US20110072265A1 - System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network - Google Patents
System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network Download PDFInfo
- Publication number
- US20110072265A1 US20110072265A1 US12/951,792 US95179210A US2011072265A1 US 20110072265 A1 US20110072265 A1 US 20110072265A1 US 95179210 A US95179210 A US 95179210A US 2011072265 A1 US2011072265 A1 US 2011072265A1
- Authority
- US
- United States
- Prior art keywords
- authentication
- agent
- computer
- prover
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
Definitions
- Computer systems intercommunicate via computer networks. For example, a first computer system frequently communicates with a second computer system over a computer network to obtain information.
- the computer network may include many different communication media.
- the computer network is an Ethernet local area network (“LAN”).
- the computer network is a wireless LAN.
- Information stored on the first computer system is often sensitive such that access to the information must be restricted. Accordingly, the first computer system often requires that the second computer system be authenticated before allowing the second computer system to access the information. Access to the computer network may also be restricted, requiring any computer system wishing to join the computer network to be authenticated before communicating with other devices on the network.
- Authentication typically utilizes an identification protocol that requires a computer system to identify itself with authority to access a restricted computer system.
- a first computer system may require a “password” from the second computer system to enable authentication.
- the password may be obtained by the third computer system, allowing unauthorized access by the third computer system to the first computer system.
- Identification protocols that provide authentication without transmission of a secret password, known as a ‘key’, are therefore utilized.
- a zero-knowledge identification protocol (“ZKIP”) is one example of a protocol that provides authentication without transmitting the key, thereby preventing the key from being stolen and misused.
- a single authenticator typically, in a computer network that uses authentication, there is only one authenticator that stores keys used to authenticate requests from other computer systems.
- the use of a single authenticator may result in access problems when the computer system running the authenticator fails, or where communications to the authenticator fail, for example. Where the authentication is for important data or services, failure of the authenticator may prevent access to the data or services. Further, the use of a single authenticator also causes congestion within the computer network as all authentication traffic is directed to a single location.
- a digital mobile telephone network is one example of a dynamic computer network.
- the digital mobile telephone network consists of multiple base stations that are networked together, each base station providing one or more cells for the digital telephone network.
- Each mobile telephone handset connects to, and disconnects from, these cells as the handset changes location. It is therefore important that any authentication process used within the cell network be as fast and efficient as possible.
- the authentication process is simplified, thereby making it less reliable and less secure, making the mobile telephone network highly susceptible to snooping by third parties.
- a method provides non-centralized zero knowledge authentication within a dynamic computer network.
- the dynamic computer network includes two or more authentication agents that interact with prover agents within computers wishing to gain access to the computer network.
- the prover is either authenticated, or not, without communication of a secret.
- a software product (firmware, for example) is distributed with a hardware device to provide non-centralized zero-knowledge authentication.
- the hardware device is a router connected to a network.
- the router communicates with a prover agent within a mobile computer (e.g., a laptop computer system or a mobile telephone handset) that seeks access to the network. Once the prover agent is authenticated and authorized, the router permits the mobile computer to access part of or the entire network.
- methods are provided for authentication of identity or group membership.
- One such method involves zero-knowledge authentication.
- An authentication dialog between a verifying agent (“verifier”) and an agent to be verified (“prover”) is conducted without revealing information about a secret (“secret”) that is used to prove identity (or group membership without actually disclosing prover's identity).
- Authentication is achieved when verifier asks prover I-times (I>0) to perform an action that can only be reliably performed by an entity that knows a secret.
- Prover answers verifier with results of action. If prover does not answer correctly, authentication is invalid.
- This challenge-response-validation iteration is repeated I-times to establish a sufficient level of probability that prover answered with knowledge of secret.
- One advantage of zero-knowledge authentication is inability for an eavesdropper to learn secret and steal means to prove identity to verifier. Another advantage is inability for verifier to later masquerade as a prover to a third-party.
- methods are provided to allow for greater probability of correctly authenticating prover with fewer challenge-response-validation iterations.
- One such method allows prover to have a set, greater than two, of possible answers, as is provided by Fiat-Shamir protocol. For example, a prover that answers verifier correctly with a member of set ⁇ 0, 1, 2, 3 ⁇ has a 25% chance of being incorrectly authenticated with one challenge-response-validation iteration. Following Fiat-Shamir protocol, prover will answer verifier with one of two possible answers ⁇ 0, 1 ⁇ and thereby require two challenge-response-validation iterations to achieve the same level of authentication probability.
- an authenticator agent require a prover agent to repeat an authentication protocol until a specified confidence level that a prover agent is correctly authenticated has been satisfied. For example, a confidence level of 99% may require 10 iterations, where a confidence level of 99.9999% may require 20 iterations.
- a method of protecting a host from unauthorized client access over a network includes the steps of: creating a prover agent application on the client; creating a verifier agent application on the host; and creating a trusted source application to generate and publish encrypted values of a secret and product of first and second large prime numbers.
- the encrypted values are read for the secret and product, by the provider and verifier from the trusted source.
- the secret is decrypted, by the prover and verifier, and the product is decrypted, by the prover and verifier.
- a plurality of verification dialog is performed between the prover and verifier, wherein the prover demonstrates knowledge of the secret and product without exposing the values of the secret and product.
- the client is denied access when the prover fails to demonstrate knowledge of the secret and product, and granted access when the client succeeds in demonstrating knowledge of the secret and product.
- methods are provided to validate agents without unique indicia.
- One such method allows agents to validate based on indicia that they are within a category of agents who have knowledge of secret common to all authentic agents.
- An advantage of using non-unique indicia is elimination of overhead required to generate, maintain, and validate unique indicia
- methods are provided to publish secret used to authenticate agents.
- One such method allows a trusted source to periodically update and publish the secret and product of two large prime numbers (“product”). The frequency of updates is less than the predicted length of time a malicious party could factor product or guess secret.
- Trusted source generates, encrypts, and publishes secret and product.
- Prover and verifier read encrypted values for secret and product, from trusted source, and use previous values of secret and product to decrypt new values for secret and product. Prover and verifier now have all information required to perform authentication processes.
- One advantage of using methods described above is elimination of steps required to derive keys to encrypt and decrypt messages.
- FIG. 1 is a flowchart illustrating one process for generating and publishing secret and product of two large prime numbers
- FIG. 2 shows a method of decrypting secret and product of two large prime numbers
- FIG. 3 shows a challenge-response-validation iteration process between prover and verifier agent
- FIG. 4 shows a system with three clients, each including a prover agent, and a host computer with a verifier agent.
- FIG. 5 illustrates one system for providing non-centralized zero knowledge authentication within a dynamic computer network.
- FIG. 1 shows one method 10 for generating and publishing a secret and a product of two large prime numbers.
- Method 10 is, for example, implemented by a ‘trusted’ source as described below.
- step 14 an initial value of secret s is generated from a seed value, and two large prime numbers (“p” and “q”) are randomly generated.
- step 16 calculates a current product n′ (n-prime) of the two large prime numbers p and q, and initializes previous product value n (n-not prime) as equal to n′.
- p and q are purged and made unreadable.
- step 20 current secret number s′ (s-prime) is generated to be a value relatively prime to n, greater than 0 , and less than n.
- step 24 previous secret number s (s-not prime) is set equal to s′ and n is set equal to n′.
- step 26 values for n′′ and s′′ are published. At this point, publication process is complete and process 10 waits in step 28 .
- step 28 terminates before values are likely to be compromised and process 10 is restarted at step 20 where a new s′ is generated.
- FIG. 2 shows one method 30 of decrypting secret s′′ and product n′′.
- an agent e.g., a prover agent or an authentication agent
- the agent reads values of s′′ and n′′ published by the trusted source (e.g., method 10 , FIG. 1 ).
- the trusted source e.g., method 10 , FIG. 1
- values of s′′ and n′′ are decrypted by a modulus inverse operation.
- the size of answer set (“t”) is used to determine a value (“v”) calculated as result of s′ ⁇ t mod n′′.
- Step 42 is a delay based on a specific length of time or may be triggered at the start of an authentication process (e.g., a zero-knowledge identification protocol). After the delay in step 42 , method 30 continues with step 36 and the agent will again contact the trusted source and read new values for s′′ and n′′.
- FIG. 3 shows a challenge-response-validation iteration dialog between a prover agent (shown as process 48 ) and a verifier agent (shown as process 50 ).
- Process 48 performs processing to establish a need to authenticate and begins zero-knowledge identification protocol 46 in step 52 , which may include retrieving and decrypting current values of secret s′′ and the product n′′.
- process 48 (prover) sends a signal 54 to process 50 (verifier) to begin zero-knowledge identification protocol 46 .
