-
公开(公告)号:US20160359619A1
公开(公告)日:2016-12-08
申请号:US15238742
申请日:2016-08-17
Applicant: Cisco Technology, Inc.
Inventor: Hillel SOLOW , Harel CAIN , Eliphaz HIBSHOOSH
CPC classification number: H04L9/085 , H04L63/0428 , H04L63/062 , H04L63/0876
Abstract: A method for distributing encrypted information includes; encrypting an item of information with a content key, distributing the item of encrypted information over a wide-area communication network to client devices, generating a plurality of key-shares from the content key, where the generating includes requiring a predetermined number of no less than two of the key-shares to reconstruct the content key, distributing respective key-shares to the client devices, where the distributing includes distributing less than the predetermined number of key-shares to the client devices, receiving a report over the wide-area communication network from a first client device indicating that while a second client device was disconnected from the wide-area communication network, the second client device requested and received at least one of the key-shares from the first client device, and determining that the second client device accessed the item of information and recording a delivery of the item of information.
Abstract translation: 一种分发加密信息的方法包括: 用内容密钥加密信息项,通过广域通信网络将加密信息项分发给客户端设备,从内容密钥生成多个密钥共享,其中生成包括需要预定数量不少于 重新构建内容密钥的两个密钥份额,将各自的密钥份额分配给客户端设备,其中分发包括向客户端设备分发少于预定数量的密钥份额,在广域上接收报告 来自第一客户端设备的通信网络,指示当第二客户端设备与广域通信网络断开连接时,第二客户端设备从第一客户端设备请求并接收至少一个密钥共享,并且确定第二客户端设备 客户端设备访问信息项并记录信息项的传送。
-
Patent Agency Ranking
公开(公告)号:US20180219682A1
公开(公告)日:2018-08-02
申请号:US15688894
申请日:2017-08-29
Applicant: Cisco Technology, Inc.
Inventor: Eliphaz HIBSHOOSH , Aviad KIPNIS , Nir MOSHE , Alon SHALTIEL , Yair FODOR
CPC classification number: H04L9/3236 , G06F21/53 , G06F21/64 , G06F2221/2149 , H04L9/3247
Abstract: In one embodiment, a method, system, and apparatus are described, the method, system, and apparatus including generating metadata to be associated with each block of a series of blocks, the generating including, except for an initial block, receiving: a first block, including a signed block, and a second block to be signed, retrieving a first value including a square of a random number, R′2, multiplying R′2 by a nonce, r, and setting r·R′2 to be a square of a first random number, denoted R2, for the second block, retrieving a second value from the first block, the second value including K-bit vector, E′, determining a bit string value of the second block, M, computing E=hash(R2∥M∥E′), and determining a signature, Sig, for the second block by calculating Sig=r Sig′ SE-E′. Related methods, systems, and apparatuses are also described.
-
公开(公告)号:US20160234010A1
公开(公告)日:2016-08-11
申请号:US15132271
申请日:2016-04-19
Applicant: Cisco Technology, Inc.
Inventor: Aviad KIPNIS , Eliphaz HIBSHOOSH
CPC classification number: H04L9/008 , G06F7/58 , G06F7/582 , H04L9/00 , H04L9/002 , H04L9/0631 , H04L9/0643 , H04L9/065 , H04L9/08 , H04L9/0869 , H04L9/302 , H04L9/3093 , H04L2209/08 , H04L2209/24
Abstract: In one embodiment, a method for reducing information leakage in order to counter side channel attacks against a secure execution environment is described, the method including receiving at the secure execution environment a first input comprising a key comprising a sequence of k input elements in a commutative ring, CR, receiving at the secure execution environment a second input comprising a text comprising a sequence of p input elements in the commutative ring, CR, defining an input INP comprising a sequence of j input elements, wherein INP comprises either one or both of the first input or the second input, performing one of a matrix randomization operation or a polynomial randomization operation on the inputs, and producing a randomized output.
Abstract translation: 在一个实施例中,描述了一种用于减少针对安全执行环境的侧向信道攻击的信息泄漏的方法,所述方法包括在安全执行环境下接收第一输入,该第一输入包括一个包含k个输入元素序列在一个可交换 环,CR,在安全执行环境处接收第二输入,第二输入包括包括交换环中的p个输入元素序列的文本CR,其定义包括j个输入元素序列的输入INP,其中INP包括以下两个中的一个或两个: 第一输入或第二输入,对输入执行矩阵随机化操作或多项式随机化操作之一,并产生随机输出。
-
公开(公告)号:US20180102903A1
公开(公告)日:2018-04-12
申请号:US15595980
申请日:2017-05-16
Applicant: Cisco Technology, Inc.
