Including Particular Multiplication Or Exponentiation Circuit Patents (Class 713/174)
-
Patent number: 7174016Abstract: The present invention concerns an anti-SPA modular exponentiation algorithm in an electronic component using a public key ciphering algorithm. A pair of registers and an indicator are used to provide symmetrical processing of bits in the algorithm, so that the values of individual bits cannot be determined from power consumption.Type: GrantFiled: January 18, 2001Date of Patent: February 6, 2007Assignee: GemplusInventor: Olivier Benoit
-
Patent number: 7167559Abstract: In an exponentiation device, a relatively large table is generated outside of a coprocessor so as to enable high-speed exponentiation to be performed using the small window method. The selection of data from the table and transfer of data to the coprocessor are conducted in parallel with a multiple-length arithmetic operation performed in the coprocessor. So as to avoid bottlenecks occurring in the data transfer between a CPU and the coprocessor, two data banks are provided in the coprocessor for storing the data to be used in the arithmetic operation. By providing two banks in the coprocessor, it is possible to use one for transferring data while data stored in the other is being used in the arithmetic operation. When the operation using the stored data has been completed, the banks are switched, and the arithmetic operation is then repeated using the newly transferred data while at the same time conducting data transfer in readiness for the following operation.Type: GrantFiled: March 25, 2002Date of Patent: January 23, 2007Assignee: Matsushita Electric Industrial Co., Ltd.Inventors: Takatoshi Ono, Natsume Matsuzaki, Toshihisa Nakano
-
Patent number: 7123717Abstract: A countermeasure method in an electronic component which uses an RSA-type public key cryptographic algorithm. A first countermeasure method uses a random calculation for each new execution of the decryption algorithm with CRT. The calculations are made modulo p*r and q*t, r and t being random numbers. A second countermeasure makes the recombination random using the CRT theorem.Type: GrantFiled: October 13, 2000Date of Patent: October 17, 2006Assignee: GemplusInventors: Jean-Sebastien Coron, Pascal Paillier
-
Patent number: 7113593Abstract: A method and apparatus for performing cryptographic computations employing recursive algorithms to accelerate multiplication and squaring operations. Products and squares of long integer values are recursively reduced to a combination of products and squares reduced-length integer values in a host processor. The reduced-length integer values are passed to a co-processor. The values may be randomly ordered to prevent disclosure of secret data.Type: GrantFiled: March 6, 2001Date of Patent: September 26, 2006Assignee: Ericsson Inc.Inventors: Paul W. Dent, Ben Smeets, William J. Croughwell, III
-
Patent number: 7111166Abstract: An extension of the serial/parallel Montgomery modular multiplication method with simultaneous reduction as previously implemented by the applicants, adapted innovatively to perform both in the prime number and in the GF(2q) polynomial based number field, in such a way as to simplify the flow of operands, by performing a multiple anticipatory function to enhance the previous modular multiplication procedures.Type: GrantFiled: May 14, 2001Date of Patent: September 19, 2006Assignee: Fortress U&T Div. M-Systems Flash Disk Pioneers Ltd.Inventors: Itai Dror, Carmi David Gressel, Michael Mostovoy, Alexey Molchanov
-
Patent number: 7080262Abstract: Described herein is one or more implementations for compressing one or more keys.Type: GrantFiled: November 5, 2004Date of Patent: July 18, 2006Assignee: Microsoft CorporationInventor: Josh D. Benaloh
-
Patent number: 7073069Abstract: A digital logic circuit comprises a programmable logic device and a programmable security circuit. The programmable security circuit stores a set of authorized configuration security keys. The programmable security circuit compares the authorized configuration security keys with an incoming configuration request, and selectively enables a new configuration for the programmable logic device in response to the configuration request. In another exemplary embodiment, a programmable security circuit also stores a set of authorized operation security keys. The programmable security circuit compares the authorized operation security keys with an incoming operation request from the programmable logic device, and selectively enables an operation within the programmable logic device in response to the operation request.Type: GrantFiled: May 5, 2000Date of Patent: July 4, 2006Assignee: Infineon Technologies AGInventors: Stephen L. Wasson, David K. Varn, John D. Ralston
