Cryptanalysis Patents (Class 380/1)
  • Patent number: 10054973
    Abstract: A method for smoothing current consumed by an electronic device is based on a series of current copying operations and on a current source delivering a reference current. The reference current is delivered in such a manner that current consumed as seen from the power supply depends on the reference current.
    Type: Grant
    Filed: March 23, 2017
    Date of Patent: August 21, 2018
    Assignee: STMicroelectronics (Rousset) SAS
    Inventors: Nicolas Demange, Jimmy Fort, Thierry Soude
  • Patent number: 10015015
    Abstract: The techniques presented herein provide for verifying the integrity of an encryption key log file generated on a data storage system. Encryption key activity events associated with a storage system's back-end storage drives are identified. A unique signature is generated for each encryption key activity event. Each encryption key activity event and its corresponding signature are stored in an audit log file. An audit log hash file is generated using the contents of the audit log file. At an external location, the audit log file and the audit log hash file are retrieved from the storage system. The integrity of the retrieved audit log file is verified by generating a local audit log hash file and comparing the local audit log hash file to the retrieved audit log hash file and determining if the local audit log hash file matches the retrieved audit log hash file.
    Type: Grant
    Filed: September 30, 2014
    Date of Patent: July 3, 2018
    Inventors: Gregory W. Lazar, Peter Puhov, Millard C. Taylor, III, Naizhong Chiu
  • Patent number: 10003587
    Abstract: An authority transfer system includes a determination unit configured to determine whether a domain of a service and a domain of an endpoint for allowing a client to acquire authority information are a same domain. An issue unit issues the authority information indicating that an authority of a user with respect to the service is transferred to the client without receiving an instruction to permit a transfer of the authority of the user with respect to the service to the client, if the two domains are determined to be the same domain by the determination unit.
    Type: Grant
    Filed: May 27, 2015
    Date of Patent: June 19, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Makoto Kobayashi
  • Patent number: 9998471
    Abstract: A security software comprises administrative module for configuring access levels and creating types of accounts and application server for domain filtering by checking against friendly and unfriendly inbound, outbound and exception lists. Hard filtering either approves, terminates requests or re-routes request without the user's knowledge. Soft filtering passes disapproved requests and sends an e-mail alert to authorized recipients. Content filtering includes checking a content of a requested document against a friendly, unfriendly list and exception list. Hard filtering passes or rejects the requested document. Soft filtering passes the requested document or rejects or approves by highlighting its content. Options include e-mail filtering that checks subject, sender's address and domain against an unfriendly, friendly and exception list.
    Type: Grant
    Filed: December 29, 2014
    Date of Patent: June 12, 2018
    Inventor: Kirsten Aldrich
  • Patent number: 9973926
    Abstract: One embodiment of the invention is directed to a method comprising receiving a plurality of data packets including encoded data. The method further comprises determining a plurality of time delays between the plurality of data packets, and translating the plurality of time delays to obtain a decoding key for decoding the encoded data in the data packets. The decoding key may be used to decode the encoded data to obtain the data.
    Type: Grant
    Filed: February 3, 2016
    Date of Patent: May 15, 2018
    Assignee: Visa International Service Association
    Inventors: Cesar Otero, Patrick Faith
  • Patent number: 9972307
    Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable media for dialog modeling. The method includes receiving spoken dialogs annotated to indicate dialog acts and task/subtask information, parsing the spoken dialogs with a hierarchical, parse-based dialog model which operates incrementally from left to right and which only analyzes a preceding dialog context to generate parsed spoken dialogs, and constructing a functional task structure of the parsed spoken dialogs. The method can further either interpret user utterances with the functional task structure of the parsed spoken dialogs or plan system responses to user utterances with the functional task structure of the parsed spoken dialogs. The parse-based dialog model can be a shift-reduce model, a start-complete model, or a connection path model.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: May 15, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Amanda Stent, Srinivas Bangalore
  • Patent number: 9953095
    Abstract: Systems and methods for enabling delivery of deidentified production data are described. The production data can include a set of alias records, which include deidentified data, and can be generated from corresponding real records of actual users. Enabling delivery of deidentified production data can include fulfilling production data requests via a production data feed, a bulk request, or other suitable delivery technique.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: April 24, 2018
    Assignee: HCA Holdings, Inc.
