
Publication number: 20090327731Abstract: Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.Type: ApplicationFiled: April 21, 2008Publication date: December 31, 2009Inventors: Guido Appenzeller, Terence Spies, Xavier Boyen
-
Patent number: 7624269Abstract: Secure messages may be sent between senders and recipients using symmetric message keys. The symmetric message keys may be derived from a master key using a key generator at an organization. A gateway may encrypt outgoing message using the derived keys. Senders in the organization can send messages to recipients who are customers of the organization. The recipients can authenticate to a decryption server in the organization using preestablished credentials. The recipients can be provided with copies of the derived keys for decrypting the encrypted messages. A hierarchical architecture may be used in which a super master key generator at the organization derives master keys for delegated key generators in different units of the organization. An organization may have a policy server that generates non-customer symmetric message keys. The non-customer symmetric message keys may be used to encrypt messages sent by a non-customer sender to a recipient at the organization.Type: GrantFiled: July 9, 2004Date of Patent: November 24, 2009Assignee: Voltage Security, Inc.Inventors: Guido Appenzeller, Xavier Boyen, Terence Spies
-
Patent number: 7590236Abstract: Systems and methods for supporting symmetric-bilinear-map and asymmetric-bilinear-map identity-based-encryption (IBE) key exchange and encryption schemes are provided. IBE key exchange schemes use an IBE encapsulation engine to produce a secret key and an encapsulated version of the secret key. An IBE unencapsulation engine is used to unencapsulate the encapsulated key. IBE encryption schemes use an IBE encryption engine to produce ciphertext from plaintext. An IBE decryption engine is used to decrypt the ciphertext to reveal the plaintext. The IBE unencapsulation engine and decryption engines use bilinear maps. The IBE encapsulation and encryption engines perform group multiplication operations without using bilinear maps, improving efficiency. IBE private keys for use in decryption and unencapsulation operations may be generated using a distributed key arrangement in which each IBE private key is assembled from private key shares.Type: GrantFiled: March 25, 2005Date of Patent: September 15, 2009Assignees: Voltage Security, Inc., The Board of Trustees of the Leland Stanford Junior UniversityInventors: Dan Boneh, Xavier Boyen
-
Patent number: 7584261Abstract: Binary executables are distributed in a distributed manner by equipping a server with a bootstrap program. The server provides the bootstrap program to a client computer in response to the client's request for the binary executables. The bootstrap program is designed to enable the client computer to obtain the binary executables in one or more portions from one or more peer locations that have already downloaded the said binary executables. In one embodiment, the bootstrap program also monitors the performance associated with obtaining the portions of the binary executables, and reports the performance data to a resource naming service that tracks peer locations that cache the binary executables. In one embodiment, the binary executables also includes a component that registers the client computer as a peer location that caches the binary executables, and provides the binary executables to other client computers responsive to their requests. In various embodiments, content is distributed in like manner.Type: GrantFiled: September 6, 2001Date of Patent: September 1, 2009Assignee: Microsoft CorporationInventors: Dan Teodosiu, Xavier Boyen
-
Publication number: 20090141891Abstract: Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.Type: ApplicationFiled: February 9, 2009Publication date: June 4, 2009Applicant: Microsoft CorporationInventors: Xavier Boyen, Zhenyu Qian, Dan Teodosiu