公开(公告)号：US08090954B2

公开(公告)日：2012-01-03

申请号：US11687262

申请日：2007-03-16

Applicant: Cem Paya ,  Josh Benaloh

Inventor： Cem Paya ,  Josh Benaloh

IPC: H04L9/32

CPC classification number: H04L9/3247 ,  H04L2209/56 ,  H04L2209/80

Abstract: A forwarding signature comprises a modified digital signature, modified using a predetermined parameter between a sender and an intended recipient. An intended recipient of the forwarding signature can verify that the forwarding signature corresponds to the message, but, can neither derive the original digital signature nor generate a new forwarding signature for a different parameter. Generation and verification of the forwarding signature is accomplished with access to the public key of a public/private cryptographic key pair, the original signed message, and the predetermined parameter. Access to the private key is not needed.

Abstract translation: 转发签名包括经修改的数字签名，使用发送者和预期接收方之间的预定参数进行修改。 转发签名的预期接收者可以验证转发签名对应于该消息，但是既不能导出原始数字签名，也不会为不同参数生成新的转发签名。 转发签名的生成和验证是通过访问公/密码密钥对，原始签名消息和预定参数的公钥来实现的。 无需访问私钥。

公开(公告)号：US20100246827A1

公开(公告)日：2010-09-30

申请号：US12413445

申请日：2009-03-27

Applicant: Kristin Estella Lauter ,  Mihir Bellare ,  Josh Benaloh ,  Melissa E. Chase ,  Erik J. Horvitz ,  Chris Demetrios Karkanias

Inventor： Kristin Estella Lauter ,  Mihir Bellare ,  Josh Benaloh ,  Melissa E. Chase ,  Erik J. Horvitz ,  Chris Demetrios Karkanias

IPC: H04L9/14 ,  H04L9/08

CPC classification number: H04L9/3073 ,  G06F21/6209 ,  H04L9/0836 ,  H04L2209/88

Abstract: The claimed subject matter relates to architectures that can construct a hierarchical set of decryption keys for facilitating user-controlled encrypted data storage with diverse accessibility and hosting of that encrypted data. In particular, a root key can be employed to derive a hierarchical set of decryption keys and a corresponding hierarchical set of encryption keys. Each key derived can conform to a hierarchy associated with encrypted data of the user, and the decryption capabilities of the decryption keys can be configured based upon a location or assignment of the decryption key within the hierarchy. The cryptographic methods can be joined with a policy language that specifies sets of keys for capturing preferences about patterns of sharing. These policies about sharing can themselves require keys for access and the policies can provide additional keys for other aspects of policy and or base-level accesses.

Abstract translation: 所要求保护的主题涉及可以构建分层的解密密钥集的体系结构，以便利用不同的可访问性和托管该加密数据来促进用户控制的加密数据存储。 特别地，可以使用根密钥来导出分层的解密密钥集合和对应的分层加密密钥集合。 导出的每个密钥可以符合与用户的加密数据相关联的层次，并且可以基于层次结构内的解密密钥的位置或分配来配置解密密钥的解密能力。 加密方法可以与指定用于捕获关于共享模式的偏好的键的集合的策略语言相结合。 这些关于共享的策略本身可以要求访问密钥，并且策略可以为策略和/或基本级别访问的其他方面提供附加的密钥。

公开(公告)号：US20100212002A1

公开(公告)日：2010-08-19

申请号：US12371464

申请日：2009-02-13

Applicant: John R. Michener ,  Niels T Ferguson ,  Carl M. Ellison ,  Josh Benaloh ,  Brian A LaMacchia

Inventor： John R. Michener ,  Niels T Ferguson ,  Carl M. Ellison ,  Josh Benaloh ,  Brian A LaMacchia

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04L9/3226 ,  G06F21/31 ,  G06F2221/2105 ,  G06F2221/2149 ,  G06Q10/06 ,  G06Q30/0603 ,  G06Q40/02 ,  H04L9/3236 ,  H04L63/083 ,  H04L2209/56 ,  H04L2209/88