    Inventors: Alan Scott, Ryan Staggs, Kevin Ronald Linkous, Jack Hitchinson Blalock, Mason Adam Blalock
  • Patent number: 9894040
    Abstract: Embodiments are directed to securing data in the cloud, securely encrypting data that is to be stored in the cloud and to securely decrypting data accessed from the cloud. In one scenario, an instantiated trust service receives information indicating that a trust server is to be instantiated. The trust service instantiates the trust server, which is configured to store key references and encrypted keys. The trust service receives the public key portion of a digital certificate for each publisher and subscriber that is to have access to various specified portions of encrypted data. A data access policy is then defined that specifies which encrypted data portions can be accessed by which subscribers.
    Type: Grant
    Filed: September 11, 2012
    Date of Patent: February 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Irina Gorbach, Venkatesh Krishnan, Andrey Shur, Dmitry Denisov, Lars Kuhtz, Sumalatha Adabala, Roy Peter D'Souza, Michael Entin, Michael Ray Clark, Gitika Aggarwal Saubhasik
  • Patent number: 9865071
    Abstract: Methods and systems for rendering text to simulate human penmanship are described. A text rendering engine converts a text string into an image that can be displayed using one or more seed numbers to influence the rendering and appearance of the text. The text rendering engine may render variations of each character of the text string using the seed numbers to select from a set of single-character or multi-character glyphs, or to modify a size, weight, slope, or Bezier curve point of the character.
    Type: Grant
    Filed: November 23, 2015
    Date of Patent: January 9, 2018
    Assignee: Amazon Technologies, Inc.
    Inventors: Michael Patrick Bacus, Shawn C. Deyell, Hong Chen
  • Patent number: 9838384
    Abstract: Techniques for marking or flagging an account as potentially being compromised may be provided. Information about the popularity of passwords associated with a plurality of accounts may be maintained. In an example, an account may be marked as potentially being compromised based at least in part on the information about the popularity of passwords and a password included in a request to change the password associated with the account. A notification indicating that an account has been marked as potentially compromised may be generated.
    Type: Grant
    Filed: December 15, 2014
    Date of Patent: December 5, 2017
    Assignee: Amazon Technologies, Inc.
    Inventors: David James Kane-Parry, Darren Ernest Canavor, Jesper Mikael Johansson
  • Patent number: 9824682
    Abstract: A method, apparatus and machine-readable medium are provided. A phonotactic grammar is utilized to perform speech recognition on received speech and to generate a phoneme lattice. A document shortlist is generated based on using the phoneme lattice to query an index. A grammar is generated from the document shortlist. Data for each of at least one input field is identified based on the received speech and the generated grammar.
    Type: Grant
    Filed: October 19, 2015
    Date of Patent: November 21, 2017
    Assignee: Nuance Communications, Inc.
    Inventors: Cyril Georges Luc Allauzen, Sarangarajan Parthasarathy
  • Patent number: 9641641
    Abstract: Aspects of the subject technology relate to systems and methods for providing temporally adjusted identifiers. A first identifier is received. A second identifier is determined based on time parameters and the first identifier. The time parameters include at least a period, where the period is a minimum duration of time prior to providing a computing device with a new identifier. The second identifier is provided for transmission to at least one computing device.
    Type: Grant
    Filed: April 21, 2014
    Date of Patent: May 2, 2017
    Assignee: Google Inc.
    Inventors: Darren David Krahn, Balázs Csaba Engedy, Chiahsing Yu
  • Patent number: 9621891
    Abstract: An image data transmitting apparatus is disclosed, the apparatus being configured to receive a right image and a left image and transmit the received right image and left image to a host system using a USB method, such that a depth image and a color image can be compressed in real time by a standard protocol, the compressed depth image and the color image are respectively converted to USB packet data, and the converted depth image and the color image are transmitted to a host system.
    Type: Grant
    Filed: September 26, 2012
    Date of Patent: April 11, 2017
    Assignee: LG INNOTEK CO., LTD.