- process 50 (verifier) performs any initial processing, which may include retrieving and decrypting current values of secret s′′ and product n′′.
- process 50 sends signal 58 to process 48 (prover) to begin the authorization process.
- process 48 sends a signal 64 containing x to process 50 (verifier).
- process 50 (verifier) then calculates a reply value b as a member of set ⁇ 0 . . . t ⁇ 1 ⁇ .
- process 50 sends a signal 68 containing b to process 48 (prover).
- process 48 sends a signal 72 containing y to process 50 (verifier).
- Step 74 in process 50 is a decision.
- Step 78 in process 50 is a decision.
- step 78 the number of challenge-response-verification iterations is compared to the number of iterations required to establish a suitable probability of correct authentication. If the number of challenge-response-validation iterations performed is the same as the number of challenge-response-validation iterations required, and process 48 (prover) has not failed any iterations, then process 48 continues with step 82 ; otherwise process 50 sends a signal 80 to process 48 to continue with step 60 , thus beginning another challenge-response-validation iteration by repeating steps 60 through 74 .
- step 82 process 50 continues with processing appropriate for authenticated process 48 (prover) and process 50 terminates.
- step 76 process 50 (verifier) continues processing as appropriate for non-authentic agents, and process 50 terminates.
- FIG. 4 shows a system 89 with three clients 90 ( 1 - 3 ), each running a prover agent 91 ( 1 - 3 ), and a host 92 running an authentication agent 96 (verifier).
- Prover agents 91 ( 1 - 3 ) implement process 48 , FIG. 3 , for example.
- Authentication agent 96 implements process 50 , FIG. 3 , for example.
- Communication links 100 ( 1 - 3 ) establishes connectivity between clients 90 ( 1 - 3 ) and a connection module 94 within host 92 .
- client 90 ( 1 ) seeks access to secure area 98 of host 92 .
- Communication link 100 ( 1 ) establishes connectivity between client 90 ( 1 ) and connection module 94 within host 92 .
- communication link 100 ( 1 ) is a telephone dial-up connection.
- communication link 100 ( 2 ) is an Internet connection.
- authentication agent 96 (verifier) protects secure area 98 allowing access only to authenticated clients.
- Communication link 100 ( 3 ) is an Ethernet LAN connection. After client 90 ( 1 ) is authenticated by host ( 92 ), a connection 102 is established and client 90 ( 1 ) is allowed access to secure area 98 . Once this connection has been established, authentication agent 96 may distribute a new secret from trusted source 106 to prover agent 90 ( 1 ) for use in future authentication dialog.
- prover agent 90 ( 1 ) requests authentication at a future time after connection 110 has been broken
- authentication agent 96 requests credentials from prover agent 90 ( 1 ) from trusted source 106 via the hosts internal connection 104 .
- the authentication dialog may take place between client 90 ( 1 ) and host 92 to reestablish a trusted connection.
- Zero-knowledge identification protocol 46 is then performed. If zero-knowledge identification protocol 46 is successful, an access link 108 is activated to secure area 98 , and client 90 ( 1 ) may proceed with further processing. If zero-knowledge identification protocol 46 is not successful, processing continues with knowledge that client 90 ( 1 ) is not authorized and, at a minimum, client 90 ( 1 ) is inhibited from access to secure area 98 .
- FIG. 5 shows one system 500 that provides non-centralized zero-knowledge authentication within a dynamic network.
- system 500 includes two Ethernet LANs 502 and 504 that are not co-located.
- LAN 502 is connected to LAN 504 via a communication apparatus 505 that contains connection units 506 , 508 and a communication link 510 .
- Connection units 506 and 508 are, for example, routers or microwave transceivers.
- Communication link 510 is, for example, an ISDN link, the Internet, or a microwave link that provides data communication between two remote locations.
- LAN 504 is shown connected to a wireless LAN device 512 that provides wireless connectivity to mobile computers 514 and 516 .
- LAN 504 also illustratively connects to computer system 518 that includes authentication agent 520 (verifier).
- authentication agent 520 verifier
- Mobile computer 514 Before mobile computer 514 connects to LAN 504 , it is first authenticated using zero-knowledge identification protocol 46 as shown in FIG. 3 .
- Mobile computer 514 includes a prover agent 522 that interacts with authentication agent 520 to perform zero-knowledge identification protocol 46 .
- Mobile computer 516 includes a prover agent 524 that interacts with authentication agent 520 to gain authentication to access LAN 504 .
- Trusted source 106 implements process 10 , FIG. 1 , to generate a new secret s′′ and a new product n′′ periodically to prevent the malicious party compromising the values by guessing or factoring.
- computer system 536 Once computer system 536 has been authenticated and is connected to LAN 502 it receives new values for secret s′′ and product n′′, using an encrypted message based on its current values for secret s′′ and product n′′.
- integrity and security of system 500 is maintained at a high level. Only during initialization of system 500 , or when a mobile computer (e.g., mobile computers 514 , 516 ) connects to wireless LAN interface 512 and requests authentication, is a predefined secret used.
- Computer system 530 illustratively connects to LAN 502 and includes authentication agent 532 (prover).
- Computer systems 534 and 536 also connect to LAN 502 ; computer system 534 includes a prover agent 538 and computer system 536 includes a prover agent 540 .
- Prover agent 538 interacts with authentication agent 532 to authenticate computer system 534 for access to LAN 502 .
- prover agent 540 interacts with authentication agent 532 to authenticate computer system 536 for access to LAN 502 .
- Authentication agents 520 and 532 operate independently to authenticate mobile computers 514 , 516 and desktop computers 534 , 536 for access to LANs 504 and 502 , respectively.
- a computer e.g., computers 534 , 536 and mobile computers 514 and 516
- it may operate to authenticate other computers (i.e., may operate as an authentication agent).
- the computer may operate to interact with other computers seeking authentication, enabling communication between the other computers and an authentication agent.
- the network is “dynamic” in that it allows additional, flexible authentications to occur and expand the network.
- authentication software including authentication and prover agents
- each computer e.g., computers 514 , 516 , 518 , 530 , 534 , 536 ).
- a computer network includes multiple base stations that operate to provide a mobile telephone network.
- Each base station contains an authentication agent.
- Each mobile handset includes a prover agent that connects to the mobile telephone network.
- the authentication agent in the base station selected by the mobile handset interacts with the prover agent in the mobile handset. If the authentication agent is satisfied that the prover knows the secret, it becomes authenticated and authorized to use the mobile telephone network.
- the secret is never transmitted to or from the mobile handset, and therefore not susceptible to malicious snooping.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
- This application is a continuation of U.S. application Ser. No. 10/687,320, filed Oct. 16, 2003, which claims priority to U.S. Provisional Application No. 60/418,889, both of which are incorporated herein by reference.
- Computer systems intercommunicate via computer networks. For example, a first computer system frequently communicates with a second computer system over a computer network to obtain information. The computer network may include many different communication media. In one example, the computer network is an Ethernet local area network (“LAN”). In another example, the computer network is a wireless LAN. Information stored on the first computer system is often sensitive such that access to the information must be restricted. Accordingly, the first computer system often requires that the second computer system be authenticated before allowing the second computer system to access the information. Access to the computer network may also be restricted, requiring any computer system wishing to join the computer network to be authenticated before communicating with other devices on the network.
- Authentication typically utilizes an identification protocol that requires a computer system to identify itself with authority to access a restricted computer system. In one example, a first computer system may require a “password” from the second computer system to enable authentication. However, in situations where the communication between the first and second computer systems is monitored by a third computer system, the password may be obtained by the third computer system, allowing unauthorized access by the third computer system to the first computer system. Identification protocols that provide authentication without transmission of a secret password, known as a ‘key’, are therefore utilized. A zero-knowledge identification protocol (“ZKIP”) is one example of a protocol that provides authentication without transmitting the key, thereby preventing the key from being stolen and misused.
- Typically, in a computer network that uses authentication, there is only one authenticator that stores keys used to authenticate requests from other computer systems. The use of a single authenticator, however, may result in access problems when the computer system running the authenticator fails, or where communications to the authenticator fail, for example. Where the authentication is for important data or services, failure of the authenticator may prevent access to the data or services. Further, the use of a single authenticator also causes congestion within the computer network as all authentication traffic is directed to a single location.
- Where a computer network is highly scalable and dynamic it is important to authenticate each computer system as it attempts to access the computer network. A digital mobile telephone network is one example of a dynamic computer network. The digital mobile telephone network consists of multiple base stations that are networked together, each base station providing one or more cells for the digital telephone network. Each mobile telephone handset connects to, and disconnects from, these cells as the handset changes location. It is therefore important that any authentication process used within the cell network be as fast and efficient as possible. Typically, to meet speed requirements for a digital mobile telephone network, the authentication process is simplified, thereby making it less reliable and less secure, making the mobile telephone network highly susceptible to snooping by third parties.