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract translation: 本文档描述了将登录限制在访问权限子集中的工具。 在一个实施例中，这些工具通过对用户ID，一般密码和一个或多个期望的约束执行加密算法来生成受限密码。 使用受限密码来代替通用密码，以获得访问权限，该访问权限是使用通用密码时将被授予的访问权限的子集。

公开(公告)号：US20100208898A1

公开(公告)日：2010-08-19

申请号：US12389217

申请日：2009-02-19

Applicant: Tolga Acar ,  Josh Benaloh ,  Niels Thomas Ferguson ,  Carl M. Ellison ,  Mira Belenkiy ,  Duy Lan Nguyen

Inventor： Tolga Acar ,  Josh Benaloh ,  Niels Thomas Ferguson ,  Carl M. Ellison ,  Mira Belenkiy ,  Duy Lan Nguyen

IPC: H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0833

Abstract: In an example, one or more cryptographic keys may be associated with a group. Any member of the group may use the key to encrypt and decrypt information, thereby allowing members of the group to share encrypted information. Domain controllers (DCs) maintain copies of the group's keys. The DCs may synchronize with each other, so that each DC may have a copy of the group's keys. Keys may have expiration dates, and any client connected to a DC may generate a new key when a key is nearing expiration. The various clients may create new keys at differing amounts of time before expiration on various DCs. DCs that store keys early thus may have time to propagate the newly-created keys through synchronization before other DCs are requested to store keys created by other clients. In this way, the creation of an excessive number of new keys may be avoided.

Abstract translation: 在一个示例中，一个或多个加密密钥可以与组相关联。 该组的任何成员可以使用密钥来加密和解密信息，从而允许该组的成员共享加密的信息。 域控制器（DC）维护组的密钥副本。 DC可以彼此同步，使得每个DC可以具有组的密钥的副本。 密钥可能有过期日期，连接到DC的任何客户端可能在密钥接近到期时生成新密钥。 各种客户端可以在不同的时间段之前以不同的时间量创建新的密钥。 因此，早期存储密钥的DC可能有时间通过​​同步传播新创建的密钥，而其他DC被请求存储由其他客户端创建的密钥。 以这种方式，可以避免创建过多的新密钥。

公开(公告)号：US07606915B1

公开(公告)日：2009-10-20

申请号：US10374036

申请日：2003-02-25

Applicant: Iulian D. Calinov ,  Danpo Zhang ,  Jonathan Wilkins ,  Julien Couvreur ,  Josh Benaloh

Inventor： Iulian D. Calinov ,  Danpo Zhang ,  Jonathan Wilkins ,  Julien Couvreur ,  Josh Benaloh

IPC: G06F15/16 ,  G06F7/04

CPC classification number: H04L63/08 ,  G06F21/36 ,  H04L63/0428

Abstract: Methods and system of preventing unauthorized scripting. The invention includes providing one or more tests to a user for distinguishing the user from a machine when the user requests access to the server. By storing information on a correct solution to the test in a block of data and sending the block of data together with the test, the invention provides stateless operation. Moreover, maintaining a database of previously used correct responses prevents replay attacks. The invention also includes providing combinations of alternative tests, such as visually altered textual character strings, audible character strings, and computational puzzles. Other aspects of the invention are directed to computer-readable media for use with the methods and system.

Abstract translation: 防止未经授权的脚本的方法和系统。 本发明包括当用户请求访问服务器时向用户提供一个或多个测试以区分用户与机器。 通过在数据块中存储关于正确解决方案的信息并发送数据块以及测试，本发明提供无状态操作。 此外，维护先前使用正确响应的数据库可防止重放攻击。 本发明还包括提供替代测试的组合，例如视觉上改变的文本字符串，可听话字符串和计算拼图。 本发明的其它方面涉及用于方法和系统的计算机可读介质。

公开(公告)号：US20080229111A1

公开(公告)日：2008-09-18

申请号：US11687262

申请日：2007-03-16

Applicant: Cem Paya ,  Josh Benaloh

Inventor： Cem Paya ,  Josh Benaloh

IPC: H04L9/00

CPC classification number: H04L9/3247 ,  H04L2209/56 ,  H04L2209/80

Abstract: A forwarding signature comprises a modified digital signature, modified using a predetermined parameter between a sender and an intended recipient. An intended recipient of the forwarding signature can verify that the forwarding signature corresponds to the message, but, can neither derive the original digital signature nor generate a new forwarding signature for a different parameter. Generation and verification of the forwarding signature is accomplished with access to the public key of a public/private cryptographic key pair, the original signed message, and the predetermined parameter. Access to the private key is not needed.