    Inventor: Ji Hyun Yun
  • Patent number: 9565017
    Abstract: A method and device for protecting elliptic curve cryptography against simple power attacks is disclosed. The method is based on a processor such as a computer equipped to encrypt and decrypt communications and selecting and entering a point P on an elliptic curve in the computer. The processor provides k copies of the point P (kP). The processor is used to divide a string of Ks into two equal length partitions that are scanned from right to left and performing point doubling operation and delay the point addition operation by storing the some doubled points in a buffer for later performing of addition operation.
    Type: Grant
    Filed: November 10, 2014
    Date of Patent: February 7, 2017
    Assignee: Umm Al-Qura University
    Inventors: Hilal Houssain, Turki F. Al-Somani
  • Patent number: 9563768
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to manage password security. An example apparatus includes an alarm action engine to invoke a provisional transmission block in response to detecting entry of a candidate password, a password linkage monitor to retrieve a list of password hash values associated with previously used passwords, and to compare the list of password hash values to a hash of the candidate password, the alarm action engine to invoke a permanent block of the candidate password when a match condition occurs between the hash of the candidate password and a hash of one of the list of password hash values.
    Type: Grant
    Filed: November 25, 2013
    Date of Patent: February 7, 2017
    Assignee: Intel Corporation
    Inventors: Hong Li, Tobias M. Kohlenberg, Lawrence Hurst
  • Patent number: 9544130
    Abstract: A method for protecting a ciphering algorithm executing looped operations on bits of a first quantity and on a first variable initialized by a second quantity, wherein, for each bit of the first quantity, a random number is added to the state of this bit to update a second variable maintained between two thresholds.
    Type: Grant
    Filed: August 27, 2014
    Date of Patent: January 10, 2017
    Assignee: STMicroelectronics (Rousset) SAS
    Inventor: Yannick Teglia
  • Patent number: 9544328
    Abstract: Mitigation for combating malicious codes is delivered to particular endpoint computers. A first malicious code pattern is received in a first computer over a computer network. The first computer is scanned using the first malicious code pattern, with the result of the scanning forwarded to a second computer. The first computer is identified as having a file scanned using the first malicious code pattern. In response, the first computer is provided a second malicious code pattern. The first computer is scanned for malicious codes using the second malicious code pattern.
    Type: Grant
    Filed: March 24, 2016
    Date of Patent: January 10, 2017
    Assignee: Trend Micro Incorporated
    Inventors: Peter Shaohong Wei, Viswa Soubramanien, Wei Yan
  • Patent number: 9479526
    Abstract: A security appliance includes a vulnerable testbed that simulates at least one known vulnerability, and a secure testbed that simulates not having that vulnerability. A testbed monitor monitors run-time behavior of the vulnerable testbed and the secure testbed, obtaining at least one run-time behavior parameter. A comparative evaluator module compares the run-time behavior parameters with respect to the received client request to determine if it is legitimate or illegitimate. The security appliance outputs its determination with a message and/or by forwarding client requests deemed legitimate and dropping client requests deemed illegitimate. The determination can be based, on differences in the run-time behavior parameters. Illegitimate requests can be cached for later matching. The requests can be database data requests, XML formatted requests, operating system requests and/or other types of requests that would be differentially handled by a vulnerable server and a secure server.
    Type: Grant
    Filed: November 13, 2014
    Date of Patent: October 25, 2016
    Assignee: SHAPE SECURITY, INC.
    Inventor: Siying Yang
  • Patent number: 9336092
    Abstract: Data chunks encrypted using an encryption key are backed up to a server. Each chunk is associated with plain and encryption signatures. The plain signature is based on an unencrypted version of a chunk. The encryption signature is based on an encrypted version of the chunk. A new data chunk is identified and a new plain signature for the new chunk is calculated. A request is made for a current key and the new chunk is encrypted using the current key to obtain a new encryption signature. The new encryption and plain signatures are sent to the server for comparison against the existing encryption and plain signatures. If the new encryption signature does not match an encryption signature of an existing chunk and the new plain signature matches a plain signature of the existing chunk, the new chunk is transmitted to the server to replace the existing chunk.