- U.S. Pat. No. 4,748,668, titled Method, Apparatus and Article for Identification and Signature, is incorporated herein by reference.
- In one aspect, a method provides non-centralized zero knowledge authentication within a dynamic computer network. The dynamic computer network includes two or more authentication agents that interact with prover agents within computers wishing to gain access to the computer network. Using a zero-knowledge authentication protocol, the prover is either authenticated, or not, without communication of a secret.
- In another aspect, a software product (firmware, for example) is distributed with a hardware device to provide non-centralized zero-knowledge authentication. In one example, the hardware device is a router connected to a network. The router communicates with a prover agent within a mobile computer (e.g., a laptop computer system or a mobile telephone handset) that seeks access to the network. Once the prover agent is authenticated and authorized, the router permits the mobile computer to access part of or the entire network.
- In one aspect, methods are provided for authentication of identity or group membership. One such method involves zero-knowledge authentication. An authentication dialog between a verifying agent (“verifier”) and an agent to be verified (“prover”) is conducted without revealing information about a secret (“secret”) that is used to prove identity (or group membership without actually disclosing prover's identity). Authentication is achieved when verifier asks prover I-times (I>0) to perform an action that can only be reliably performed by an entity that knows a secret. Prover answers verifier with results of action. If prover does not answer correctly, authentication is invalid. This challenge-response-validation iteration is repeated I-times to establish a sufficient level of probability that prover answered with knowledge of secret. One advantage of zero-knowledge authentication is inability for an eavesdropper to learn secret and steal means to prove identity to verifier. Another advantage is inability for verifier to later masquerade as a prover to a third-party.
- In another aspect, methods are provided to allow for greater probability of correctly authenticating prover with fewer challenge-response-validation iterations. One such method allows prover to have a set, greater than two, of possible answers, as is provided by Fiat-Shamir protocol. For example, a prover that answers verifier correctly with a member of set {0, 1, 2, 3} has a 25% chance of being incorrectly authenticated with one challenge-response-validation iteration. Following Fiat-Shamir protocol, prover will answer verifier with one of two possible answers {0, 1} and thereby require two challenge-response-validation iterations to achieve the same level of authentication probability.
- In another aspect, an authenticator agent require a prover agent to repeat an authentication protocol until a specified confidence level that a prover agent is correctly authenticated has been satisfied. For example, a confidence level of 99% may require 10 iterations, where a confidence level of 99.9999% may require 20 iterations.
- In another aspect, a method of protecting a host from unauthorized client access over a network includes the steps of: creating a prover agent application on the client; creating a verifier agent application on the host; and creating a trusted source application to generate and publish encrypted values of a secret and product of first and second large prime numbers. The encrypted values are read for the secret and product, by the provider and verifier from the trusted source. The secret is decrypted, by the prover and verifier, and the product is decrypted, by the prover and verifier. A plurality of verification dialog is performed between the prover and verifier, wherein the prover demonstrates knowledge of the secret and product without exposing the values of the secret and product. The client is denied access when the prover fails to demonstrate knowledge of the secret and product, and granted access when the client succeeds in demonstrating knowledge of the secret and product.
- In another aspect, methods are provided to validate agents without unique indicia. One such method allows agents to validate based on indicia that they are within a category of agents who have knowledge of secret common to all authentic agents. An advantage of using non-unique indicia is elimination of overhead required to generate, maintain, and validate unique indicia
- In another aspect, methods are provided to publish secret used to authenticate agents. One such method allows a trusted source to periodically update and publish the secret and product of two large prime numbers (“product”). The frequency of updates is less than the predicted length of time a malicious party could factor product or guess secret. Trusted source generates, encrypts, and publishes secret and product. Prover and verifier read encrypted values for secret and product, from trusted source, and use previous values of secret and product to decrypt new values for secret and product. Prover and verifier now have all information required to perform authentication processes.
- One advantage of using methods described above is elimination of steps required to derive keys to encrypt and decrypt messages.
-
FIG. 1 is a flowchart illustrating one process for generating and publishing secret and product of two large prime numbers; -
FIG. 2 shows a method of decrypting secret and product of two large prime numbers; -
FIG. 3 shows a challenge-response-validation iteration process between prover and verifier agent; and -
FIG. 4 shows a system with three clients, each including a prover agent, and a host computer with a verifier agent. -
FIG. 5 illustrates one system for providing non-centralized zero knowledge authentication within a dynamic computer network. -
FIG. 1 shows onemethod 10 for generating and publishing a secret and a product of two large prime numbers.Method 10 is, for example, implemented by a ‘trusted’ source as described below. Instep 14, an initial value of secret s is generated from a seed value, and two large prime numbers (“p” and “q”) are randomly generated. Step 16 calculates a current product n′ (n-prime) of the two large prime numbers p and q, and initializes previous product value n (n-not prime) as equal to n′. Instep 18, p and q are purged and made unreadable. Instep 20, current secret number s′ (s-prime) is generated to be a value relatively prime to n, greater than 0, and less than n. Instep 22, values for encrypted secret s″ (s-double prime) and encrypted product of two large numbers n″ (n-double prime) are generated as: s″=s′s mod n, and n″=n′s mod n. Instep 24, previous secret number s (s-not prime) is set equal to s′ and n is set equal to n′. Instep 26, values for n″ and s″ are published. At this point, publication process is complete andprocess 10 waits instep 28. - Values for s″ and n″ may become compromised by a malicious party that is able to factor or guess values. Therefore, the delay in
step 28 terminates before values are likely to be compromised andprocess 10 is restarted atstep 20 where a new s′ is generated. -
FIG. 2 shows onemethod 30 of decrypting secret s″ and product n″. Instep 34, an agent (e.g., a prover agent or an authentication agent) is created with an initial value for s and n. Instep 36, the agent reads values of s″ and n″ published by the trusted source (e.g.,method 10,FIG. 1 ). Instep 38, values of s″ and n″ are decrypted by a modulus inverse operation. Instep 40, the size of answer set (“t”) is used to determine a value (“v”) calculated as result of s′̂t mod n″. - At this point, prover and verifier agents have data required to perform authentication. Because values for s″ and n″ published by trusted source periodically change, updated values for s″ and n″ will be retrieved.
