Patent application number | Description | Published |
20080232583 | Vehicle Segment Certificate Management Using Shared Certificate Schemes - The present invention advantageously provides techniques to solve problems with combinatorial anonymous certificate management by addressing critical issues concerning its feasibility, scalability, and performance. Methods and procedures to manage IEEE 1609.2 anonymous and identifying cryptographic keys and certificates in the Vehicle Infrastructure Integration (VII) system are presented, along with methods for management of identifying and anonymous certificates in a partitioned Certificate Authority architecture designed to enhance vehicle privacy. Novel methods for vehicles to dynamically change an anonymous certificate for use while maintaining vehicle privacy are given. Refinements to basic combinatorial schemes are presented including probabilistic key replacement, rekey counter decrement, dynamic rekey threshold, geographic attack isolation and proofs of geographic position. | 09-25-2008 |
20080232595 | Vehicle Segment Certificate Management Using Short-Lived, Unlinked Certificate Schemes - The present invention advantageously provides a system and method for management of cryptographic keys and certificates for a plurality of vehicles. Each vehicle of the plurality of vehicles generates public/private key pairs, requests multiple time-distributed certificates, creates an encrypted identity, and surrenders expired certificates. An assigning authority receives the public/private key pairs, the request for multiple time-distributed certificates, the encrypted identity, and the expired certificates from said vehicle. The assigning authority authorizes the vehicle with an authorizing authority, validates the expired certificates, proves ownership, and distributes the requested time-distributed certificates to said vehicle. Validation can comprise checking expired certificates against misused, compromised and/or previously surrendered certificates. Time-distributed certificates can have lifetimes adjustable based on certificate misuse detection system algorithms, amount of malicious activity detected, and/or certificate authority capacity. | 09-25-2008 |
20090046854 | Method for a Public-Key Infrastructure Providing Communication Integrity and Anonymity While Detecting Malicious Communication - An inventive scheme for detecting parties responsible for repeated malicious activities in secure and anonymous communication is presented. The scheme comprises generating a pool of keys, distributing to and associating with each party a small number of keys chosen randomly from the pool, revoking a key when it is detected as used in a malicious activity, creating a set of parties associated with the revoked key, revoking additional keys randomly chosen among the keys not currently revoked, selecting new keys, and when a party requests an updated key, sending the updated key selected from among the new keys to the requesting party, wherein if an other malicious activity is detected, creating another set of the parties associated with the other malicious activity and identifying the parties in both sets. The steps of the inventive scheme are repeated until only one party is in the intersection set. | 02-19-2009 |
20100031025 | Method and system to authorize and assign digital certificates without loss of privacy, and/or to enhance privacy key selection - A method and system for public key infrastructure key and certificate management provides anonymity to certificate holders and protects the privacy of certificate holders from the compromise of a certificate authority. Functional separation is provided in the authorization of a certificate request and the assignment of certificates and key pairs. The authorizing certificate authority approves or denies each certificate request from a requestor whose identity is not made available to the assigning certificate authority. The assigning certificate authority, upon approval from the authorizing certificate authority, issues one or more certificates and optionally generates and provides the associated key pairs to the requester without disclosing these certificates and key pairs to the authorizing certificate authority. In another aspect, a distributed method is disclosed that allows individual nodes and/or units in a network to select certificates for broadcasting messages to a community of interest with a non-unique key. | 02-04-2010 |
20100031042 | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) - The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability. | 02-04-2010 |
20110145901 | SYSTEMS AND METHODS FOR AUTHENTICATING A SERVER BY COMBINING IMAGE RECOGNITION WITH CODES - A system and method is provided for authenticating a first device to a second device. This involves providing images to the second device, receiving an indication of selected ones of the images as authenticating images, and identifying an authenticating code associated with the second device. This also involves receiving a transaction request from the second device, the first device providing a display page to the second device, the display page including the authenticating images at locations identified by the authenticating code. | 06-16-2011 |
20110210973 | METHOD TO MODEL VEHICULAR COMMUNICATION NETWORKS AS RANDOM GEOMETRIC GRAPHS - A method for generating mathematical analysis of a communication protocol in a vehicular communications network. The method defines features of a vehicular network, which may include a graph of a street map within a geographic area. A random geometric graph with a plurality of parameters is generated. A plurality of communications protocols on the vehicular network are defined. A communication protocol over the random geometric graph is redefined. A communication protocol's basic properties and associated features on the random geometric graph are analyzed. Results of the analysis are generated. The results of the analysis based on the random geometric graph's parameters are translated into results based on the vehicular network features. The random geometric graph with the parameters are displayed. The parameters may include: a number of graph nodes; and a probability that any two nodes are communicably connected being expressed as a function of the vehicular network features. | 09-01-2011 |