    Type: Grant
    Filed: January 1, 2015
    Date of Patent: May 10, 2016
    Assignee: EMC Corporation
    Inventor: Junxu Li
  • Patent number: 9300475
    Abstract: e and n are public information and d is private information. An electronic signature is generated based on a calculated value of e×d mod n. A signature generation apparatus includes a random number generation unit, a first calculation unit, a second calculation unit, and a signature generation unit. The random number generation unit generates a random number r. The first calculation unit calculates s1=r×n. The second calculation unit calculates s2=s1+e. The signature generation unit calculates s3=s2×d mod n and outputs s3 as the calculated value of e×d mod n. The signature generation apparatus can thereby generate the above electronic signature securely against differential power attacks.
    Type: Grant
    Filed: December 24, 2010
    Date of Patent: March 29, 2016
    Assignee: Mitsubishi Electric Corporation
    Inventors: Yusuke Naito, Yasuyuki Sakai
  • Patent number: 9230122
    Abstract: A processor comprising: an instruction processing pipeline, configured to receive a sequence of instructions for execution, said sequence comprising at least one instruction including a flow control instruction which terminates the sequence; a hash generator, configured to generate a hash associated with execution of the sequence of instructions; a memory configured to securely receive a reference signature corresponding to a hash of a verified corresponding sequence of instructions; verification logic configured to determine a correspondence between the hash and the reference signature; and authorization logic configured to selectively produce a signal, in dependence on a degree of correspondence of the hash with the reference signature.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: January 5, 2016
    Assignee: The Research Foundation for The State University of New York
    Inventor: Kanad Ghose
  • Patent number: 9223967
    Abstract: A pipelined processor comprising a cache memory system, fetching instructions for execution from a portion of said cache memory system, an instruction commencing processing before a digital signature of the cache line that contained the instruction is verified against a reference signature of the cache line, the verification being done at the point of decoding, dispatching, or committing execution of the instruction, the reference signature being stored in an encrypted form in the processor's memory, and the key for decrypting the said reference signature being stored in a secure storage location. The instruction processing proceeds when the two signatures exactly match and, where further instruction processing is suspended or processing modified on a mismatch of the two said signatures.
    Type: Grant
    Filed: July 14, 2014
    Date of Patent: December 29, 2015
    Assignee: The Research Foundation for The State University of New York
    Inventor: Kanad Ghose
  • Patent number: 9160763
    Abstract: A endpoint load rebalancing controller, method of controlling endpoint activity to suppress side channel variation and computer program product for controlling endpoint activity for suppressing side channel variation in information from utility company users, e.g., from power company endpoints. The load rebalancing controller monitors period to period endpoint service usage and predicts next period endpoint service usage. Whenever the controller maintains determines that the endpoint usage will exhibit a change that may be sufficient to convey activity information in side channel activity, the controller rebalances activity for the next period. Rebalancing may include shifting off-line execution from one period to another and capping or increasing on-line execution activity.
    Type: Grant
    Filed: October 23, 2013
    Date of Patent: October 13, 2015
    Assignee: International Business Machines Corporation
    Inventors: John M. Cohn, Eren Kursun, Maharaj Mukherjee, Anna Topol
  • Patent number: 9008311
    Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: April 14, 2015
    Assignee: Ben-Gurion University of the Negev Research and Development Authority
    Inventors: Shlomi Dolev, Ephraim Korach, Galit Uzan
  • Patent number: 8879724
    Abstract: Information leaked from smart cards and other tamper resistant cryptographic devices can be statistically analyzed to determine keys or other secret data. A data collection and analysis system is configured with an analog-to-digital converter connected to measure the device's consumption of electrical power, or some other property of the target device, that varies during the device's processing. As the target device performs cryptographic operations, data from the A/D converter are recorded for each cryptographic operation. The stored data are then processed using statistical analysis, yielding the entire key, or partial information about the key that can be used to accelerate a brute force search or other attack.
    Type: Grant
    Filed: December 14, 2009
    Date of Patent: November 4, 2014
    Assignee: Rambus Inc.
    Inventors: Paul C. Kocher, Joshua M. Jaffe, Benjamin C. Jun
  • Patent number: 8862896
    Abstract: In the data security field, a data protection process embodied in a computer system or computing device or equivalent and which securely descrambles protected (scrambled) data. The process descrambles the data using a dynamic process employing a set of multi-level trees of deterministic functions to generate a descrambling mask value and recover the descrambled message.
    Type: Grant
    Filed: December 6, 2010
    Date of Patent: October 14, 2014
    Assignee: Apple Inc.