-
Patent number: 7055033Abstract: Various embodiments pertain to an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for steganographically authenticating identities and authorizing transactions based on the authenticated identities.Type: GrantFiled: May 21, 2004Date of Patent: May 30, 2006Assignee: Microsoft CorporationInventor: Scott B. Guthery
-
Patent number: 7027597Abstract: A pre-computation and dual-pass modular operation approach to implement encryption protocols efficiently in electronic integrated circuits is disclosed. An encrypted electronic message is received and another electronic message generated based on the encryption protocol. Two passes of Montgomery's method are used for a modular operation that is associated with the encryption protocol along with pre-computation of a constant based on a modulus. The modular operation may be a modular multiplication or a modular exponentiation. Modular arithmetic may be performed using the residue number system (RNS) and two RNS bases with conversions between the two RNS bases. A minimal number of register files are used for the computations along with an array of multiplier circuits and an array of modular reduction circuits. The approach described allows for high throughput for large encryption keys with a relatively small number of logical gates.Type: GrantFiled: September 18, 2001Date of Patent: April 11, 2006Assignee: Cisco Technologies, Inc.Inventors: Mihailo M. Stojancic, Mahesh S. Maddury, Kenneth J. Tomei
-
Patent number: 7027598Abstract: A pre-computation and dual-pass modular operation approach to implement encryption protocols efficiently in electronic integrated circuits is disclosed. An encrypted electronic message is received and another electronic message generated based on the encryption protocol. Two passes of Montgomery's method are used for a modular operation that is associated with the encryption protocol along with pre-computation of a constant based on a modulus. The modular operation may be a modular multiplication or a modular exponentiation. Modular arithmetic may be performed using the residue number system (RNS) and two RNS bases with conversions between the two RNS bases. A minimal number of register files are used for the computations along with an array of multiplier circuits and an array of modular reduction circuits. The approach described allows for high throughput for large encryption keys with a relatively small number of logical gates.Type: GrantFiled: September 19, 2001Date of Patent: April 11, 2006Assignee: Cisco Technology, Inc.Inventors: Mihailo M. Stojancic, Mahesh S. Maddury, Kenneth J. Tomei
-
Patent number: 7000111Abstract: A mobile terminal for use in a mobile communications system includes a SIM card storing subscriber related data. For security, the SIM card performs secret cryptographic calculations with secret numbers. Secret information is hidden from outside observation by scheduling the calculations using a precomputed, fixed randomization schedule in such a way that externally observable parameters of the device cannot be associated to particular pieces, bits, symbols or values of the secret information.Type: GrantFiled: November 7, 2000Date of Patent: February 14, 2006Assignee: Ericsson Inc.Inventors: Paul W. Dent, Michael Kornby
-
Patent number: 6996722Abstract: In a data communications system a remote data source outputs data as a series of application data units (ADUs). Each ADU is individually encrypted with a different key. The keys are transmitted (for example using Internet multicasting) via a communications network to one or more customer terminals. At the terminals a sequence of keys is generated for use in decrypting the ADUs. A record is kept of the keys generated, and this record may subsequently be used to generate a receipt for the data received by the customer. The keys may be generated, and the record stored within a secure module such as a smartcard.Type: GrantFiled: December 15, 1998Date of Patent: February 7, 2006Assignee: British Telecommunications public limited companyInventors: Ian R Fairman, Robert J Briscoe
-
Patent number: 6993136Abstract: A method of exchanging a cryptographic key between two users that includes the steps of selecting a value p from p=(2dk?2ck?1)/r, p=(2dk?2(d?1)k+2(d?2)k? . . .Type: GrantFiled: August 9, 2001Date of Patent: January 31, 2006Assignee: The United States of America as represented by the National Security AgencyInventor: Jerome Anthony Solinas
-