20110231656 | SYSTEM AND METHODS FOR AUTHENTICATING A RECEIVER IN AN ON-DEMAND SENDER-RECEIVER TRANSACTION - A system and method are provided for authenticating a first device to a second device. This involves determining, at the directory, a secret key and a first set of images by communicating with the first device; receiving, at the directory, a transaction request from the second device to authenticate the first device; and generating, at the directory, a tag using said secret key and first information associated with said transaction request. This also involves selecting a second set of images from said first set of images according to said tag, and sending said second set of images from the directory to the second device. Moreover, using said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device. | 09-22-2011 |
20120159181 | Virus Localization Using Cryptographic Hashing - Methods for using integrity checking techniques to identify and locate computer viruses are provided. A method for virus localization for each of three types of virus infections is provided, including the steps of computing a sequence of file blocks, calculating hashes for the sequences of file blocks from a host file and calculating hashes for the same or related sequences of file blocks from an infected file, and comparing the hashes from host file to the hashes from the infected file from the same or related sequences of file blocks such that when some of said first hashes and said second hashes do not match, a location of a virus is output. Methods for computing the sequence of file blocks depending on the type of virus infection, and for calculating the hashes using a collision resistant hash function, a digital signature scheme, a message authentication code, or a pseudo-random function. | 06-21-2012 |
20120167223 | Virus Localization Using Cryptographic Hashing - Methods for using integrity checking techniques to identify and locate computer viruses are provided. A method for virus localization for each of three types of virus infections is provided, including the steps of computing a sequence of file blocks, calculating hashes for the sequences of file blocks from a host file and calculating hashes for the same or related sequences of file blocks from an infected file, and comparing the hashes from host file to the hashes from the infected file from the same or related sequences of file blocks such that when some of said first hashes and said second hashes do not match, a location of a virus is output. Methods for computing the sequence of file blocks depending on the type of virus infection, and for calculating the hashes using a collision resistant hash function, a digital signature scheme, a message authentication code, or a pseudo-random function. | 06-28-2012 |
20130227273 | PRIVACY-PRESERVING PUBLISH-SUBSCRIBE PROTOCOL IN A DISTRIBUTED MODEL - A method and system for providing privacy in a publish-subscribe protocol is provided. A server transmits to a client a public key. The server receives from the client a pseudonym of an interest based on a division malleable commitment method applied to the public key, wherein the pseudonym of the interest functions as a commitment of the client. The server encrypts an item with a padded key and encrypting the padded key. The server transmits to the client, the encrypted item and a pseudonym of a topic associated with the item based on a modification of the commitment by the server using a hybrid conditional-oblivious transfer protocol. When the interest of the client equals the topic associated with the item, the client retrieves a correct padded key to decrypt the encrypted data item; otherwise the client retrieves a random key that is unable to decrypt the encrypted data item. | 08-29-2013 |
20130227274 | PRIVACY-PRESERVING PUBLISH-SUBSCRIBE PROTOCOL IN A CLOUD-ASSISTED MODEL - A server receives from a client at least one interest pseudonym produced by a double application of a pseudo random function to at least one interest of the client. The server encrypts an item. The server computes at least one intermediate topic pseudonym for at least one topic associated with the item by applying the function to each of the at least one topic associated with the item. The server transmits the at least one intermediate topic pseudonym, the at least one interest pseudonym, and the encrypted item to a third party. The third party may apply the function to the at least one intermediate topic pseudonym to produce at least one topic pseudonym associated with the item and transmit the encrypted item to the client for decryption when one of the at least one masked topic pseudonym is equal to one of the at least one interest pseudonym of the client. | 08-29-2013 |
20130246791 | PRIVACY-PRESERVING PUBLISH-SUBSCRIBE PROTOCOL IN A CLOUD-ASSISTED BROADCAST MODEL - A method and system for providing privacy in a publish-subscribe protocol is provided. A server receives from a third party a topic-based key associated with a tree structure having a pseudonym of a topic as a root and at least one client as a leaf. The server encrypts a key associated with a conditional oblivious transfer protocol using the topic-based key. The server encrypts an item with the key associated with the conditional oblivious transfer protocol. The server transmits the encrypted key and the encrypted item to a plurality of clients. The encrypted item is decryptable by the at least one client with the key associated with the conditional oblivious transfer protocol when the key associated with the conditional oblivious transfer protocol is decryptable with an interest-based key associated with a tree structure having a pseudonym of an interest as a root and the at least one client as a leaf. | 09-19-2013 |