Search Patents
  • Patent number: 8332645
    Abstract: A method and apparatus for repeated communication sessions between a sender (e.g., RFID tag) and a receiver (RFID reader) that employs a proactive information security scheme is based on the assumption that the information exchanged during at least one of every n successive communication sessions is not exposed to an adversary. The sender and the receiver maintain a vector of n entries that is repeatedly refreshed by pairwise XORING entries, with a new vector of n entries that is randomly chosen by the sender and sent to the receiver as a part of each communication session. Also, a computational secure scheme based on the information secure scheme is employed to ensure that even in the case that the adversary listens to all the information exchanges, the communication between the sender and the receiver is secure. In particular, the scheme can be used in the domain of remote controls (e.g., for cars).
    Type: Grant
    Filed: September 11, 2007
    Date of Patent: December 11, 2012
    Assignees: Yeda Research and Development Co. Ltd, Sami Shamoon College of Engineering, Shlomi Dolev
    Inventors: Shlomi Dolev, Marina Kopeetsky, Adi Shamir
  • Patent number: 7808911
    Abstract: Method for protecting an NSP data network against data overflow, according to which the NSP data network is divided to a protected sub-network and an unprotected sub-network. Connectivity to external data networks is allowed through the unprotected sub-network via a set of predefined controlled data ports. A maximum available bandwidth that can be processed by a user is determined for each user and maximal sub-bandwidth is allocated for each router. Whenever the data packet flow intended to the user exceeds the sub-bandwidth at one of the routers, the excess packet flow is filtered.
    Type: Grant
    Filed: February 15, 2008
    Date of Patent: October 5, 2010
    Assignee: Deutsche Telekom AG
    Inventor: Shlomo Dolev
  • Publication number: 20160149866
    Abstract: A method of securely executing practically unbounded input stream of symbols, by non-interactive, multi-party computation, according to which the input stream is distributed among a plurality of parties, which do not communicate among themselves throughout execution, by a dealer with a secret initial state. The dealer distributes shares of the secret state between the parties. The input stream is executed by a finite-state automaton which may be an accumulating automaton with accumulating nodes or an automaton that is defined by a series of cascaded equations. During any execution stage, the input stream and the current state of the original automaton are concealed from any coalition of participants being smaller than a given threshold. Upon receiving a signal from the dealer, the parties terminate the execution and submit their internal state to the dealer, which computes the current state that defines the computation result.
    Type: Application
    Filed: April 23, 2014
    Publication date: May 26, 2016
    Inventors: Shlomo Dolev, Niv Gilboa, Ximing Li
  • Patent number: 9742739
    Abstract: A method of securely executing practically unbounded input stream of symbols, by non-interactive, multi-party computation, according to which the input stream is distributed among a plurality of parties, which do not communicate among themselves throughout execution, by a dealer with a secret initial state. The dealer distributes shares of the secret state between the parties. The input stream is executed by a finite-state automaton which may be an accumulating automaton with accumulating nodes or an automaton that is defined by a series of cascaded equations. During any execution stage, the input stream and the current state of the original automaton are concealed from any coalition of participants being smaller than a given threshold. Upon receiving a signal from the dealer, the parties terminate the execution and submit their internal state to the dealer, which computes the current state that defines the computation result.
    Type: Grant
    Filed: April 23, 2014
    Date of Patent: August 22, 2017
    Assignee: SECRETSKYDB LTD.
    Inventors: Shlomo Dolev, Niv Gilboa, Ximing Li
  • Publication number: 20080212481
    Abstract: Method for protecting an NSP data network against data overflow, according to which the NSP data network is divided to a protected sub-network and an unprotected sub-network. Connectivity to external data networks is allowed through the unprotected sub-network via a set of predefined controlled data ports. Each user is connected to the protected sub-network via a proxy router and to the unprotected sub-network via gateway routers that are connected to the proxy router through interconnected intermediating routers and to unprotected sub-network via the set of controlled data ports. A maximum available bandwidth that can be processed by a user is determined for each user and maximal sub-bandwidth is allocated for each router, such that the sub-bandwidth is smaller than the bandwidth.