Step 42 is a delay based on a specific length of time or may be triggered at the start of an authentication process (e.g., a zero-knowledge identification protocol). After the delay instep 42,method 30 continues withstep 36 and the agent will again contact the trusted source and read new values for s″ and n″. -
FIG. 3 shows a challenge-response-validation iteration dialog between a prover agent (shown as process 48) and a verifier agent (shown as process 50).Process 48 performs processing to establish a need to authenticate and begins zero-knowledge identification protocol 46 instep 52, which may include retrieving and decrypting current values of secret s″ and the product n″. Instep 52, process 48 (prover) sends asignal 54 to process 50 (verifier) to begin zero-knowledge identification protocol 46. Instep 56, process 50 (verifier) performs any initial processing, which may include retrieving and decrypting current values of secret s″ and product n″. instep 56,process 50 sendssignal 58 to process 48 (prover) to begin the authorization process. Instep 60, process 48 (prover) generates a random number (“r”). Random number r is then used, instep 62, to generate a number x such that x=r̂t mod n. Instep 62,process 48 sends a signal 64 containing x to process 50 (verifier). Instep 66, process 50 (verifier) then calculates a reply value b as a member of set {0 . . . t−1}. Instep 66,process 50 sends asignal 68 containing b to process 48 (prover). Instep 70, process 48 (prover) uses b to calculate a number y such that y=rŝb. Instep 70,process 48 sends asignal 72 containing y to process 50 (verifier).Step 74 inprocess 50 is a decision. Instep 74,process 50 performs a test to determine if process 48 (prover) has passed this iteration of zero-knowledge identification protocol 46. If ŷt mod n=(xv̂b) mod n and y<>0, then process 50 continues withstep 78; otherwiseprocess 50 continues withstep 76.Step 78 inprocess 50 is a decision. Instep 78, the number of challenge-response-verification iterations is compared to the number of iterations required to establish a suitable probability of correct authentication. If the number of challenge-response-validation iterations performed is the same as the number of challenge-response-validation iterations required, and process 48 (prover) has not failed any iterations, then process 48 continues withstep 82; otherwiseprocess 50 sends asignal 80 to process 48 to continue withstep 60, thus beginning another challenge-response-validation iteration by repeatingsteps 60 through 74. - In
step 82,process 50 continues with processing appropriate for authenticated process 48 (prover) andprocess 50 terminates. Instep 76, process 50 (verifier) continues processing as appropriate for non-authentic agents, andprocess 50 terminates. -
FIG. 4 shows asystem 89 with three clients 90(1-3), each running a prover agent 91(1-3), and ahost 92 running an authentication agent 96 (verifier). Prover agents 91(1-3) implementprocess 48,FIG. 3 , for example.Authentication agent 96implements process 50,FIG. 3 , for example. Communication links 100(1-3) establishes connectivity between clients 90(1-3) and aconnection module 94 withinhost 92. Insystem 89, client 90(1) seeks access to securearea 98 ofhost 92. Communication link 100(1) establishes connectivity between client 90(1) andconnection module 94 withinhost 92. In one example, communication link 100(1) is a telephone dial-up connection. In another example, communication link 100(2) is an Internet connection. In another example, authentication agent 96 (verifier) protectssecure area 98 allowing access only to authenticated clients. Communication link 100(3) is an Ethernet LAN connection. After client 90(1) is authenticated by host (92), aconnection 102 is established and client 90(1) is allowed access to securearea 98. Once this connection has been established,authentication agent 96 may distribute a new secret from trustedsource 106 to prover agent 90(1) for use in future authentication dialog. When prover agent 90(1) requests authentication at a future time afterconnection 110 has been broken,authentication agent 96 requests credentials from prover agent 90(1) from trustedsource 106 via the hostsinternal connection 104. At this point the authentication dialog may take place between client 90(1) andhost 92 to reestablish a trusted connection. - Zero-
knowledge identification protocol 46,FIG. 3 , is then performed. If zero-knowledge identification protocol 46 is successful, anaccess link 108 is activated to securearea 98, and client 90(1) may proceed with further processing. If zero-knowledge identification protocol 46 is not successful, processing continues with knowledge that client 90(1) is not authorized and, at a minimum, client 90(1) is inhibited from access tosecure area 98. -
FIG. 5 shows onesystem 500 that provides non-centralized zero-knowledge authentication within a dynamic network. Illustratively,system 500 includes twoEthernet LANs LAN 502 is connected toLAN 504 via acommunication apparatus 505 that containsconnection units communication link 510.Connection units Communication link 510 is, for example, an ISDN link, the Internet, or a microwave link that provides data communication between two remote locations. -
LAN 504 is shown connected to awireless LAN device 512 that provides wireless connectivity tomobile computers LAN 504 also illustratively connects tocomputer system 518 that includes authentication agent 520 (verifier). Beforemobile computer 514 connects toLAN 504, it is first authenticated using zero-knowledge identification protocol 46 as shown inFIG. 3 .Mobile computer 514 includes aprover agent 522 that interacts withauthentication agent 520 to perform zero-knowledge identification protocol 46.Mobile computer 516 includes aprover agent 524 that interacts withauthentication agent 520 to gain authentication to accessLAN 504. -
Trusted source 106,FIG. 4 , implementsprocess 10,FIG. 1 , to generate a new secret s″ and a new product n″ periodically to prevent the malicious party compromising the values by guessing or factoring. Thus, oncecomputer system 536 has been authenticated and is connected toLAN 502 it receives new values for secret s″ and product n″, using an encrypted message based on its current values for secret s″ and product n″. Thus, integrity and security ofsystem 500 is maintained at a high level. Only during initialization ofsystem 500, or when a mobile computer (e.g.,mobile computers 514, 516) connects towireless LAN interface 512 and requests authentication, is a predefined secret used. -
Computer system 530 illustratively connects toLAN 502 and includes authentication agent 532 (prover).Computer systems LAN 502;computer system 534 includes aprover agent 538 andcomputer system 536 includes aprover agent 540.Prover agent 538 interacts with authentication agent 532 to authenticatecomputer system 534 for access toLAN 502. Similarly,prover agent 540 interacts with authentication agent 532 to authenticatecomputer system 536 for access toLAN 502. -
Authentication agents 520 and 532 operate independently to authenticatemobile computers desktop computers LANs computers mobile computers 514 and 516) is authenticated and remains connected withinsystem 500, it may operate to authenticate other computers (i.e., may operate as an authentication agent). Further, once authenticated and connected withinsystem 500, the computer may operate to interact with other computers seeking authentication, enabling communication between the other computers and an authentication agent. - For example, and with reference to
FIG. 5 , considercomputer LANs computer other computer authentication agent 520 andprover agent computers - In one example, a computer network includes multiple base stations that operate to provide a mobile telephone network. Each base station contains an authentication agent. Each mobile handset includes a prover agent that connects to the mobile telephone network. Before the mobile handset is allowed to use any services of the mobile telephone network, the authentication agent in the base station selected by the mobile handset interacts with the prover agent in the mobile handset. If the authentication agent is satisfied that the prover knows the secret, it becomes authenticated and authorized to use the mobile telephone network. By using a ZKIP, the secret is never transmitted to or from the mobile handset, and therefore not susceptible to malicious snooping.
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/951,792 US20110072265A1 (en) | 2002-10-16 | 2010-11-22 | System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US41888902P | 2002-10-16 | 2002-10-16 | |
US10/687,320 US7840806B2 (en) | 2002-10-16 | 2003-10-16 | System and method of non-centralized zero knowledge authentication for a computer network |
US12/951,792 US20110072265A1 (en) | 2002-10-16 | 2010-11-22 | System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/687,320 Continuation US7840806B2 (en) | 2002-10-16 | 2003-10-16 | System and method of non-centralized zero knowledge authentication for a computer network |