    Inventors: Gelareh Taban, Filip Paun, Benoit Chevallier-Mames, Augustin J. Farrugia, Mathieu Ciet
  • Patent number: 8848903
    Abstract: A side channel attack resistance evaluation apparatus includes: a measurement section that measures side channel information leaking from an encryption device to be evaluated; a noise removal section that removes noise from the measured side channel information using a band-pass filter (BPF); a passband determination section that determines the passband of the band-pass filter; and a DSCA (Differential Side-Channel Analysis) evaluation section that evaluates resistance against the differential side channel analysis. The passband determination section preferably has a DFT processing section and a power spectrum analysis section, or has a DFT processing and a DFA processing section.
    Type: Grant
    Filed: February 4, 2009
    Date of Patent: September 30, 2014
    Assignee: NEC Corporation
    Inventors: Toru Hisakado, Noritaka Yamashita
  • Patent number: 8843762
    Abstract: Disclosed embodiments include a cryptographic system implemented in at least one digital computer with one or more processors or hardware such as FPGAs for performing iterative secure computations, analysis, and signal processing directly on encrypted data in untrusted environments. According to a basic embodiment, the proposed cryptographic system comprises: (a) at least one secure protocol for performing matrix multiplications in the encrypted domain, and (b) at least one secure iterative protocol for solving systems of linear equations in the encrypted domain. According to a particular embodiment the system comprises a plurality of privacy-preserving protocols for solving systems of linear equations (SLE) directly based on homomorphic computation and secret sharing. More specifically, according to a particular embodiment the system uses a protocol whereby systems of linear equations are solved securely and iteratively without imposing any restrictions on the matrix coefficients.
    Type: Grant
    Filed: September 6, 2010
    Date of Patent: September 23, 2014
    Assignee: Gradiant, Centro Tecnolóxico de Telecomunicacións de Galicia
    Inventors: Juan Ramón Troncoso Pastoriza, Pedro Comesaña Alfaro, Fernando Pérez González
  • Patent number: 8826000
    Abstract: In a node (110) communicating with other nodes in a network (150), a system and method for performing cryptographic-related functions is provided. The node (110) receives and transmits inputs and outputs requiring cryptographic-related processing. When cryptographic processing is required, the node (110) transmits a predefined message to a cryptographic processing component in the node (110) that then performs the desired cryptographic-related processing.
    Type: Grant
    Filed: January 22, 2009
    Date of Patent: September 2, 2014
    Assignee: Verizon Laboratories Inc.
    Inventors: Stuart J. Jacobs, Francis Leo Mannix, Jr., Thomas William Christoffel, Scott Andrew Belgard
  • Patent number: 8813243
    Abstract: Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.
    Type: Grant
    Filed: February 2, 2007
    Date of Patent: August 19, 2014
    Assignee: Red Hat, Inc.
    Inventor: Steven William Parkinson
  • Patent number: 8804949
    Abstract: A method for protecting data against power analysis attacks includes at least a first phase of executing a cryptographic operation for ciphering data in corresponding enciphered data through a secret key. The method includes at least a second phase of executing an additional cryptographic operation for ciphering additional data in corresponding enciphered additional data. An execution of the first and second phases is undistinguishable by the data power analysis attacks. Secret parameters are randomly generated and processed by the at least one second phase. The secret parameters include an additional secret key ERK for ciphering the additional data in the corresponding enciphered additional data.
    Type: Grant
    Filed: June 29, 2007
    Date of Patent: August 12, 2014
    Assignee: STMicroelectronics International N.V.
    Inventors: Giovanni Fontana, Saverio Donatiello, Giovanni Di Sirio
  • Patent number: 8775813
    Abstract: In a method of generating a digital signature of a message m, a signature component s of the digital signature is calculated by first masking the long-term private key d using a single additive operation to combine the key d with a first value. The masked value is then multiplied by a second value to obtain component s. The first value is calculated using the message m and another component of the digital signature, and the second value is derived using the inverse of a component of the first value. In this way, the signature component s is generated using a method that counters the effectiveness of side channel attacks, such as differential side channel analysis, by avoiding a direct multiplication using long-term private key d.
    Type: Grant
    Filed: February 26, 2010
    Date of Patent: July 8, 2014
    Assignee: Certicom Corp.
