-
公开(公告)号:US20160330214A1
公开(公告)日:2016-11-10
申请号:US15217624
申请日:2016-07-22
IPC分类号: H04L29/06
CPC分类号: H04L63/123 , G06F21/602 , G06F21/604 , G06F21/64 , G06F21/645 , H04L63/061
摘要: A system performs cryptographic operations utilizing information usable to verify validity of plaintext. To prevent providing information about a plaintext by providing the information usable to verify the validity of the plaintext, the system provides the information usable to verify validity of the plaintext to an entity on a condition that the entity is authorized to access the plaintext. The information usable to verify validity of the plaintext may be persisted in ciphertext along with the plaintext to enable the plaintext to be verified when decrypted.
摘要翻译: 系统利用可用于验证明文有效性的信息来执行加密操作。 为了通过提供可用于验证明文有效性的信息来防止提供关于明文的信息,在实体被授权访问明文的条件下,系统提供可用于验证明文的有效性的信息给实体。 可用于验证明文有效性的信息可以与明文一起保持密文,以便在解密时能够验证明文。
-
公开(公告)号:US09443108B1
公开(公告)日:2016-09-13
申请号:US14318314
申请日:2014-06-27
CPC分类号: G06F21/70 , G06F21/64 , G06F21/645 , G06F2221/2151 , H04L9/3239 , H04L9/3247 , H04L9/3297
摘要: A method and system for retrieving a current and previous timestamp value, retrieving a previous accumulator value reflecting a previous state of the accumulator, retrieving information representing digests collected during an interval window, and generating a new accumulator value based on the retrieved values, and a storage medium with executable code for retrieving a first and second timestamp, a first and second accumulator value, information representing digests, and for validating data by comparing the second accumulator value with a hash of the first timestamp, the first accumulator value, and the information.
摘要翻译: 一种用于检索当前和先前时间戳值的方法和系统,检索反映累加器的先前状态的先前累加器值,检索表示在间隔窗口期间收集的摘要的信息,以及基于检索到的值生成新的累加器值,以及 具有用于检索第一和第二时间戳的可执行代码的存储介质,第一和第二累加器值,表示摘要的信息,以及通过将第二累加器值与第一时间戳的散列值,第一累加器值和信息进行比较来验证数据 。
-
公开(公告)号:US20240113885A1
公开(公告)日:2024-04-04
申请号:US18484080
申请日:2023-10-10
CPC分类号: H04L9/3213 , G06F9/505 , H04L9/085 , H04L63/061 , H04L63/08
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.
-
公开(公告)号:US11818268B2
公开(公告)日:2023-11-14
申请号:US17502851
申请日:2021-10-15
CPC分类号: H04L9/3213 , G06F9/505 , H04L9/085 , H04L63/061 , H04L63/08
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.
-
公开(公告)号:US11153087B1
公开(公告)日:2021-10-19
申请号:US14983246
申请日:2015-12-29
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity such as a hub to manage authentication, for example. In some instances, the third party may also perform endpoint selection (e.g., load balancing) by providing a particular endpoint along with the token.
-
公开(公告)号:US11044082B2
公开(公告)日:2021-06-22
申请号:US16563687
申请日:2019-09-06
摘要: Systems and processes are described for establishing and using a secure channel. A shared secret may be used for authentication of session initiation messages as well as for generation of a private/public key pair for the session. A number of ways of agreeing on the shared secret are described and include pre-sharing the keys, reliance on a key management system, or via a token mechanism that uses a third entity to manage authentication, for example. In some instances, the third party may also perform endpoint selection by providing a particular endpoint along with the token. The particular cipher suite applied in a particular implementation may be configurable. The process is applicable to either implicit key confirmation (e.g., handshake negotiation) or explicit key confirmation (e.g., full negotiation).
-
公开(公告)号:US10972270B2
公开(公告)日:2021-04-06
申请号:US15898505
申请日:2018-02-17
摘要: A plaintext and cryptographic key are used to generate an initialization vector to be used in a cryptographic algorithm, such as an encryption algorithm. In some examples, the plaintext and cryptographic key are input into an effectively one-way function, such as a cryptographic hash function, the output of which is usable as an initialization vector. Cryptographic keys may be rotated probabilistically based at least in part on probabilities of output collisions of the effectively one-way function to ensure a low probability of two different plaintexts resulting in calculation of the same initialization vector for use with the same cryptographic key.
-
公开(公告)号:US10938575B2
公开(公告)日:2021-03-02
申请号:US16716037
申请日:2019-12-16
摘要: A digital signature over a message may be compressed by determining a plurality of values based at least in part on the message. A mapping of the plurality of values over a digital signature scheme may be used to determine a value from which a portion of the compressed digital signature is decompressible by cryptographically deriving one or more components of the uncompressed digital signature. A public key may be used to verify the authenticity of the compressed digital signature and message.
-
公开(公告)号:US10904011B2
公开(公告)日:2021-01-26
申请号:US16179548
申请日:2018-11-02
摘要: A host machine operated for a specific purpose can have restricted access to other components in a multi-tenant environment in order to provide for the security of the host machine. The access restriction can prevent the host machine from obtaining updates to critical system-level configurations, but such information can be obtained through a signed command received to an API for the host machine. The command can be signed by a quorum of operators, and the host machine can be configured to verify the signatures and the quorum before processing the command. The host machine can store the updates to ephemeral storage as well as persistent storage, such that upon a reboot or power cycle the host machine can operate with current configuration data.
-
公开(公告)号:US10826708B2
公开(公告)日:2020-11-03
申请号:US15798117
申请日:2017-10-30
摘要: Data security is enhanced by receiving a request that identifies an encrypted data key, an authentication tag, and additional authenticated data that includes at least a nonce. In some cases, the authentication tag is cryptographically derivable from the encrypted data key and the additional authenticated data. A system, in some cases, determines whether the nonce is authentic and decrypts the encrypted data key by using at least a cryptographic key and the nonce, thereby resulting in a plaintext data key that is usable in various contexts.
-
-
-
-
-
-
-
-
-
搜索结果
119 条记录 (耗时 0.022 秒)