    Type: Application
    Filed: February 15, 2008
    Publication date: September 4, 2008
    Applicant: Deutsche Telekom AG
    Inventor: Shlomo Dolev
  • Publication number: 20110113491
    Abstract: The present invention is a system for using a collective computing power of a plurality of network stations in a communication network in order to overcome threats generated by malicious applications. Collaboratively, a large group of simple network stations implement a vaccination mechanism, proliferating information concerning malicious applications (malwares) throughout the network in an efficient manner.
    Type: Application
    Filed: November 8, 2010
    Publication date: May 12, 2011
    Applicant: DEUTSCHE TELEKOM AG
    Inventors: Yaniv Altshuler, Yuval Elovici, Shlomi Dolev, Asaf Shabtai, Yuval Fledel
  • Publication number: 20140101440
    Abstract: A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the agreement.
    Type: Application
    Filed: October 10, 2012
    Publication date: April 10, 2014
    Applicant: Ben-Gurion University of the Negev
    Inventors: Ofer Hermoni, Niv Gilboa, Shlomi Dolev
  • Publication number: 20050013531
    Abstract: Method and an optical computation device for obtaining an indication about the existence of a feasible solution for a bounded instance of a problem that belongs to the non-deterministic polynomial class of problems, using parallel optical computations employing a multitude of light rays simultaneously propagating along paths in an optical arrangement. An optical arrangement that can implement a universal non deterministic Turing Machine that can solve bounded instances of problems of the class is determined. An initial incoming ray is directed to a point in the optical arrangement, that represents the initial configuration of the universal non deterministic Turing Machine, such that the initial configuration corresponds to the bounded instance. Each incoming ray is split within the optical arrangement into two or more outgoing rays at pre-determined locations in the optical arrangement.
    Type: Application
    Filed: May 18, 2004
    Publication date: January 20, 2005
    Inventors: Shlomo Dolev, Yuval Nir
  • Patent number: 8868903
    Abstract: A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the agreement.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: October 21, 2014
    Assignee: Ben-Gurion University of the Negev
    Inventors: Ofer Hermoni, Niv Gilboa, Shlomi Dolev
  • Publication number: 20140226816
    Abstract: The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users.
    Type: Application
    Filed: August 22, 2012
    Publication date: August 14, 2014
    Inventors: Shlomi Dolev, Niv Gilboa, Marina Kopeetsky
  • Patent number: 7130093
    Abstract: Method and an optical computation device for obtaining an indication about the existence of a feasible solution for a bounded instance of a problem that belongs to the non-deterministic polynomial class of problems, using parallel optical computations employing a multitude of light rays simultaneously propagating along paths in an optical arrangement. An optical arrangement that can implement a universal non deterministic Turing Machine that can solve bounded instances of problems of the class is determined. An initial incoming ray is directed to a point in the optical arrangement, that represents the initial configuration of the universal non deterministic Turing Machine, such that the initial configuration corresponds to the bounded instance. Each incoming ray is split within the optical arrangement into two or more outgoing rays at pre-determined locations in the optical arrangement.
    Type: Grant
    Filed: May 18, 2004
    Date of Patent: October 31, 2006
    Inventors: Shlomo Dolev, Yuval Nir
  • Patent number: 9413528
    Abstract: The invention is a method for broadcast encryption that allows a broadcaster to send encrypted data to a set of users such that only a subset of authorized users can decrypt said data. The method comprises modifications to the four stages of the basic Cipher-text Policy Attribute-Based Encryption techniques. The method can be adapted to transform any Attribute-Based Encryption scheme that supports only temporary revocation into a scheme that supports the permanent revocation of users.
    Type: Grant
    Filed: August 22, 2012
    Date of Patent: August 9, 2016
    Assignee: Ben-Gurion University of the Negev Research and Development Authority
    Inventors: Shlomi Dolev, Niv Gilboa, Marina Kopeetsky
  • Patent number: 7971104
    Abstract: Apparatus and methods for converting a processor, having a plurality of states and being operative to execute software operations stored in a memory device, into a self-stabilizing processor, comprising providing self-stabilizing watchdog hardware that, with given timing, interacts with the processor, in accordance with an interaction sequence that includes at least one trigger that sets the processor to a known state from among a set of at least one known states. Also described are applications for stabilization of operating systems and other hardware or software configurations, apparatus and methods for ensuring eventual invariance of software executed by a processor, and apparatus and methods for enforcing fixed software configurations.