Publications (1)
Publication Number | Publication Date |
---|---|
US20110072265A1 true US20110072265A1 (en) | 2011-03-24 |
Family
ID=32599968
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/687,320 Active - Reinstated 2028-06-19 US7840806B2 (en) | 2002-10-16 | 2003-10-16 | System and method of non-centralized zero knowledge authentication for a computer network |
US12/951,792 Abandoned US20110072265A1 (en) | 2002-10-16 | 2010-11-22 | System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/687,320 Active - Reinstated 2028-06-19 US7840806B2 (en) | 2002-10-16 | 2003-10-16 | System and method of non-centralized zero knowledge authentication for a computer network |
Country Status (1)
Country | Link |
---|---|
US (2) | US7840806B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170186260A1 (en) * | 2014-06-17 | 2017-06-29 | Juan José Bermúdez | Anonymous and secure electronic voting system for use in open networks |
WO2020101471A1 (en) * | 2018-11-14 | 2020-05-22 | Mimos Berhad | Secure framework for transaction signing |
Families Citing this family (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7457967B2 (en) * | 2002-02-28 | 2008-11-25 | The Directv Group, Inc. | Hidden identification |
US8146160B2 (en) * | 2004-03-24 | 2012-03-27 | Arbor Networks, Inc. | Method and system for authentication event security policy generation |
JP2008545323A (en) * | 2005-07-07 | 2008-12-11 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Method, apparatus and system for verifying authenticity of an object |
US7978848B2 (en) * | 2007-01-09 | 2011-07-12 | Microsoft Corporation | Content encryption schema for integrating digital rights management with encrypted multicast |
US9734496B2 (en) * | 2009-05-29 | 2017-08-15 | Paypal, Inc. | Trusted remote attestation agent (TRAA) |
WO2011047085A2 (en) * | 2009-10-13 | 2011-04-21 | Certimix, Inc. | Method and apparatus for efficient and secure creating transferring, and revealing of messages over a network |
US8862879B2 (en) * | 2009-10-13 | 2014-10-14 | Sergio Demian LERNER | Method and apparatus for efficient and secure creating, transferring, and revealing of messages over a network |
US11223619B2 (en) * | 2010-11-29 | 2022-01-11 | Biocatch Ltd. | Device, system, and method of user authentication based on user-specific characteristics of task performance |
US10747305B2 (en) | 2010-11-29 | 2020-08-18 | Biocatch Ltd. | Method, system, and device of authenticating identity of a user of an electronic device |
US10970394B2 (en) | 2017-11-21 | 2021-04-06 | Biocatch Ltd. | System, device, and method of detecting vishing attacks |
US10728761B2 (en) | 2010-11-29 | 2020-07-28 | Biocatch Ltd. | Method, device, and system of detecting a lie of a user who inputs data |
US10949757B2 (en) | 2010-11-29 | 2021-03-16 | Biocatch Ltd. | System, device, and method of detecting user identity based on motor-control loop model |
US10586036B2 (en) | 2010-11-29 | 2020-03-10 | Biocatch Ltd. | System, device, and method of recovery and resetting of user authentication factor |
US10621585B2 (en) | 2010-11-29 | 2020-04-14 | Biocatch Ltd. | Contextual mapping of web-pages, and generation of fraud-relatedness score-values |
US11210674B2 (en) | 2010-11-29 | 2021-12-28 | Biocatch Ltd. | Method, device, and system of detecting mule accounts and accounts used for money laundering |
US10949514B2 (en) | 2010-11-29 | 2021-03-16 | Biocatch Ltd. | Device, system, and method of differentiating among users based on detection of hardware components |
US20190158535A1 (en) * | 2017-11-21 | 2019-05-23 | Biocatch Ltd. | Device, System, and Method of Detecting Vishing Attacks |
US10776476B2 (en) | 2010-11-29 | 2020-09-15 | Biocatch Ltd. | System, device, and method of visual login |
US10917431B2 (en) | 2010-11-29 | 2021-02-09 | Biocatch Ltd. | System, method, and device of authenticating a user based on selfie image or selfie video |
US11269977B2 (en) | 2010-11-29 | 2022-03-08 | Biocatch Ltd. | System, apparatus, and method of collecting and processing data in electronic devices |
US10262324B2 (en) | 2010-11-29 | 2019-04-16 | Biocatch Ltd. | System, device, and method of differentiating among users based on user-specific page navigation sequence |
US10685355B2 (en) | 2016-12-04 | 2020-06-16 | Biocatch Ltd. | Method, device, and system of detecting mule accounts and accounts used for money laundering |
US10474815B2 (en) | 2010-11-29 | 2019-11-12 | Biocatch Ltd. | System, device, and method of detecting malicious automatic script and code injection |
US10834590B2 (en) | 2010-11-29 | 2020-11-10 | Biocatch Ltd. | Method, device, and system of differentiating between a cyber-attacker and a legitimate user |
US10476873B2 (en) * | 2010-11-29 | 2019-11-12 | Biocatch Ltd. | Device, system, and method of password-less user authentication and password-less detection of user identity |
US20240080339A1 (en) * | 2010-11-29 | 2024-03-07 | Biocatch Ltd. | Device, System, and Method of Detecting Vishing Attacks |
US10404729B2 (en) | 2010-11-29 | 2019-09-03 | Biocatch Ltd. | Device, method, and system of generating fraud-alerts for cyber-attacks |
US10298614B2 (en) * | 2010-11-29 | 2019-05-21 | Biocatch Ltd. | System, device, and method of generating and managing behavioral biometric cookies |
US10069837B2 (en) | 2015-07-09 | 2018-09-04 | Biocatch Ltd. | Detection of proxy server |
US10897482B2 (en) | 2010-11-29 | 2021-01-19 | Biocatch Ltd. | Method, device, and system of back-coloring, forward-coloring, and fraud detection |
US11277412B2 (en) | 2018-05-28 | 2022-03-15 | Royal Bank Of Canada | System and method for storing and distributing consumer information |
GB201309702D0 (en) * | 2013-05-30 | 2013-07-17 | Certivox Ltd | Security |
US9189617B2 (en) * | 2013-09-27 | 2015-11-17 | Intel Corporation | Apparatus and method for implementing zero-knowledge proof security techniques on a computing platform |
US9497178B2 (en) | 2013-12-31 | 2016-11-15 | International Business Machines Corporation | Generating challenge response sets utilizing semantic web technology |
GB2527603B (en) * | 2014-06-27 | 2016-08-10 | Ibm | Backup and invalidation of authentication credentials |
GB2539705B (en) | 2015-06-25 | 2017-10-25 | Aimbrain Solutions Ltd | Conditional behavioural biometrics |
GB2552032B (en) | 2016-07-08 | 2019-05-22 | Aimbrain Solutions Ltd | Step-up authentication |
US10579784B2 (en) | 2016-11-02 | 2020-03-03 | Biocatch Ltd. | System, device, and method of secure utilization of fingerprints for user authentication |
US10880089B2 (en) * | 2017-03-15 | 2020-12-29 | NuID, Inc. | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication |
US10587411B2 (en) * | 2017-04-11 | 2020-03-10 | International Business Machines Corporation | Zero-knowledge verifiably attestable transaction containers using secure processors |
US10397262B2 (en) | 2017-07-20 | 2019-08-27 | Biocatch Ltd. | Device, system, and method of detecting overlay malware |
CA3048425A1 (en) * | 2018-07-03 | 2020-01-03 | Royal Bank Of Canada | System and method for an electronic identity brokerage |
US11356262B2 (en) | 2018-07-03 | 2022-06-07 | Royal Bank Of Canada | System and method for anonymous location verification |
US11716617B2 (en) * | 2019-05-02 | 2023-08-01 | Ares Technologies, Inc. | Systems and methods for cryptographic authorization of wireless communications |
CN110289950B (en) * | 2019-05-29 | 2021-11-09 | 北京链化未来科技有限公司 | Key information generation method and device |
CN111211908B (en) * | 2019-12-25 | 2023-03-03 | 深圳供电局有限公司 | Access control method, system, computer device and storage medium |
US11538019B1 (en) * | 2020-06-05 | 2022-12-27 | American Express Travel Related Services Company, Inc. | Zero-knowledge proof-based virtual cards |
US11606353B2 (en) | 2021-07-22 | 2023-03-14 | Biocatch Ltd. | System, device, and method of generating and utilizing one-time passwords |
US11968215B2 (en) | 2021-12-16 | 2024-04-23 | Bank Of America Corporation | Distributed sensor grid for intelligent proximity-based clustering and authentication |
Citations (82)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4748668A (en) * | 1986-07-09 | 1988-05-31 | Yeda Research And Development Company Limited | Method, apparatus and article for identification and signature |
US4926479A (en) * | 1988-04-29 | 1990-05-15 | Massachusetts Institute Of Technology | Multiprover interactive verification system |
US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
US4969189A (en) * | 1988-06-25 | 1990-11-06 | Nippon Telegraph & Telephone Corporation | Authentication system and apparatus therefor |
US5136642A (en) * | 1990-06-01 | 1992-08-04 | Kabushiki Kaisha Toshiba | Cryptographic communication method and cryptographic communication device |
US5140634A (en) * | 1987-09-07 | 1992-08-18 | U.S Philips Corporation | Method and apparatus for authenticating accreditations and for authenticating and signing messages |
