-
公开(公告)号:US09853819B2
公开(公告)日:2017-12-26
申请号:US15295928
申请日:2016-10-17
发明人: Ahto Truu , Andres Kroonmaa , Michael Gault , Jeffrey Pearce
CPC分类号: H04L9/3247 , H04L9/3239 , H04L9/3242 , H04L63/0823 , H04L63/102 , H04L2209/38 , H04L2209/56
摘要: At least one node in a distributed hash tree verification infrastructure is augmented with an identifier of an entity in a registration path. A data signature, which includes parameters for recomputation of a verifying value, and which is associated with a digital input record, will therefore also include data that identifies at least one entity in the hash tree path used for its initial registration in the infrastructure. An uppermost value of the hash tree verification infrastructure is entered as, or as part of, a transaction in a blockchain.
-
公开(公告)号:US10068397B2
公开(公告)日:2018-09-04
申请号:US15091587
申请日:2016-04-06
IPC分类号: H04W4/04 , G07C9/00 , G01C21/00 , H04W4/00 , H04W4/02 , H04W12/06 , H04L9/32 , H04N21/60 , H04L29/06
摘要: Control of access by a requesting entity to an asset includes defining an approved state of the requesting entity. A validation of a representation of the approved state of in a non-repudiatable form in obtained from an event validation system. The requesting entity is triggered to determine its current state by an access-control entity, which compares the current state with the approved state and allows access by the requesting entity to the asset only if the current state is the same as the approved state. In a pre-authorization procedure, one or both of the entities issues a data set challenge to the other, which then validates the challenge via the event validation system and returns this validation to the challenging entity, which then checks the validation to see if it is correct. Data sets may be validated, for example, with hash tree based signatures or blockchain entries.
-
公开(公告)号:US08719576B2
公开(公告)日:2014-05-06
申请号:US13625551
申请日:2012-09-24
发明人: Ahto Buldas , Märt Saarepera
CPC分类号: H04L63/0823 , G06F21/30 , G06F21/64 , G06F21/645 , H04L9/3247 , H04L9/3265 , H04L63/0876 , H04L2209/38
摘要: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.
摘要翻译: 数字记录的变换被用作具有在核心系统中的根并且被计算为具有子节点值的数字组合的节点的树状数据结构的最低级输入。 根值的组合在永久介质中公布。 签名向量与数字记录相关联,并且具有能够通过树数据结构向上重新计算到当前根值或已发布值的参数。 仅当候选数字记录是包含在该值的原始计算中的原始数字记录的确切版本时,重新计算才产生相同的值。
-
公开(公告)号:US09876779B2
公开(公告)日:2018-01-23
申请号:US14842761
申请日:2015-09-01
发明人: Ahto Buldas , Märt Saarepera
CPC分类号: H04L63/0823 , G06F21/30 , G06F21/64 , G06F21/645 , H04L9/3247 , H04L9/3265 , H04L63/0876 , H04L2209/38
摘要: A client system is configured to obtain signatures for digital input records. An application program interface reformats each digital record, and this is used as an argument to a cryptographic hash function, from which a signature request is formed. The signature request is then submitted to a keyless, distributed hash tree infrastructure system, which returns a signature that includes recomputation values enabling recomputation from the result of the cryptographic hash function upward through the hash tree infrastructure to a root hash value at a calendar period corresponding to a time during which the signature request was originally submitted. An arbitrary subsequent test digital record is considered authenticated if, applying the cryptographic hash function to it, along with any other parameters included in the original computation, and recomputing an uppermost value using the recomputation values, the same composite calendar value is attained as when it was originally computed.
-
公开(公告)号:US20150295720A1
公开(公告)日:2015-10-15
申请号:US14684336
申请日:2015-04-11
发明人: Ahto BULDAS , Risto LAANOJA , Ahto TRUU
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/321 , H04L9/3239 , H04L9/3263 , H04L9/3297 , H04L2209/24 , H04L2209/38 , H04L2209/64 , H04L2209/72
摘要: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.