Patent number: 6988197Abstract: In a communication system, an authentication ciphering offset (ACO) is generated as a function of one or more parameters, wherein at least one of the one or more parameters is derived from earlier-computed values of the ACO. This enables each device to avoid generating an ACO value that is out of synchronization with a counterpart ACO value generated in another communication device.Type: GrantFiled: August 4, 2000Date of Patent: January 17, 2006Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Joakim Persson, Bernard Smeets, Tobias Melin
-
Patent number: 6954855Abstract: Various embodiments pertain to an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for steganographically authenticating identities and authorizing transactions based on the authenticated identities.Type: GrantFiled: December 23, 2004Date of Patent: October 11, 2005Assignee: Microsoft CorporationInventor: Scott B. Guthery
-
Patent number: 6931127Abstract: An encryption device of the present invention eliminates data contention and minimizes area by using a faster memory that can access data multiple times within a given time.Type: GrantFiled: May 30, 2001Date of Patent: August 16, 2005Assignee: Hynix Semiconductor Inc.Inventor: Young-Won Lim
-
Patent number: 6925563Abstract: A circuit for the implementation of modular multiplication of numbers comprises an alternative formation of the algorithm first proposed by R. C. Montgomery. The modified Montgomery algorithm is implemented in one of a plurality of circuits comprising full adders, half adders, registers and gates.Type: GrantFiled: September 21, 2000Date of Patent: August 2, 2005Assignee: Raytheon CompanyInventor: William T. Jennings
-
Patent number: 6920562Abstract: An encryption mechanism tightly-couples hardware data encryption functions with software-based protocol decode processing within a pipelined processor of a programmable processing engine. Tight-coupling is achieved by a micro-architecture of the pipelined processor that allows encryption functions to be accessed as a novel encryption execution unit of the processor. Such coupling substantially reduces the latency associated with conventional hardware/software interfaces.Type: GrantFiled: December 18, 1998Date of Patent: July 19, 2005Assignee: Cisco Technology, Inc.Inventors: Darren Kerr, John William Marshall
-
Patent number: 6907526Abstract: Disclosed herein are an IC card and a microcomputer which have implemented the strengthening of security and the speeding up and enhancement of signal processing for the security. In an IC card, which is supplied with an operating voltage by an electrical connection between each of external terminals and a read/write device, and includes an input-output operation of data with an encoding process or a decoding process, a disturbance-aimed processing operation is included in the encoding process or decoding process to uniformalize timings provided to operate an internal circuit and its operating current. In a microcomputer having a module configuration including an input-output operation of data with an encoding process or a decoding process, a disturbance-aimed processing operation is included in the encoding process or decoding process to uniformalize timings provided to operate an internal circuit and its operating current.Type: GrantFiled: January 5, 2001Date of Patent: June 14, 2005Assignees: Renesas Technology Corp., Hitachi ULSI Systems Co., Ltd.Inventors: Chiaki Tanimoto, Kunihiko Nakada, Takashi Tsukamoto, Shigeo Hirabayashi, Hiroshi Watase, Masatoshi Takahashi, Yuuichirou Nariyoshi
-
Patent number: 6898284Abstract: A method of identifying user, generating digital signature, and verifying digital signature by selecting a modulus p in the form of p=(2dk?2ck?1)/r, p=(2dk?2(d?1)k+2(d?2)k? . . . ?2k+1)/r, p=(2dk?2ck?1)/r, p=(2dk?2ck+1)/r, and p=(24k?23k+22k+1)/r, selecting an elliptic curve E and an order q; selecting a basepoint G; generating a private key w; generating a public key W=wG; distributing p, E, q, G, and W to at least a prover, a verifier, and a signer; generating the prover's private key wp and public key Wp=wpG; retrieving the prover's public key Wp; generating a private integer kp; combining kp and G to form K using p; sending K to the verifier; sending a challenge integer c to the prover; combining c, kp, and wp to form a response integer v; sending v to the verifier; combining cG, K, and Wp using p and checking to see if the combination is equal to vG. If not so, stop.Type: GrantFiled: August 9, 2001Date of Patent: May 24, 2005Assignee: The United States of America as represented by the National Security AgencyInventor: Jerome Anthony Solinas