US5146500A (en) * | 1991-03-14 | 1992-09-08 | Omnisec A.G. | Public key cryptographic system using elliptic curves over rings |
US5245657A (en) * | 1991-07-08 | 1993-09-14 | Mitsubishi Denki Kabushiki Kaisha | Verification method and apparatus |
US5581615A (en) * | 1993-12-30 | 1996-12-03 | Stern; Jacques | Scheme for authentication of at least one prover by a verifier |
US5600725A (en) * | 1993-08-17 | 1997-02-04 | R3 Security Engineering Ag | Digital signature method and key agreement method |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5666419A (en) * | 1993-11-30 | 1997-09-09 | Canon Kabushiki Kaisha | Encryption device and communication apparatus using same |
US5987138A (en) * | 1996-04-09 | 1999-11-16 | France Telecom | Identification and/or signature process |
US6011848A (en) * | 1994-03-07 | 2000-01-04 | Nippon Telegraph And Telephone Corporation | Method and system for message delivery utilizing zero knowledge interactive proof protocol |
US6069647A (en) * | 1998-01-29 | 2000-05-30 | Intel Corporation | Conditional access and content security method |
US6076163A (en) * | 1997-10-20 | 2000-06-13 | Rsa Security Inc. | Secure user identification based on constrained polynomials |
US6122742A (en) * | 1997-06-18 | 2000-09-19 | Young; Adam Lucas | Auto-recoverable and auto-certifiable cryptosystem with unescrowed signing keys |
US6154841A (en) * | 1996-04-26 | 2000-11-28 | Canon Kabushiki Kaisha | Digital signature method and communication system |
US6189098B1 (en) * | 1996-05-15 | 2001-02-13 | Rsa Security Inc. | Client/server protocol for proving authenticity |
US20010005887A1 (en) * | 1997-05-13 | 2001-06-28 | Passlogix Inc | Generalized user identification and authentication system |
US6263446B1 (en) * | 1997-12-23 | 2001-07-17 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
US6282295B1 (en) * | 1997-10-28 | 2001-08-28 | Adam Lucas Young | Auto-recoverable and auto-certifiable cryptostem using zero-knowledge proofs for key escrow in general exponential ciphers |
US20010023487A1 (en) * | 2000-03-15 | 2001-09-20 | Akiko Kawamoto | Multicast system, authentication server terminal, multicast receiver terminal controlling method, and storage medium |
US6298441B1 (en) * | 1994-03-10 | 2001-10-02 | News Datacom Ltd. | Secure document access system |
US20010038696A1 (en) * | 1998-05-22 | 2001-11-08 | Yair Frankel | Robust efficient distributed RSA-key generation |
US20010044895A1 (en) * | 2000-03-31 | 2001-11-22 | International Business Machines Corporation | User authentication method, and storage medium, apparatus and system therefor |
US20010044865A1 (en) * | 2000-03-10 | 2001-11-22 | Richard Croyle | Transceiver interface reduction |
US20020007457A1 (en) * | 2000-03-24 | 2002-01-17 | C. Andrew Neff | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US6389536B1 (en) * | 1998-02-09 | 2002-05-14 | Fuji Xerox Co., Ltd. | Device for verifying use qualifications |
US6389136B1 (en) * | 1997-05-28 | 2002-05-14 | Adam Lucas Young | Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys |
US20020067832A1 (en) * | 2000-06-05 | 2002-06-06 | Jablon David P. | Systems, methods and software for remote password authentication using multiple servers |
US6411715B1 (en) * | 1997-11-10 | 2002-06-25 | Rsa Security, Inc. | Methods and apparatus for verifying the cryptographic security of a selected private and public key pair without knowing the private key |
US20020083332A1 (en) * | 2000-12-22 | 2002-06-27 | Grawrock David W. | Creation and distribution of a secret value between two devices |
US20020087865A1 (en) * | 2000-11-13 | 2002-07-04 | Ahmet Eskicioglu | Threshold cryptography scheme for message authentication systems |
US20020136401A1 (en) * | 2000-07-25 | 2002-09-26 | Jeffrey Hoffstein | Digital signature and authentication method and apparatus |
US20020188605A1 (en) * | 2001-03-26 | 2002-12-12 | Atul Adya | Serverless distributed file system |
US20030048909A1 (en) * | 2001-06-26 | 2003-03-13 | Mackenzie Philip D. | Methods and apparatus for delegation of cryptographic servers for capture-resilient devices |
US20030065692A1 (en) * | 2001-08-07 | 2003-04-03 | Nec Corporation | Zero-knowledge proving system and method |
US20030093678A1 (en) * | 2001-04-23 | 2003-05-15 | Bowe John J. | Server-side digital signature system |
US6567916B1 (en) * | 1998-02-12 | 2003-05-20 | Fuji Xerox Co., Ltd. | Method and device for authentication |
US20030115464A1 (en) * | 2001-12-19 | 2003-06-19 | Nyang Dae Hun | Method of designing password-based authentication and key exchange protocol using zero-knowledge interactive proof |
US20030120929A1 (en) * | 2001-12-07 | 2003-06-26 | Ntru Cryptosystems, Incorporated | Digital signature and authentication method and apparatus |
US20030158960A1 (en) * | 2000-05-22 | 2003-08-21 | Engberg Stephan J. | System and method for establishing a privacy communication path |
US20030172284A1 (en) * | 2000-05-26 | 2003-09-11 | Josef Kittler | Personal identity authenticatication process and system |
US20030177352A1 (en) * | 2001-12-21 | 2003-09-18 | International Business Machines Corporation | Revocation of anonymous certificates, credentials, and access rights |
US20030182559A1 (en) * | 2002-03-22 | 2003-09-25 | Ian Curry | Secure communication apparatus and method for facilitating recipient and sender activity delegation |
US20030196106A1 (en) * | 2002-04-12 | 2003-10-16 | Shervin Erfani | Multiple-use smart card with security features and method |
US6651167B1 (en) * | 1997-10-17 | 2003-11-18 | Fuji Xerox, Co., Ltd. | Authentication method and system employing secret functions in finite Abelian group |
US20040006650A1 (en) * | 2002-06-21 | 2004-01-08 | Microsoft Corporation | Method for multicasting a message on a computer network |
US20040008845A1 (en) * | 2002-07-15 | 2004-01-15 | Franck Le | IPv6 address ownership solution based on zero-knowledge identification protocols or based on one time password |
US20040015719A1 (en) * | 2002-07-16 | 2004-01-22 | Dae-Hyung Lee | Intelligent security engine and intelligent and integrated security system using the same |
US20040028221A1 (en) * | 2000-05-17 | 2004-02-12 | Martin Seysen | Cryptographic method and cryptographic device |
US20040034774A1 (en) * | 2002-08-15 | 2004-02-19 | Le Saint Eric F. | System and method for privilege delegation and control |
US20040054885A1 (en) * | 2002-09-18 | 2004-03-18 | Bartram Linda Ruth | Peer-to-peer authentication for real-time collaboration |
US20040073795A1 (en) * | 2002-10-10 | 2004-04-15 | Jablon David P. | Systems and methods for password-based connection |
US20040073801A1 (en) * | 2002-10-14 | 2004-04-15 | Kabushiki Kaisha Toshiba | Methods and systems for flexible delegation |
US20040103281A1 (en) * | 2002-11-27 | 2004-05-27 | Brickell Ernie F. | System and method for establishing trust without revealing identity |
US20040123141A1 (en) * | 2002-12-18 | 2004-06-24 | Satyendra Yadav | Multi-tier intrusion detection system |
US20040133781A1 (en) * | 2001-03-12 | 2004-07-08 | Louis Guillou | Cryptographic authentication with ephemeral modules |
US20040177252A1 (en) * | 2001-06-27 | 2004-09-09 | Luc Vallee | Cryptographic authentication process |
US20050069135A1 (en) * | 2003-09-30 | 2005-03-31 | Brickell Ernie F. | Platform and method for establishing trust without revealing identity |
US6889322B1 (en) * | 1999-02-18 | 2005-05-03 | Nds Ltd. | Identification protocols |
US6937728B1 (en) * | 1999-05-19 | 2005-08-30 | Nippon Telegraph And Telephone Corporation | Verifiable anonymous channel |
US6952476B1 (en) * | 1999-02-08 | 2005-10-04 | Hewlett-Packard Development Company, L.P. | Verification of the private components of a public-key cryptographic system |
US20050265550A1 (en) * | 2002-03-13 | 2005-12-01 | Koninklijke Philips Electronics N.V. | Polynomial-based multi-user key generation and authentication method and system |
US6978372B1 (en) * | 1999-05-20 | 2005-12-20 | Lucent Technologies Inc. | Verification of correct exponentiation or other operations in cryptographic applications |
US7007301B2 (en) * | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
US7028338B1 (en) * | 2001-12-18 | 2006-04-11 | Sprint Spectrum L.P. | System, computer program, and method of cooperative response to threat to domain security |
US7031470B1 (en) * | 1998-01-22 | 2006-04-18 | Nds Limited | Protection of data on media recording disks |
US7047408B1 (en) * | 2000-03-17 | 2006-05-16 | Lucent Technologies Inc. | Secure mutual network authentication and key exchange protocol |
US7058808B1 (en) * | 1998-09-29 | 2006-06-06 | Cyphermint, Inc. | Method for making a blind RSA-signature and apparatus therefor |
US7058968B2 (en) * | 2001-01-10 | 2006-06-06 | Cisco Technology, Inc. | Computer security and management system |
US7085936B1 (en) * | 1999-08-30 | 2006-08-01 | Symantec Corporation | System and method for using login correlations to detect intrusions |
US7096499B2 (en) * | 1999-05-11 | 2006-08-22 | Cylant, Inc. | Method and system for simplifying the structure of dynamic execution profiles |