    Inventor: Daniel Richard L. Brown
  • Patent number: 8675866
    Abstract: In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against an attack by a protection process which obscures the round keys using the properties of group field automorphisms and applying masks to the states of the cipher, for encryption or decryption. This is especially advantageous in a “White Box” environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during its execution. This method and the associated computing apparatus are useful for protection against known attacks on “White Box” ciphers, by eliminating S-box operations, together with improved masking techniques and increasing the cipher's complexity against reverse engineering and key storage attacks.
    Type: Grant
    Filed: July 7, 2011
    Date of Patent: March 18, 2014
    Assignee: Apple Inc.
    Inventors: Augustin J. Farrugia, Benoit Chevallier-Mames, Bruno Kindarji, Mathieu Ciet, Thomas Icart
  • Patent number: 8675863
    Abstract: Modern cellular wireless communications providers strive to keep their network and subscribers secure through various means. The identity of the subscriber may be obfuscated through the use of a temporary identifier for most network transactions including signaling events, voice calls, SMS messages and data sessions. A subscriber's unique identity may only be transmitted over the air in an encrypted form. Similarly, the content of voice calls, SMS messages and data sessions may also be encrypted when transmitted over the air and even when transferred over internal network interfaces. However, the use of encryption presents significant challenges for law enforcement communities when court ordered lawful intercept is required to monitor and locate subscribers utilizing the wireless networks for illegal and/or terrorist purposes. A technique to aid in the determination of a subscriber's unique wireless identity and the decryption of encrypted signals would be very useful for lawful intercept.
    Type: Grant
    Filed: December 22, 2009
    Date of Patent: March 18, 2014
    Assignee: TruePosition, Inc.
    Inventor: Robert J. Anderson
  • Patent number: 8670557
    Abstract: Systems and/or methods that facilitate secure electronic communication of data are presented. A cryptographic component facilitates securing data associated with messages in accordance with a cryptographic protocol. The cryptographic component includes a randomized exponentiation component that facilitates decryption of data and generation of digital signatures by exponentiating exponents associated with messages. An exponent is divided into more than one subexponent at an exponent bit that corresponds to a random number. Exponentiation of the first subexponent can be performed based on a left-to-right-type of exponentiation algorithm, and exponentiation of the second subexponent can be performed based on a right-to-left square-and-multiply-type of exponentiation algorithm. The final value is based on the exponentiations of the subexponents and can be decrypted data or a digital signature, which can be provided as an output.
    Type: Grant
    Filed: September 10, 2007
    Date of Patent: March 11, 2014
    Assignee: Spansion LLC
    Inventors: Elena Trichina, Helena Handschuh, Arnaud Boscher
  • Patent number: 8667294
    Abstract: An apparatus and method for preventing falsification of a client screen is provided, in which a web server dynamically generates URIs and provides them to clients, thus preventing the falsification of client screens due to a web injection attack or a memory hacking attack. The apparatus includes a random web generation unit for converting an identical web page into random URIs that are randomly generated, at a request of a plurality of clients, generating different random web sources, and providing the different random web sources to the respective clients. A web falsification determination unit compares display web source eigenvalues respectively generated by the clients with respect to any one of the random web sources with a generative web source eigenvalue for the one of the random web sources, thus determining whether screens corresponding to the random web sources displayed on the respective clients have been falsified.
    Type: Grant
    Filed: November 23, 2011
    Date of Patent: March 4, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Byung-Joon Kim, Jung-Hwan Moon, Hyoung-Chun Kim, Sang-Woo Park, E-Joong Yoon
  • Patent number: 8625777
    Abstract: Provided are a pairing computation device, a pairing computation method, and a pairing computation program all of which enable fast pairing computation.
    Type: Grant
    Filed: August 28, 2009
    Date of Patent: January 7, 2014
    Assignee: National University Corporation Okayama University
    Inventors: Yasuyuki Nogami, Masataka Akane, Yumi Sakemi, Yoshitaka Morikawa
  • Patent number: 8612761
    Abstract: Perfected cryptographic protocol making it possible to counter attacks based on the analysis of the current consumption during the execution of a DES or similar. According to the invention, a message (M) is processed by two entities (A and B) and the entity (B) subject to attack executes a chain of operations known as DES in which it is chosen to carry out a given operation (O1, O2, O3 . . . On) or the same operation complemented (?1, ?2, ?3 . . . ?n), the choice being random.