    Type: Grant
    Filed: September 24, 2007
    Date of Patent: June 28, 2011
    Inventors: Shlomi Dolev, Avraham Yinnon Haviv
  • Publication number: 20170093811
    Abstract: A method for establishing a fully private, information theoretically secure interconnection between a source and a destination, over an unmanaged data network with at least a portion of a public infrastructure. Accordingly, n shares of the source data are created at the source according to a predetermined secret sharing scheme and the shares are sent to the data network, while encrypting the sent data using (n,k) secret sharing. A plurality of intermediating nodes are deployed in different locations over the network, to create a plurality of fully and/or partially independent paths in different directions on the path from the source to the destination, and with sufficient data separation. Then, the shares are sent over the plurality of fully and/or partially independent paths while forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares.
    Type: Application
    Filed: May 18, 2015
    Publication date: March 30, 2017
    Inventors: Shlomi DOLEV, Shimrit TZUR-DAVID
  • Publication number: 20090296931
    Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.
    Type: Application
    Filed: June 23, 2005
    Publication date: December 3, 2009
    Inventors: Shlomi Dolev, Ephraim Korach, Gait Uzan
  • Patent number: 9008311
    Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: April 14, 2015
    Assignee: Ben-Gurion University of the Negev Research and Development Authority
    Inventors: Shlomi Dolev, Ephraim Korach, Galit Uzan
  • Publication number: 20090225985
    Abstract: A method and apparatus for repeated communication sessions between a sender (e.g., RFID tag) and a receiver (RFID reader) that employs a proactive information security scheme is based on the assumption that the information exchanged during at least one of every n successive communication sessions is not exposed to an adversary. The sender and the receiver maintain a vector of n entries that is repeatedly refreshed by pairwise XORING entries, with a new vector of n entries that is randomly chosen by the sender and sent to the receiver as a part of each communication session. Also, a computational secure scheme based on the information secure scheme is employed to ensure that even in the case that the adversary listens to all the information exchanges, the communication between the sender and the receiver is secure. In particular, the scheme can be used in the domain of remote controls (e.g., for cars).
    Type: Application
    Filed: September 11, 2007
    Publication date: September 10, 2009
    Applicants: Sami Shamoon College of Engineering, Yeda Research & Development Co. Ltd.
    Inventors: Shlomi Dolev, Marina Kopeetsky, Adi Shamir
  • Patent number: 9769658
    Abstract: A method for providing secure connection between vehicles. A unique pair of digitally signed public key and private key is provided to each vehicle, along with additional vehicle-related data. A certificate number is generated for each vehicle and the public key, the certificate number and the attributes of the vehicle is signed by a trusted certificate generating authority. Before communicating with a second vehicle, the first vehicle sends its unique certificate to a second vehicle; the second vehicle verifies the authenticity of received unique certificate number and visible attributes by a camera. If the attributes are verified successfully, the second vehicle sends its unique certificate number to the first vehicle, along with a secret key, which is valid for the current session only. Then the first vehicle verifies the authenticity of received certificate of the second vehicle and attributes by a camera that captures visible attributes of the second vehicle.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: September 19, 2017
    Inventors: Shlomi Dolev, Nisha Panwar, Michael Segal, Lukasz Krzywiecki
  • Publication number: 20150052352
    Abstract: A method for providing secure connection between vehicles over channels of a wireless communication network, according to which, a first unique pair of digitally signed public key and private key is provided to each vehicle, along with additional vehicle-related data including a visually static collection of attributes of the vehicle. A unique certificate number is generated for each vehicle and monolithic data consisting of the public key, the certificate number and the attributes is signed by a trusted certificate generating authority. Prior to wireless communication between a first vehicle and a second vehicle, a verification step is performed during which the first vehicle sends its unique certificate number to a second vehicle over a communication channel; the second vehicle verifies the authenticity of received unique certificate number of the first vehicle and attributes by a camera that captures attributes which are visible, using image processing means.
    Type: Application
    Filed: June 20, 2014
    Publication date: February 19, 2015
    Inventors: Shlomi DOLEV, Nisha PANWAR, Michael SEGAL, Lukasz KRZYWIECKI
Narrow Results

Filter by US Classification