Abstract translation: 转发签名包括经修改的数字签名，使用发送者和预期接收方之间的预定参数进行修改。 转发签名的预期接收者可以验证转发签名对应于该消息，但是既不能导出原始数字签名，也不会为不同参数生成新的转发签名。 转发签名的生成和验证是通过访问公/密码密钥对，原始签名消息和预定参数的公钥来实现的。 无需访问私钥。

公开(公告)号：US20070088947A1

公开(公告)日：2007-04-19

申请号：US11611051

申请日：2006-12-14

Applicant: David Cross ,  Jianrong Gu ,  Josh Benaloh ,  Thomas Jones ,  Paul Leach ,  Glenn Pittaway

Inventor： David Cross ,  Jianrong Gu ,  Josh Benaloh ,  Thomas Jones ,  Paul Leach ,  Glenn Pittaway

IPC: H04L9/00

CPC classification number: H04L63/045 ,  G06Q20/3829 ,  H04L9/0822 ,  H04L9/0894 ,  H04L63/0823

Abstract: One aspect relates to a process and associated device that provides a private key of an asymmetric key pair in a key device. A symmetric master key is derived from the private key of the asymmetric key pair. The symmetric master key is stored in a computer memory location. The symmetric master key is used to encrypt or decrypt a file encryption key. The file encryption key can encrypt or decrypt files. In another aspect, the user can still access the files even if a user deactivates the key device by encrypting or decrypting the file encryption key directly from the symmetric master key.

Abstract translation: 一个方面涉及在密钥设备中提供非对称密钥对的私钥的过程和相关设备。 对称主密钥是从非对称密钥对的私有密钥导出的。 对称主密钥存储在计算机内存位置。 对称主密钥用于加密或解密文件加密密钥。 文件加密密钥可以加密或解密文件。 在另一方面，即使用户通过直接从对称主密钥加密或解密文件加密密钥来使密钥设备停用，用户仍然可以访问文件。

公开(公告)号：US20060129501A1

公开(公告)日：2006-06-15

申请号：US11013199

申请日：2004-12-15

Applicant: Andrzej Pastusiak ,  Arun Sacheti ,  Ting Cai ,  Deuane Martin ,  Josh Benaloh ,  Rajesh Kuppuswamy

Inventor： Andrzej Pastusiak ,  Arun Sacheti ,  Ting Cai ,  Deuane Martin ,  Josh Benaloh ,  Rajesh Kuppuswamy

IPC: G06Q99/00

CPC classification number: G06Q30/00 ,  G06Q20/06 ,  G06Q20/367 ,  G06Q20/3678 ,  G06Q20/382 ,  G06Q30/0207

Abstract: Methods, systems, and apparatus for generation, distribution and verification of tokens are described. In an implementation, a method is described in which a value of an offer is determined and a token for representing the offer is generated. The token has a number of characters based on the determination of the value of the offer.

公开(公告)号：US20060005230A1

公开(公告)日：2006-01-05

申请号：US11206585

申请日：2005-08-18

Applicant: Paul England ,  Marcus Peinado ,  Daniel Simon ,  Josh Benaloh

Inventor： Paul England ,  Marcus Peinado ,  Daniel Simon ,  Josh Benaloh

IPC: G06F17/00

CPC classification number: G06F21/54 ,  G06F21/53 ,  G06F21/57

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

公开(公告)号：US20050278530A1

公开(公告)日：2005-12-15

申请号：US11206519

申请日：2005-08-18

Applicant: Paul England ,  Marcus Peinado ,  Daniel Simon ,  Josh Benaloh

Inventor： Paul England ,  Marcus Peinado ,  Daniel Simon ,  Josh Benaloh

IPC: G06F21/00 ,  H04L9/00

CPC classification number: G06F21/54 ,  G06F21/53 ,  G06F21/57

Abstract: Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.