-
Patent number: 6857075Abstract: The present invention is a key conversion system for deterministically and reversibly converting a first key value of a first communications system into a second key value of a second communication system. For example, the key conversion system generates a first intermediate value from at least a portion of the first key value using a first random function. At least a portion of the first intermediate value is provided to a second random function to produce a second value. An exclusive-or is performed on at least a portion of the first key value and at least a portion of the second value to generate a second intermediate value. At least a portion of the second intermediate value is provided to a third random function to produce a third value.Type: GrantFiled: December 11, 2000Date of Patent: February 15, 2005Assignee: Lucent Technologies Inc.Inventor: Sarvar Patel
-
Patent number: 6779112Abstract: This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for steganographically authenticating identities and authorizing transactions based on the authenticated identities. The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication structures. In preferred embodiments, the authentication structures each comprise a collection of commands, such as data processing commands, that are normally associated with data handling capabilities of the IC device. The commands are arranged into unique groupings that serve to identify the identity with which they are associated. Authentication can then take place outside of detectable cryptographic protocols.Type: GrantFiled: November 5, 1999Date of Patent: August 17, 2004Assignee: Microsoft CorporationInventor: Scott B. Guthery
-
Patent number: 6687376Abstract: A circuit is designed with a first register circuit (364) arranged to store a state matrix. A memory circuit (710) is arranged to store a plurality of addressable matrices. A control circuit (700) is coupled to receive a delay value and a clock signal. The control circuit is arranged to address a selected matrix from the plurality of addressable matrices in response to the delay value and the clock signal. A backward register circuit (420) is coupled (712) to receive the selected matrix. The backward register circuit is arranged to produce a plurality of shifted matrices from the selected matrix in response to the clock signal. A logic circuit (330-354) is coupled to receive the state matrix, the selected matrix and the plurality of shifted matrices. The logic circuit produces a logical combination of the state matrix and each of the selected matrix and the plurality of shifted matrices.Type: GrantFiled: December 29, 1998Date of Patent: February 3, 2004Assignee: Texas Instruments IncorporatedInventor: Hirohisa Yamaguchi
-
Patent number: 6678733Abstract: A walled garden contains links to one or more servers providing network-based services. A walled garden proxy server (WGPS) controls access to the walled garden. When a user of a client wishes to access a service in the walled garden, the client sends a request to the WGPS including a plot number identifying the service and a ticket granting the client access to the service. The WGPS denies access to clients lacking a ticket or presenting invalid tickets. In response, the client contacts a gateway server (GS) having a database of users and associated access rights. The user presents authentication information to the GS. If the user positively authenticates, the GS generates a ticket containing a Box ID from the client, an expiration date, and set of bits representing the access rights of the user. The GS encrypts the ticket and gives it to the client.Type: GrantFiled: October 26, 1999Date of Patent: January 13, 2004Assignee: At Home CorporationInventors: Ralph W. Brown, Robert Keller, Milo S. Medin
-
Publication number: 20030021410Abstract: In an IC card incorporating residual multiplier hardware for implementing a high-speed algorithm for a residual multiplication arithmetic, a method and a device capable of executing a public key encryption processing such as an elliptic curve encryption processing at a high speed. Residual arithmetic succeeding to generation of a random number and residual arithmetic in a signature generating processing can be executed by using a residual multiplier. Further, in order to use effectively the residual multiplier for arithmetic operation on an elliptic curve, the point on the elliptic curve is transformed from a two-dimensional affine coordinate system to a three-dimensional coordinate system. Additionally, multiplicative inverse arithmetic for realizing reverse transformation from the three-dimensional coordinate system to the two-dimensional affine coordinate system as well as for determining a signature s can be executed only with the residual multiplication arithmetic.Type: ApplicationFiled: September 24, 2002Publication date: January 30, 2003Applicant: Hitachi, Ltd.Inventors: Seiji Miyazaki, Kazuo Takaragi