摘要翻译: 签署数字消息,如果请求被批准,则会收到时间戳。 该请求被计算为消息的第一功能,并且计算出一个密码序列中的当前一个,使得每个密码对应于索引单元。 每个密码可以被计算为后续密码的功能,例如散列函数,伪随机函数或加密函数,由此序列以形成密码序列的公钥参数的初始密码终止。 至少有一个散列树至少使用一个密码子集作为用于验证密码的散列树的输入。
-
公开(公告)号:US20200034553A1
公开(公告)日:2020-01-30
申请号:US16048331
申请日:2018-07-29
发明人: Anthony KENYON , Hema KRISHNAMURTHY
摘要: Multi-party consent to performance of an action is securely registered by receiving from at least one consent requesting entity (CRE) a consent action request (CAR), which is matched with a consent policy. The policy may specify a plurality of consent voting entities (CVE), and direct confirmation of registration of an identity of each CVE in a blockchain. A consent request (CR) may then be issued to the CVEs. Consent request responses (CRRs) from the CVEs are then compared with at least one condition in the consent policy. A representation of a state of the CRRs is relative to the consent policy is registered in the blockchain. If the policy condition(s) is satisfied, a subject entity may be signaled to perform the action corresponding to the CAR, and a state indication of performance of the action may also be registered in the blockchain.
-
公开(公告)号:US10103893B2
公开(公告)日:2018-10-16
申请号:US15913816
申请日:2018-03-06
发明人: Andres Kroonmaa , Ahto Buldas , Jeffrey Pearce
摘要: A distributed hash tree-based authentication system for digital input records has more than one upper-level core node, each of which receives at least one uppermost value from aggregators. Communicating with each other about which aggregator values they have received, the nodes try to reach agreement as to which of these values should be included in duplicated current intra-node hash tree evaluations so as to form a consistent top-level value used as the basis for digital signatures associated with the digital input records. The top-level value is then entered either directly, or after combination with other top-level values over a period, into a block of a blockchain.
-
公开(公告)号:US09697340B2
公开(公告)日:2017-07-04
申请号:US14738890
申请日:2015-06-14
发明人: Nicholas Child
CPC分类号: G06F21/31 , G06F21/6218 , H04L63/00
摘要: An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.
-
公开(公告)号:US09614682B2
公开(公告)日:2017-04-04
申请号:US14684336
申请日:2015-04-11
发明人: Ahto Buldas , Risto Laanoja , Ahto Truu
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/321 , H04L9/3239 , H04L9/3263 , H04L9/3297 , H04L2209/24 , H04L2209/38 , H04L2209/64 , H04L2209/72
摘要: A digital message is signed and, if a request is approved, receives a time stamp. The request is computed as a first function of the message and a current one of a sequence of passwords computed such that each password corresponds to an index unit. Each of the passwords may be computed as a function, such as a hash function, pseudo-random function, or encryption function, of the subsequent password, whereby the sequence terminates with an initial password that forms a public key parameter for the password sequence. At least one hash tree uses at least a subset of the passwords as inputs to a hash tree used to verify the passwords.
-
公开(公告)号:US08874921B2
公开(公告)日:2014-10-28
申请号:US13164759
申请日:2011-06-20
申请人: Ahto Buldas , Andres Kroonmaa , Märt Saarepera
发明人: Ahto Buldas , Andres Kroonmaa , Märt Saarepera
CPC分类号: H04L9/321 , H04L9/007 , H04L9/3247 , H04L2209/38
摘要: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.
摘要翻译: 提供了一种产生无钥匙数字多重签名的方法。 该方法包括从一个或多个客户端计算机接收多个签名生成请求,基于签名生成请求构建子树,以及构建包括子树的搜索树。 该方法还包括将显式长度标签分配给搜索树的叶节点以平衡搜索树并将散列函数应用于每个搜索树节点。 根哈希值和搜索树的高度构成生成的聚合签名请求,然后基于聚合签名请求接收聚合签名。 基于聚合签名生成无钥匙数字多签名,并且包含隐式长度标签以验证签名生成请求的数量是有限的。 如果搜索树的高度不超过预定的高度限制,则生成聚合签名。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.018 秒)