    Type: Grant
    Filed: January 30, 2001
    Date of Patent: December 17, 2013
    Assignee: Oberthur Card Systems SA
    Inventors: Mehdi-Laurent Akkar, Paul Dischamp
  • Patent number: 8595143
    Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: November 26, 2013
    Assignee: International Business Machines Corporation
    Inventor: Jan Camenisch
  • Patent number: 8595142
    Abstract: A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.
    Type: Grant
    Filed: July 31, 2012
    Date of Patent: November 26, 2013
    Assignee: International Business Machines Corporation
    Inventor: Jan Camenisch
  • Patent number: 8577040
    Abstract: A data communication system and method in which a need to store a frame count value in a non-volatile memory and update the frame count value is obviated, and in which the effect resulting when a frame with its frame count value altered to a value close to a full count value is transmitted is reduced. When a valid frame count value is not held, an inquiry is made for a frame count value. The frame count value is notified from the receiving end, and the frame count value is acquired. An encryption key is generated on the basis of the frame count value. Data is encrypted with the encryption key. Data in a frame structure is transmitted. When the frame transmission ends, the frame count value is incremented.
    Type: Grant
    Filed: April 23, 2010
    Date of Patent: November 5, 2013
    Assignee: Sony Corporation
    Inventor: Takashi Tsurumoto
  • Patent number: 8566927
    Abstract: The approach defines a protection mechanism against attacks to a security enforcing operation performed by cryptographic token or smart card. It is based on an attack detector which signals the main elaboration or processing system regarding a potential attack situation. The approach addresses SIM cloning problems of telecommunications operators who use old and breakable cryptographic algorithms such as the COMP-128 and do not want to invest in updating the network authentication systems with more resistant authentication cryptographic algorithms. The approach may be applicable to the typical telecommunications operator in an emerging market that does not use state of the art technology.
    Type: Grant
    Filed: June 30, 2005
    Date of Patent: October 22, 2013
    Assignee: STMicroelectronics International N.V.
    Inventor: Paolo Di Iorio
  • Patent number: 8528103
    Abstract: A system manages display and retrieval of image content on a network by identifying the image and linking the image to related information, such as licensing information or usage rights. The system manages the display of image content stored within a network by associating thumbnail images that link to versions of the image content stored on a network. One example is a thumbnail that acts as a bookmark linking to image signal content stored on a distributed network of computers, such as links to web pages accessible on the internet. Corresponding methods are also provided.
    Type: Grant
    Filed: March 19, 2010
    Date of Patent: September 3, 2013
    Assignee: Digimarc Corporation
    Inventors: Daniel O. Ramos, Brian T. MacIntosh, Geoffrey B. Rhoads
  • Patent number: 8488779
    Abstract: A method is provided for processing a digital information set having a plurality of information bytes. The method comprises receiving the information set, determining a set of initialization parameters, initializing a set of state variables using the set of initialization parameters, and generating a plurality of cryptors, each cryptor being a virtual dynamic array containing a monoalphabetic cipher. The method further comprises modifying the state variables and one or more of the cryptors, setting the index value for each cryptor in the plurality of cryptors; and selecting an ordered cryptor subset to be applied to an information byte. The information byte is processed using the ordered cryptor subset to produce a processed information byte. If the information byte is a plaintext byte, the processed byte is an encrypted byte, and vice versa. The actions of modifying, setting, selecting, and processing are then repeated for each remaining information byte.
    Type: Grant
    Filed: July 25, 2011
    Date of Patent: July 16, 2013
    Assignee: Grey Heron Technologies, LLC
    Inventor: David L. Parrish
  • Patent number: 8462939
    Abstract: The RNS-based cryptographic system and method uses a symmetric residue number system (RNS) for encryption and decryption of messages, i.e., the sender and receiver agree upon a set of relatively prime numbers, referred to as the basis, whose product is an integer, and both the RNS and the integer are kept secret. To break the cipher, an attacker must factor the secret integer, which is unknown to the attacker, given only the upper bound of the unknown integer, a problem referred to as blind factorization of the unknown integer, which is a computationally hard problem. The method may be combined with a discrete logarithm problem, and the ciphertext may be padded with random values to hide the upper bound of the unknown integer. When the ciphertext requires multiple blocks, subsets of the basis and/or the random number padding may be used to prevent collision attacks.