-
Publication number: 20020169960Abstract: A storage device includes a tamper-resistant module and a flash memory. In correspondence with a command, a CPU inside the tamper-resistant module judges the security of data received from the outside, then recording the data as follows: High-security and small-capacity data is recorded into a memory inside the tamper-resistant module. High-security and large-capacity data is encrypted, then being recorded into the flash memory. Low-security data is recorded as it is into the flash memory. This recording method permits large-capacity data to be stored while ensuring a security (i.e., a security level) corresponding thereto.Type: ApplicationFiled: February 5, 2002Publication date: November 14, 2002Inventors: Shinya Iguchi, Takashi Tsunehiro, Motoyasu Tsunoda, Haruji Ishihara, Nagamasa Mizushima, Takashi Totsuka
-
Patent number: 6466668Abstract: In an IC card incorporating residual multiplier hardware for implementing a high-speed algorithm for a residual multiplication arithmetic, a method and a device capable of executing public key encryption processing such as an elliptic curve encryption processing at a high speed. Residual arithmetic succeeding to generation of a random number and residual arithmetic in a signature generating processing can be executed by using a residual multiplier. Further, in order to use effectively the residual multiplier for arithmetic operation on an elliptic curve, the point on the elliptic curve is transformed from a two-dimensional affine coordinate system to a three-dimensional coordinate system. Additionally, multiplicative inverse arithmetic for realizing reverse transformation from the three-dimensional coordinate system to the two-dimensional affine coordinate system as well as for determining a signature s can be executed only with the residual multiplication arithmetic.Type: GrantFiled: January 26, 1999Date of Patent: October 15, 2002Assignee: Hitachi, Ltd.Inventors: Seiji Miyazaki, Kazuo Takaragi
-
Patent number: 6408075Abstract: An IC card having a storage memory including a program storage unit for storing a program and a data storage unit for storing data and a central processing unit for executing a predetermined process in accordance with the program to process the data, the program including one or more data process units each having a process instruction for giving an execution instruction to the central processing unit, wherein a data process order is randomly exchanged and a dummy process is added to thereby reduce the dependency of consumption current of an IC chip upon the data process.Type: GrantFiled: March 14, 2000Date of Patent: June 18, 2002Assignee: Hitachi, Ltd.Inventors: Masaru Ohki, Yasuko Fukuzawa, Susumu Okuhara, Masahiro Kaminaga
-
Publication number: 20020073316Abstract: Ownership of a secure process is enabled with a cryptographic system. Methods initializing and operating the cryptographic system transfer control from the loading program to the loaded program and, in essence from the cryptographic system vendor to its end-user. As a result, ownership of the secure process can be relinquished to the end-user so that it alone can subsequently use the cryptographic system to control the secure process of loading and running its user-programs. The cryptographic system and methods allow for secure operations and protect against tampering with application software. The application program is retrieved from an encrypted file in external memory and authenticated by the cryptographic system before being executed.Type: ApplicationFiled: September 7, 2001Publication date: June 13, 2002Inventors: Thomas Collins, John Gregory, Ralph Bestock
-
Patent number: 6404890Abstract: Techniques are provided for generation of an RSA modulus having a predetermined portion. The predetermined portion may be the leading digits of the modulus, or split between the leading and trailing digits of the modulus. The resulting RSA modulus has the same security level as conventional RSA moduli, but requires less storage space. Significant performance improvements may be obtained for encryption, decryption, digital signature generation and digital signature verification when using RSA moduli in a specifically chosen format, as the division portion of a modulo operation is accomplished using only multiplication operations, and without using division operations.Type: GrantFiled: April 8, 1998Date of Patent: June 11, 2002Assignee: Citibank, NAInventor: Arjen K. Lenstra