Inventor: Aviad KIPNIS , Erez WAISBARD , Eliphaz HIBSHOOSH
CPC classification number: H04L9/3247 , H04L9/0819 , H04L9/0861 , H04L9/3218 , H04L9/3236 , H04L2209/38
Abstract: In one embodiment, a first signature template is received, the first signature template being one of a signature template of a first message or a null template, the first signature template comprising at least the following fields: an aggregation depth field, a message identifier, one of the first message or a result of applying a one way hash function to the first message, a bit vector, an aggregated square random integer mod N, a signature of the first message. A second signature template is created based on the first signature template, the second signature template created as follows: increment the aggregation depth of the first signature template, determine a unique message identifier for a second message, determine a second bit vector, determine an second aggregated square random integer mod N, and calculate a new signature for the second message. Related methods, apparatus, and systems are also disclosed.
-
公开(公告)号:US20170070340A1
公开(公告)日:2017-03-09
申请号:US15068591
申请日:2016-03-13
Applicant: Cisco Technology, Inc.
Inventor: Eliphaz HIBSHOOSH , Aviad KIPNIS , Andrew SINTON
CPC classification number: H04L9/008 , H04L9/0838 , H04L9/3026
Abstract: One embodiment of the invention includes a method, including performing, a symmetric homomorphic encryption of a secret SA with a cryptographic key H as input yielding a homomorphic encryption result SA*, sending SA* for mathematical combination by at least one device with at least one secret SB yielding G*, the device A not having access to SB, the at least one device not having access to SA and not having access to H, receiving G*, performing a symmetric homomorphic decryption of data based on G* with H as input yielding a first decrypted output, determining a symmetric cryptographic key KA based on the first decrypted output for secure communication with a first device which is operationally connected to, or includes, a tamper resistant security system including SA and SB therein, securing data using KA yielding secured data, and sending the secured data to the first device.
Abstract translation: 本发明的一个实施例包括一种方法,包括以加密密钥H作为输入产生秘密SA的对称同态加密,产生同态加密结果SA *,由至少一个具有至少一个设备的装置发送用于数学组合的SA * 产生G *的设备A,无法访问SB的设备A,至少一个不具有访问SA并且不能访问H的设备,接收G *,以H为基础的G *执行数据的对称同态解密 输入产生第一解密输出,基于第一解密输出确定对称加密密钥KA,以与第一设备进行安全通信,该第一设备在操作上连接到或包括其中的SA和SB的防篡改安全系统,其中使用KA保护数据 产生安全数据,并将安全数据发送到第一设备。
-
公开(公告)号:US20160352710A1
公开(公告)日:2016-12-01
申请号:US14957627
申请日:2015-12-03
Applicant: Cisco Technology, Inc.
Inventor: Eliphaz HIBSHOOSH , Aviad KIPNIS
CPC classification number: H04L63/061 , H04L9/008 , H04L9/0841
Abstract: In one embodiment, a method for secure computation, includes receiving in a server, over a communication channel from a device external to the server a request to perform a modular exponentiation operation in which an exponent of the operation comprises a secret value, wherein the secret value is not provided to the server, and at least two parameters that encode the secret value in accordance with a polynomial or matrix homomorphic encryption of the secret value computed by the device, and performing in the server, in response to the request, a homomorphic exponentiation using the at least two parameters received from the device without decrypting the secret value in the server, so as to generate an output that is indicative of a result of the modular exponentiation operation.
Abstract translation: 在一个实施例中,一种用于安全计算的方法包括在服务器中通过来自服务器外部的设备的通信信道接收执行模幂运算的请求,其中操作指数包括秘密值,其中秘密 值不提供给服务器,以及至少两个参数,其根据由设备计算的秘密值的多项式或矩阵同态加密来编码秘密值,并且响应于该请求在服务器中执行同态 使用从设备接收的至少两个参数的乘法运算而不解密服务器中的秘密值,以便产生指示模幂运算的结果的输出。
-
-
-
-
-
Search Results
6
records
(took 0.013 seconds)