    Type: Grant
    Filed: December 7, 2010
    Date of Patent: June 11, 2013
    Assignee: King Fahd University of Petroleum and Minerals
    Inventors: Lahouari Ghouti, Mohammad K. Ibrahim
  • Patent number: 8457302
    Abstract: The invention relates to a data carrier (1) having a semiconductor chip (5). In order to prevent an attacker from determining secret data of the chip (5) from intercepted signal patterns of the chip (5), security-relevant operations are performed only with commands or command strings of the operating program whose use does not permit the processed data to be inferred from the signal patterns.
    Type: Grant
    Filed: May 17, 1999
    Date of Patent: June 4, 2013
    Assignee: Giesecke & Devrient GmbH
    Inventors: Harald Vater, Hermann Drexler, Eric Johnson
  • Patent number: 8457303
    Abstract: Means for checking the correctness of a cryptographic operation on an elliptic curve E(Z/pZ), including fault-resistant computation of Q=kP on elliptic curve E(Z/pZ). Elliptic curve E^(Z/pr2Z)?E(Z/pZ)×E(Z/r2Z) is given by Chinese remaindering and where r is an integer. A point P^=CRT(P (mod p), R (mod r2)) is formed in E^(Z/pr2Z); P^ reduces to P in E(Z/pZ), and to R in E1(Z/r2Z). Q^=kP^ in E^(Z/pr2Z) is computed (130). It is then verified whether Q^?kR (mod r2) in E1(Z/r2Z), and if so, Q=Q^ mod p is output, whereas “error” is returned if this is not the case. Also provided are an apparatus and a computer program product.
    Type: Grant
    Filed: March 12, 2010
    Date of Patent: June 4, 2013
    Assignee: Thomson Licensing
    Inventor: Marc Joye
  • Publication number: 20130083918
    Abstract: A cryptanalysis method comprising: (A) Performing a ciphertext-only direct cryptanalysis of A5/1 and (B) Using results of Step (A) to facilitate the decryption and/or encryption of further communications that are consistent with encryption using the session key and/or decryption using the session key, wherein the cryptanalysis considers part of the bits of the session key to have a known fixed value, and wherein the cryptanalysis finds the session key. An efficient known plaintext attack on AS/2 comprises trying all the possible values for R4, and for each such value solving the linearized system of equations that describe the output; The solution of the equations gives the internal state of RI, R2, and R3; Together with R4, this gives the full internal state which gives a suggestion for the key.
    Type: Application
    Filed: September 20, 2012
    Publication date: April 4, 2013
    Inventors: Elad Barkan, Eli Biham
  • Patent number: 8411850
    Abstract: Provided are a method and a system for decrypting a password in multi-node parallel-processing environment including a master node and a plurality of work nodes. The master node receives information on encrypted file selection from a user. The master node generates password candidate information generation information and transmits the password candidate to the plurality of work nodes together with a password decryption command. The password candidate generation information allows the plurality of work nodes to have different password candidate ranges using password decryption information comprising a maximum password length, a minimum password length, and a string set constituting the password. The work node decrypts the password using the password candidate generation information. The work node transmits the password decryption result to the master node.
    Type: Grant
    Filed: May 13, 2010
    Date of Patent: April 2, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Keon Woo Kim, Sang Su Lee
  • Patent number: 8407224
    Abstract: An apparatus for generating a collection profile of a collection of different media data items has a feature extractor for extracting at least two different features describing a content of a media data item for a plurality of media data items of the collection, and a profile creator for creating the collection profile by combining the extracted features or weighted extracted features so that the collection profile represents a quantitative fingerprint of a content of the media data collection. This collection profile or music DNA can be used for transmitting information, which is based on this collection profile, to the entity itself or to a remote entity.
    Type: Grant
    Filed: February 25, 2011
    Date of Patent: March 26, 2013
    Assignee: Bach Technology AS
    Inventors: Dagfinn Bach, Sebastian Schmidt