US7181768B1 (en) * | 1999-10-28 | 2007-02-20 | Cigital | Computer intrusion detection system and method based on application monitoring |
US7184547B1 (en) * | 1999-01-27 | 2007-02-27 | France Telecom | Authenticating or signature method with reduced computations |
US7219239B1 (en) * | 2002-12-02 | 2007-05-15 | Arcsight, Inc. | Method for batching events for transmission by software agent |
US7222362B1 (en) * | 2000-05-15 | 2007-05-22 | International Business Machines Corporation | Non-transferable anonymous credentials |
US7260716B1 (en) * | 1999-09-29 | 2007-08-21 | Cisco Technology, Inc. | Method for overcoming the single point of failure of the central group controller in a binary tree group key exchange approach |
US7305705B2 (en) * | 2003-06-30 | 2007-12-04 | Microsoft Corporation | Reducing network configuration complexity with transparent virtual private networks |
US7370358B2 (en) * | 2001-09-28 | 2008-05-06 | British Telecommunications Public Limited Company | Agent-based intrusion detection system |
US7747857B2 (en) * | 2004-12-17 | 2010-06-29 | Ntt Docomo, Inc. | Use of modular roots to perform authentication including, but not limited to, authentication of validity of digital certificates |
-
2003
- 2003-10-16 US US10/687,320 patent/US7840806B2/en active Active - Reinstated
-
2010
- 2010-11-22 US US12/951,792 patent/US20110072265A1/en not_active Abandoned
Patent Citations (97)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4748668A (en) * | 1986-07-09 | 1988-05-31 | Yeda Research And Development Company Limited | Method, apparatus and article for identification and signature |
US5140634A (en) * | 1987-09-07 | 1992-08-18 | U.S Philips Corporation | Method and apparatus for authenticating accreditations and for authenticating and signing messages |
US4926479A (en) * | 1988-04-29 | 1990-05-15 | Massachusetts Institute Of Technology | Multiprover interactive verification system |
US4969189A (en) * | 1988-06-25 | 1990-11-06 | Nippon Telegraph & Telephone Corporation | Authentication system and apparatus therefor |
US4956863A (en) * | 1989-04-17 | 1990-09-11 | Trw Inc. | Cryptographic method and apparatus for public key exchange with authentication |
US5136642A (en) * | 1990-06-01 | 1992-08-04 | Kabushiki Kaisha Toshiba | Cryptographic communication method and cryptographic communication device |
US5146500A (en) * | 1991-03-14 | 1992-09-08 | Omnisec A.G. | Public key cryptographic system using elliptic curves over rings |
US5245657A (en) * | 1991-07-08 | 1993-09-14 | Mitsubishi Denki Kabushiki Kaisha | Verification method and apparatus |
US5600725A (en) * | 1993-08-17 | 1997-02-04 | R3 Security Engineering Ag | Digital signature method and key agreement method |
US5666419A (en) * | 1993-11-30 | 1997-09-09 | Canon Kabushiki Kaisha | Encryption device and communication apparatus using same |
US5581615A (en) * | 1993-12-30 | 1996-12-03 | Stern; Jacques | Scheme for authentication of at least one prover by a verifier |
US6011848A (en) * | 1994-03-07 | 2000-01-04 | Nippon Telegraph And Telephone Corporation | Method and system for message delivery utilizing zero knowledge interactive proof protocol |
US6044463A (en) * | 1994-03-07 | 2000-03-28 | Nippon Telegraph And Telephone Corporation | Method and system for message delivery utilizing zero knowledge interactive proof protocol |
US6298441B1 (en) * | 1994-03-10 | 2001-10-02 | News Datacom Ltd. | Secure document access system |
US20010042049A1 (en) * | 1994-10-03 | 2001-11-15 | News Datacom Ltd. | Secure document access system |
US5606617A (en) * | 1994-10-14 | 1997-02-25 | Brands; Stefanus A. | Secret-key certificates |
US5987138A (en) * | 1996-04-09 | 1999-11-16 | France Telecom | Identification and/or signature process |
US6154841A (en) * | 1996-04-26 | 2000-11-28 | Canon Kabushiki Kaisha | Digital signature method and communication system |
US6189098B1 (en) * | 1996-05-15 | 2001-02-13 | Rsa Security Inc. | Client/server protocol for proving authenticity |
US20010005887A1 (en) * | 1997-05-13 | 2001-06-28 | Passlogix Inc | Generalized user identification and authentication system |
US6327659B2 (en) * | 1997-05-13 | 2001-12-04 | Passlogix, Inc. | Generalized user identification and authentication system |
US6389136B1 (en) * | 1997-05-28 | 2002-05-14 | Adam Lucas Young | Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys |
US6122742A (en) * | 1997-06-18 | 2000-09-19 | Young; Adam Lucas | Auto-recoverable and auto-certifiable cryptosystem with unescrowed signing keys |
US6651167B1 (en) * | 1997-10-17 | 2003-11-18 | Fuji Xerox, Co., Ltd. | Authentication method and system employing secret functions in finite Abelian group |
US6076163A (en) * | 1997-10-20 | 2000-06-13 | Rsa Security Inc. | Secure user identification based on constrained polynomials |
US6282295B1 (en) * | 1997-10-28 | 2001-08-28 | Adam Lucas Young | Auto-recoverable and auto-certifiable cryptostem using zero-knowledge proofs for key escrow in general exponential ciphers |
US6411715B1 (en) * | 1997-11-10 | 2002-06-25 | Rsa Security, Inc. | Methods and apparatus for verifying the cryptographic security of a selected private and public key pair without knowing the private key |
US20010034837A1 (en) * | 1997-12-23 | 2001-10-25 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
US6263446B1 (en) * | 1997-12-23 | 2001-07-17 | Arcot Systems, Inc. | Method and apparatus for secure distribution of authentication credentials to roaming users |
US7031470B1 (en) * | 1998-01-22 | 2006-04-18 | Nds Limited | Protection of data on media recording disks |
US6069647A (en) * | 1998-01-29 | 2000-05-30 | Intel Corporation | Conditional access and content security method |
US6389536B1 (en) * | 1998-02-09 | 2002-05-14 | Fuji Xerox Co., Ltd. | Device for verifying use qualifications |
US6567916B1 (en) * | 1998-02-12 | 2003-05-20 | Fuji Xerox Co., Ltd. | Method and device for authentication |
US7313701B2 (en) * | 1998-05-22 | 2007-12-25 | Cqr Cert, Llc | Robust efficient distributed RSA-key generation |
US20010038696A1 (en) * | 1998-05-22 | 2001-11-08 | Yair Frankel | Robust efficient distributed RSA-key generation |
US7058808B1 (en) * | 1998-09-29 | 2006-06-06 | Cyphermint, Inc. | Method for making a blind RSA-signature and apparatus therefor |
US7184547B1 (en) * | 1999-01-27 | 2007-02-27 | France Telecom | Authenticating or signature method with reduced computations |
US6952476B1 (en) * | 1999-02-08 | 2005-10-04 | Hewlett-Packard Development Company, L.P. | Verification of the private components of a public-key cryptographic system |
US6889322B1 (en) * | 1999-02-18 | 2005-05-03 | Nds Ltd. | Identification protocols |
US7096499B2 (en) * | 1999-05-11 | 2006-08-22 | Cylant, Inc. | Method and system for simplifying the structure of dynamic execution profiles |
US6937728B1 (en) * | 1999-05-19 | 2005-08-30 | Nippon Telegraph And Telephone Corporation | Verifiable anonymous channel |
US6978372B1 (en) * | 1999-05-20 | 2005-12-20 | Lucent Technologies Inc. | Verification of correct exponentiation or other operations in cryptographic applications |
US7085936B1 (en) * | 1999-08-30 | 2006-08-01 | Symantec Corporation | System and method for using login correlations to detect intrusions |
US7260716B1 (en) * | 1999-09-29 | 2007-08-21 | Cisco Technology, Inc. | Method for overcoming the single point of failure of the central group controller in a binary tree group key exchange approach |
US7181768B1 (en) * | 1999-10-28 | 2007-02-20 | Cigital | Computer intrusion detection system and method based on application monitoring |
US20010044865A1 (en) * | 2000-03-10 | 2001-11-22 | Richard Croyle | Transceiver interface reduction |
US20010023487A1 (en) * | 2000-03-15 | 2001-09-20 | Akiko Kawamoto | Multicast system, authentication server terminal, multicast receiver terminal controlling method, and storage medium |
US7047408B1 (en) * | 2000-03-17 | 2006-05-16 | Lucent Technologies Inc. | Secure mutual network authentication and key exchange protocol |
US6950948B2 (en) * | 2000-03-24 | 2005-09-27 | Votehere, Inc. | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US20020007457A1 (en) * | 2000-03-24 | 2002-01-17 | C. Andrew Neff | Verifiable, secret shuffles of encrypted data, such as elgamal encrypted data for secure multi-authority elections |
US20010044895A1 (en) * | 2000-03-31 | 2001-11-22 | International Business Machines Corporation | User authentication method, and storage medium, apparatus and system therefor |
US7222362B1 (en) * | 2000-05-15 | 2007-05-22 | International Business Machines Corporation | Non-transferable anonymous credentials |
US20040028221A1 (en) * | 2000-05-17 | 2004-02-12 | Martin Seysen | Cryptographic method and cryptographic device |
US20030158960A1 (en) * | 2000-05-22 | 2003-08-21 | Engberg Stephan J. | System and method for establishing a privacy communication path |
US20030172284A1 (en) * | 2000-05-26 | 2003-09-11 | Josef Kittler | Personal identity authenticatication process and system |