-
Patent number: 6381699Abstract: The present invention provides a method and apparatus for securing cryptographic devices against attacks involving external monitoring and analysis. A “self-healing” property is introduced, enabling security to be continually re-established following partial compromises. In addition to producing useful cryptographic results, a typical leak-resistant cryptographic operation modifies or updates secret key material in a manner designed to render useless any information about the secrets that may have previously leaked from the system. Exemplary leak-proof and leak-resistant implementations of the invention are shown for symmetric authentication, certified Diffie-Hellman (when either one or both users have certificates), RSA, ElGamal public key decryption, ElGamal digital signing, and the Digital Signature Algorithm.Type: GrantFiled: December 13, 2000Date of Patent: April 30, 2002Assignee: Cryptography Research, Inc.Inventors: Paul C. Kocher, Joshua M. Jaffe
-
Publication number: 20020044649Abstract: This invention provides a method for accelerating multiplication of an elliptic curve point Q(x,y) by a scalar k, the method comprising the steps of selecting an elliptic curve over a finite field Fq where q is a prime power such that there exists an endomorphism &PSgr;, where &PSgr;(Q)=&lgr;.Q for all points Q(x,y) on the elliptic curve: and using smaller representations ki of the scalar k in combination with the mapping &PSgr; to compute the scalar multiple of the elliptic curve point Q.Type: ApplicationFiled: June 22, 2001Publication date: April 18, 2002Applicant: CERTICOM CORP.Inventors: Robert Gallant, Robert Lambert, Scott A. Vanstone
-
Patent number: 6356636Abstract: A co-processor (44) executes a mathematical algorithm that computes modular exponentiation equations for encrypting or decrypting data. A pipelined multiplier (56) receives sixteen bit data values stored in an A/B RAM (72) and generates a partial product. The generated partial product is summed in an adder (58) with a previous partial product stored in a product RAM (64). A modulo reducer (60) causes a binary data value N to be aligned and added to the summed value when a particular data bit location of the summed value has a logic one value. An N RAM (70) stores the data value N that is added in a modulo reducer (60) to the summed value. The co-processor (44) computes the Foster-Montgomery Reduction Algorithm and reduces the value of (A*B mod N) without having to first compute the value of &mgr; as is required in the Montgomery Reduction Algorithm.Type: GrantFiled: July 22, 1998Date of Patent: March 12, 2002Assignee: Motorola, Inc.Inventors: Robert I. Foster, John Michael Buss, Rodney C. Tesch, James Douglas Dworkin, Michael J. Torla
-
Publication number: 20010033655Abstract: A method for determining a result of a group operation performed an integral number of times on a selected element of the group, the method comprises the steps of representing the integral number as a binary vector; initializing an intermediate element to the group identity element; selecting successive bits, beginning with a left most bit, of the vector. For each of the selected bits; performing the group operation on the intermediate element to derive a new intermediate element; replacing the intermediate element with the new intermediate element; performing the group operation on the intermediate element and an element, selected from the group consisting of: the group element if the selected bit is a one; and an inverse element of the group element if the selected bit is a zero; replacing the intermediate element with the new intermediate element.Type: ApplicationFiled: January 18, 2001Publication date: October 25, 2001Inventors: Ashok Vadekar, Robert J. Lambert
-
Patent number: 6304660Abstract: A security document processing apparatus is provided having a feed path for receiving documents and at least one imaging assembly for capturing image data from documents received in the apparatus. The apparatus may include a material detection imaging assembly for detecting the material composition of certain materials on documents received in the apparatus. The material detection imaging assembly may detect material on a document by detecting transmissivity characteristics, or by sensing radiation emission characteristics of a document in the case received documents are of a type including radiation wavelength sensitive additives incorporated therein.Type: GrantFiled: June 2, 1998Date of Patent: October 16, 2001Assignee: Welch Allyn Data Collection, Inc.Inventors: Michael A. Ehrhart, Robert M. Hussey, Todd A. Dueker, Cayetano Sanchez, III, Walter Szrek, John C. Abraitis
-
Publication number: 20010010077Abstract: A computationally efficient multiplication method and apparatus for modular exponentiation. The apparatus uses a preload register, coupled to a multiplier at a second input port via a KN bit bus to load the value of the “a” multiplicand in the multiplier in a single clock pulse. The “b” multiplicand (which is also KN bits long) is supplied to the multiplier N bits at a time from a memory output port via an N bit bus coupled to a multiplier first input port. The multiplier multiplies the N bits of the “b” multiplicand by the KN bits of the “a” multiplicand and provides that product at a multiplier output N bits at a time, where it can be supplied to the memory via a memory input port.Type: ApplicationFiled: January 11, 2001Publication date: July 26, 2001Inventors: Matthew Scott McGregor, Thuan P. Le
-
Patent number: 6263081Abstract: A fixed-point multiple calculation apparatus, for use in an encryption method and a signature method that use elliptic curves, finds multiples of a fixed point and an arbitrary point at high speed. The fixed-point multiple calculation apparatus generates a pre-computation tables for multiples of digits at one-word intervals and for multiples of digits at half-word intervals. Using the tables, multiples of points on an elliptic curve are calculated using a doubling process, but with a reduced number of additions. This reduces the overall amount of required calculation.Type: GrantFiled: July 17, 1998Date of Patent: July 17, 2001Assignee: Matsushita Electric Industrial Co., Ltd.Inventors: Atsuko Miyaji, Takatoshi Ono
-
Patent number: 6144740Abstract: Disclosed is a method for designing public key cryptosystems against fault-based attacks in which secret information stored in a tamperfree device is revealed during the encryption/decryption or signature generation processes due to fault-based attacks. A new fault-resistant system which enables any fault existing in modular multiplications and exponential computations to be detected with a very high probability based on a coding approach. This method can be used to implement all cryptosystems whose basic operations are modular multiplications for resisting both memory and computational fault-based attacks with a very low computational overhead.Type: GrantFiled: May 20, 1998Date of Patent: November 7, 2000Assignees: Network Security Technology Co., Lan-Ying ChiangInventors: Chi-Sung Laih, Fu-Kuan Tu, Yung-Chen Lee
-
Patent number: 6115472Abstract: A user sets n=0, his mail account A and password S, then computes V.sub.0 =E(A,S), W.sub.0 =E(A,V.sub.0), V.sub.1 =E(A,A.sym.1), W.sub.1 =E(A,V.sub.1) and M.sub.0 =E(W.sub.1, V.sub.0), and initially registers W.sub.0, W.sub.1, M.sub.0 and A by e-mail in a mail server. At a visiting site the user sends a service request and A to the mail server form an arbitrary terminal connected to the Internet, and the mail server reads out the authentication session number n corresponding to the identifier A and sends it back to the user. The user computes V.sub.n-1 =E(A,S.sym.(n-1)), V.sub.n+1 =E(A,S.sym.(n+1)), W.sub.n+1 =E(A,V.sub.n+1). V.sub.n =E(A,S.sym.n) and M.sub.n =E(W.sub.n+1, V.sub.n) and sends V.sub.n-1, W.sub.n+1 and M.sub.n to the mail server. The mail server computes E(A,V.sub.n-1) and E(W.sub.n, V.sub.n-1) and if they agree with preregistered W.sub.n-1 and M.sub.n-1, respectively, the mail server accepts the user as valid and sends a mail message of the user.Type: GrantFiled: September 9, 1997Date of Patent: September 5, 2000Assignee: Nippon Telegraph and Telephone CorporationInventors: Akihiro Shimizu, Tsutomu Horioka, Hiroshi Hamada
-
Patent number: 6105013Abstract: The present invention relates to an electronic module used for secure transactions. More specifically, the electronic module is capable of passing information back and forth between a service provider's equipment via a secure, encrypted technique so that money and other valuable data can be securely passed electronically. The module is capable of being programmed, keeping track of real time, recording transactions for later review, and creating encryption key pairs.Type: GrantFiled: March 10, 1998Date of Patent: August 15, 2000Assignee: Dallas Semiconductor CorporationInventors: Stephen M. Curry, Donald W. Loomis, Christopher W. Fox