US20020067832A1 (en) * | 2000-06-05 | 2002-06-06 | Jablon David P. | Systems, methods and software for remote password authentication using multiple servers |
US7007301B2 (en) * | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
US20020136401A1 (en) * | 2000-07-25 | 2002-09-26 | Jeffrey Hoffstein | Digital signature and authentication method and apparatus |
US20020087865A1 (en) * | 2000-11-13 | 2002-07-04 | Ahmet Eskicioglu | Threshold cryptography scheme for message authentication systems |
US20020083332A1 (en) * | 2000-12-22 | 2002-06-27 | Grawrock David W. | Creation and distribution of a secret value between two devices |
US7058968B2 (en) * | 2001-01-10 | 2006-06-06 | Cisco Technology, Inc. | Computer security and management system |
US20040133781A1 (en) * | 2001-03-12 | 2004-07-08 | Louis Guillou | Cryptographic authentication with ephemeral modules |
US7415614B2 (en) * | 2001-03-12 | 2008-08-19 | France Telecom | Cryptographic authentication with ephemeral modules |
US7062490B2 (en) * | 2001-03-26 | 2006-06-13 | Microsoft Corporation | Serverless distributed file system |
US20020188605A1 (en) * | 2001-03-26 | 2002-12-12 | Atul Adya | Serverless distributed file system |
US20030093678A1 (en) * | 2001-04-23 | 2003-05-15 | Bowe John J. | Server-side digital signature system |
US7373499B2 (en) * | 2001-06-26 | 2008-05-13 | Lucent Technologies Inc. | Methods and apparatus for delegation of cryptographic servers for capture-resilient devices |
US20030048909A1 (en) * | 2001-06-26 | 2003-03-13 | Mackenzie Philip D. | Methods and apparatus for delegation of cryptographic servers for capture-resilient devices |
US20040177252A1 (en) * | 2001-06-27 | 2004-09-09 | Luc Vallee | Cryptographic authentication process |
US7003541B2 (en) * | 2001-08-07 | 2006-02-21 | Nec Corporation | Zero-knowledge proving system and method |
US20030065692A1 (en) * | 2001-08-07 | 2003-04-03 | Nec Corporation | Zero-knowledge proving system and method |
US7370358B2 (en) * | 2001-09-28 | 2008-05-06 | British Telecommunications Public Limited Company | Agent-based intrusion detection system |
US7308097B2 (en) * | 2001-12-07 | 2007-12-11 | Ntru Cryptosystems, Inc. | Digital signature and authentication method and apparatus |
US20030120929A1 (en) * | 2001-12-07 | 2003-06-26 | Ntru Cryptosystems, Incorporated | Digital signature and authentication method and apparatus |
US7028338B1 (en) * | 2001-12-18 | 2006-04-11 | Sprint Spectrum L.P. | System, computer program, and method of cooperative response to threat to domain security |
US20030115464A1 (en) * | 2001-12-19 | 2003-06-19 | Nyang Dae Hun | Method of designing password-based authentication and key exchange protocol using zero-knowledge interactive proof |
US7543139B2 (en) * | 2001-12-21 | 2009-06-02 | International Business Machines Corporation | Revocation of anonymous certificates, credentials, and access rights |
US20030177352A1 (en) * | 2001-12-21 | 2003-09-18 | International Business Machines Corporation | Revocation of anonymous certificates, credentials, and access rights |
US20050265550A1 (en) * | 2002-03-13 | 2005-12-01 | Koninklijke Philips Electronics N.V. | Polynomial-based multi-user key generation and authentication method and system |
US20030182559A1 (en) * | 2002-03-22 | 2003-09-25 | Ian Curry | Secure communication apparatus and method for facilitating recipient and sender activity delegation |
US20030196106A1 (en) * | 2002-04-12 | 2003-10-16 | Shervin Erfani | Multiple-use smart card with security features and method |
US7089323B2 (en) * | 2002-06-21 | 2006-08-08 | Microsoft Corporation | Method for multicasting a message on a computer network |
US20040006650A1 (en) * | 2002-06-21 | 2004-01-08 | Microsoft Corporation | Method for multicasting a message on a computer network |
US20040008845A1 (en) * | 2002-07-15 | 2004-01-15 | Franck Le | IPv6 address ownership solution based on zero-knowledge identification protocols or based on one time password |
US20040015719A1 (en) * | 2002-07-16 | 2004-01-22 | Dae-Hyung Lee | Intelligent security engine and intelligent and integrated security system using the same |
US20040034774A1 (en) * | 2002-08-15 | 2004-02-19 | Le Saint Eric F. | System and method for privilege delegation and control |
US20040054885A1 (en) * | 2002-09-18 | 2004-03-18 | Bartram Linda Ruth | Peer-to-peer authentication for real-time collaboration |
US20040073795A1 (en) * | 2002-10-10 | 2004-04-15 | Jablon David P. | Systems and methods for password-based connection |
US20040073801A1 (en) * | 2002-10-14 | 2004-04-15 | Kabushiki Kaisha Toshiba | Methods and systems for flexible delegation |
US20070113077A1 (en) * | 2002-11-27 | 2007-05-17 | Intel Corporation | System and Method for Establishing Trust Without Revealing Identity |
US7165181B2 (en) * | 2002-11-27 | 2007-01-16 | Intel Corporation | System and method for establishing trust without revealing identity |
US20040103281A1 (en) * | 2002-11-27 | 2004-05-27 | Brickell Ernie F. | System and method for establishing trust without revealing identity |
US7219239B1 (en) * | 2002-12-02 | 2007-05-15 | Arcsight, Inc. | Method for batching events for transmission by software agent |
US20040123141A1 (en) * | 2002-12-18 | 2004-06-24 | Satyendra Yadav | Multi-tier intrusion detection system |
US7305705B2 (en) * | 2003-06-30 | 2007-12-04 | Microsoft Corporation | Reducing network configuration complexity with transparent virtual private networks |
US20050069135A1 (en) * | 2003-09-30 | 2005-03-31 | Brickell Ernie F. | Platform and method for establishing trust without revealing identity |
US7747857B2 (en) * | 2004-12-17 | 2010-06-29 | Ntt Docomo, Inc. | Use of modular roots to perform authentication including, but not limited to, authentication of validity of digital certificates |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170186260A1 (en) * | 2014-06-17 | 2017-06-29 | Juan José Bermúdez | Anonymous and secure electronic voting system for use in open networks |
WO2020101471A1 (en) * | 2018-11-14 | 2020-05-22 | Mimos Berhad | Secure framework for transaction signing |
Also Published As
Publication number | Publication date |
---|---|
US20040123156A1 (en) | 2004-06-24 |
US7840806B2 (en) | 2010-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7840806B2 (en) | System and method of non-centralized zero knowledge authentication for a computer network | |
US7542569B1 (en) | Security of data connections | |
US5751812A (en) | Re-initialization of an iterated hash function secure password system over an insecure network connection | |
US6732270B1 (en) | Method to authenticate a network access server to an authentication server | |
US8352739B2 (en) | Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same | |
US7139917B2 (en) | Systems, methods and software for remote password authentication using multiple servers | |
US5418854A (en) | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system | |
CN112425136B (en) | Internet of things security with multiparty computing (MPC) | |
EP0651533B1 (en) | Method and apparatus for privacy and authentication in a mobile wireless network | |
EP1359491B1 (en) | Methods for remotely changing a communications password | |
US20030115452A1 (en) | One time password entry to access multiple network sites | |
US8099607B2 (en) | Asymmetric crypto-graphy with rolling key security | |
US8793497B2 (en) | Puzzle-based authentication between a token and verifiers | |
JP4002035B2 (en) | A method for transmitting sensitive information using unsecured communications | |
US8595501B2 (en) | Network helper for authentication between a token and verifiers | |
US20030196084A1 (en) | System and method for secure wireless communications using PKI | |
CN109963282A (en) | Secret protection access control method in the wireless sensor network that IP is supported | |
EP1573482A2 (en) | Cryptographic methods and apparatus for secure authentication | |
CN110020524B (en) | Bidirectional authentication method based on smart card | |
US20210167963A1 (en) | Decentralised Authentication | |
CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
CN115865520B (en) | Authentication and access control method with privacy protection in mobile cloud service environment | |
WO2001011817A2 (en) | Network user authentication protocol | |
CN111970270A (en) | SIP security authentication method and system based on-loop error learning problem | |
CN114765533B (en) | Remote proving method, device and system based on quantum key communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INNERWALL, INC., COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HAMMOND, FRANK J., II;CARLANDER, STEVEN J.;RICOTTA, FRANK J., JR.;REEL/FRAME:030742/0928 Effective date: 20031103 Owner name: ENTERPRISE INFORMATION MANAGEMENT, INC., COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INNERWALL, INC.;REEL/FRAME:030742/0935 Effective date: 20101215 Owner name: TVIIM, LLC, COLORADO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ENTERPRISE INFORMATION MANAGEMENT, INC.;REEL/FRAME:030742/0955 Effective date: 20130131 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |