Patent Grant
12238202
The invention generally relates to data protection, cryptography and security architecture, and relates in particular to the control of cryptographic systems such as advanced encryption standard (AES) 256 bit encryption (AES-256).
The encryption standard AES-256 first appeared in 2001 in commercial implementations, and has long been accepted as a strong encryption standard by the public and private sector. As with other symmetric key modalities, it is inherently stronger than similar asymmetric key modalities. The standard however, has previously retained the inherent vulnerabilities of symmetric keys, specifically that the shared and stored key need to be protected from compromise. The cryptographic system itself is strong, but if the keys are stolen or obtained by social engineering, the security can be broken without breaking the cryptosystem itself.
Although the standard is highly effective in hiding information from potential attackers, an apparent weakness is the use of a shared secret key, which is common to both symmetric and asymmetric cryptosystems in use at present. This means that the primary attack vector to AES-256 is not breaking the cryptography, as this would require a very sophisticated supercomputer to spend 2.29×1038 years. The more important issue is that keys can be stolen via the path of social engineering.
This is why attacks at present tend to avoid addressing the cryptographic primitives themselves, because these are considered highly effective, and generally a waste of time to attack directly, as they are likely to require large amounts of computing power and time. The modern approach for the 2020s is to steal the keys in one manner or another, e.g., social engineering or compensating a data center employee to deliver keys and certificates illegally. Because of the lack of trace records in most cases, many such breaches may not be detected for relatively long periods of time. Stolen credentials have been the cause of some of the costliest data breaches in recent years such as breaches at Equifax Inc., Yahoo! Inc. and the U.S. government. Further to this, it is estimated that stolen credentials have been used in at least 85% of recent phishing attacks, as social engineering attacks tend to be far simpler than attacks directly to the cryptosystem.
There remains a need therefore, for cryptographic systems that are better designed to reduce vulnerabilities and thwart attack.
In accordance with an aspect, the invention provides a cryptographic management key system for providing secure communication in a cryptographic system. The cryptographic key management system includes a plurality of communication apparatuses under the control of a common control console, each communication apparatus being in communication with at least one source of dynamic random or pseudo-random information via the common control console, and communication paths among the plurality of communication apparatuses, said communication paths including a control plane, a random information plane and a data plane.
In accordance with another aspect, the invention provides a key generation system for continuous generation of disposable cryptographic keys for an underlying cryptosystem. The key generation system includes at least one source of raw entropy that provides the source of information to generate random information or pseudo-random information, an entropy multiplexer that combines entropy from at least one entropy source; a key material loader that formats raw key material and loads it into a database, a key material database that stores entropy information that can be accessed randomly via index positions and its information shuffled relative to any other indexed position in the database, a key material management and synchronization system that performs as a system controller of a network system, a key material quantizer that quantizes the raw entropy from the database and formats it into an appropriate cryptographic key, and a payload data quantizer that formats and unformats payload data to and from the encryption and decryption units.
In accordance with a further aspect, the invention provides a method for producing ephemeral, disposable cryptographic keys in an underlying cryptographic system. The method includes selecting one or more sources of random information or pseudo-random information, multiplexing the random information or pseudo-random information in a pre-defined or arbitrary manner, formatting the random information or pseudo-random information for storage in a random access database, shuffling and/or re-indexing the information in the random-access database relative to its index positions, formatting the shuffled random information from the database to form a key and an initialization vector, sending the formatted key material to the cryptosystem; selecting the format for upper layer payload data packets, disassembling the payload packet into smaller packets that can be transported by the cryptosystem, and assembling data payload packets arriving from the cryptosystem into decrypted payload packets that are then passed to the upper layers of the system.
The following description may be further understood with reference to the accompanying drawings in which:
The drawings are shown for illustrative purposes only.
In accordance with various aspects, the invention provides a system and method with an apparatus for 1) further improving and securing underlying cryptosystems and 2) eliminating the attack vector associated with stolen keys and other related credentials such as certificates.
Predictability and determinability of components of the entire encryption method provide pathways of attack. By eliminating components such as the exchange or storage of actual keys and the predictable use of known or predictable key or bit size, these pathways are reduced or eliminated entirely. The introduction of variability in the remaining system components increases the level of difficulty facing the attacker. Although the below example uses the AES-256 cryptosystem, systems and methods of the invention apply to the construction of keys of many other underlying cryptosystems.
Disclosed herein is an approach that eliminates the storage and exchange of keys while retaining the strength of symmetric and asymmetric key cryptosystems in accordance with an aspect of the present invention. The system in accordance with an aspect has the following properties. First, the keys produced are built from ephemeral key material, basically raw entropy, and are therefore dynamic and only exist when being used. Second, the keys are never stored anywhere. Only raw information from which keys are assembled in the moment of their use is stored. That information is of no use to an adversary while in storage. These can be viewed as disposable crypto keys. Third, another property is the introduction of the time element, and specifically the ability to assemble and use keys from raw entropy, and which may be changed periodically, e.g., many times per second. This further assures against the so-called “harvest and decrypt” attack where the attacker simply saves the encrypted data stream and attempts to decrypt it over time. Fourth, the keys themselves are never exchanged and only information that enables identical keys to be assembled many times a second is exchanged and that information is of a nature that it can be exchanged in the clear. Fifth. the keys are never exposed to an adversary and never exist where they must be protected. Because they can change many times a second and multiple keys can be used for both authentication and encryption, the challenge for an attacker is of such complexity that it is beyond solution in the life of the universe.
By stripping away the storage and exchange of keys, the modality is simpler and lighter weight than the current modality and easier to implement, but significantly less vulnerable to attack. The approach addresses certain attack vectors that have become common in recent years. The novelty of the current invention is in the removal of inherent vulnerabilities in the current architecture and method of application of underlying cryptographic system.
A network view of the system is shown at 30 in
Each of the multiple communication apparatuses may be connected to a common medium to carry the signaling information, cipher stream and random information, or each of these may be carried by separate logical and/or physical media. In the network view of
The apparatus shown in
The key material management and synchronization system 74 performs the distribution of key material databases and periodic distribution of indexing information to the relevant parties among whom secure communication may be initiated, as well as the methods of synchronization among the communicating peers. It may periodically shuffle the index positions in the key material database and distribute such index information to the relevant parties. It goes beyond the prior art by providing control of services as 1) the multiplexing of raw entropy, 2) loading the combined entropy into the multi-dimensional database, 3) controlling the quantization boundaries of the raw permuted key material, controlling the generation (or not) of the initialization vector data and 4) controlling the bit/word boundaries of the payload data to ensure compliance to the transmissible size and formatting requirements of the underlying network.
The key material quantizer 72 receives the permuted key material, as indexed and shuffled by the key material management and synchronization system is then broken down into bitwise quanta that the underlying encryption/decryption system can make use of, comprising for example, 1) a 256-bit key and 2) a 256-bit initialization vector, which ensures that any new data which are encrypted using the same key do not result in the same cyphertext or clear text (in the case of decryption). The payload data quantizer 76 provides that payload data are packed (in the case of encryption) on 128-bit boundaries or unpacked from 128-bit quantities and assembled into data packets that the system components in the subsequent layers understand, e.g., transport layer packets such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) packets that may have a payload of 1500 octets. The IP transport layer is used in this example, but the invention may be deployed at other logical positions in the network.
The encryption/decryption module 78 may be implemented in software, firmware, custom hardware Application Specific Integrated Circuits (ASICs) and/or Field Programmable Gate Arrays (FPGA) devices among other types of architecture. It is symmetric, which means that it functions bi-directionally as an encryption and decryption service using the same parameters in both directions. Again,
With reference to
With reference to
With reference to
The key material loader 68 therefore receives formatted entropy material from the multiplexer and loads it into the key material matrix database 70. This is done under the control of the key material management and synchronization system 74, which may additionally shuffle the indices. The key material loader 68 receives a control packet from the KMSS 74 and performs the operation associated with the received opcode.
The key material database 70 may be viewed as a multi-dimensional cube, or other such entity, where the important feature is that the information in the database may be re-indexed and shuffled. This means that external references to the index shall be able to randomly access any octet, word or other quantity of data and also that the relationship of the data elements may be shuffled, which may mean a partial or complete re-ordering of the information in the database relative to the indices.
Additional functionality of KMSS 74 include the following. The KMSS 74 may be external to all communication endpoints. Its purpose is to coordinate the activities of each network element in the entire system. This includes control of the entropy multiplexer 66, control of the key material loader 68, shuffling of the key material databases indices 70, control of the key material quantizer 72, and control of the payload data quantizer 76. The entropy multiplexer 66 selects the desired number of entropy sources and data acquisition mode. The key material loader 68 sets the data length boundaries for insertion of key material into database. The key material databases indices 70 re-orders of some or all of the key material stored as entropy quanta in the database, which may be done directly, or indirectly by re-ordering the indexing. The key material quantizer 72 controls the formatting of an actual non-reusable i) encryption key and ii) initialization vector, in the format that is consistent to the requirements of the underlying cryptosystem. The payload data quantizer 76 sets the data boundaries in bits or octets for payload data coming in or out of the cryptosystem.
The quantizers manage the packeting of the information. In particular, the key material quantizer 72 formats the entropy from the database into actual keys and initialization vectors, as per the specification of the underlying cryptosystem. For example, each key and each initialization vector may comprise 256 bits. The resulting formatted keys and initialization vectors are subsequently sent to the cryptosystem. The payload data quantizer 76 element sets the boundaries of payload quantity for a given encode or decode operation. In addition, it i) disassembles packets arriving from upper layers of the system stack (e.g., payload area of User Datagram Protocol (UDP) packets) into packets formatted for the underlying cryptosystem specifications and ii) assembles packets arriving from the decryption unit into upper-layer formatted data packets, including the assembly of decrypted payload area and any required clear text headers.
In accordance with various aspects, therefore, the invention provides a secure communication system including a plurality of communication apparatuses under the control of a common control console, one or more sources of random information, sent to each communication apparatus, and connection of all elements by the control plane, random information plane and data plane. The connection among the network elements may be wireline, wireless, etc.
In accordance with other aspects, the invention provides an apparatus for continuous generation of disposable cryptographic keys for an underlying cryptosystem including any of the following elements: one or more sources of raw entropy provide the source of information to generate random information; an entropy multiplexer, which combines entropy from one or more entropy sources; a key material loader, which formats raw key material and loads it into a database; a key material database, which stores entropy information that can be accessed randomly via index positions and its information shuffled relative to any other indexed position in the database; a key material management and synchronization system, which performs as the master controller of the entire system; a key material quantizer, quantizes the raw entropy from the database and formats it into an appropriate cryptographic key; and a payload data quantizer, which formats and unformats payload data to and from the encryption and decryption units.
In such an apparatus the one or more entropy sources may comprise random information generators, implemented in a variety of ways. The one or more entropy sources may comprise one or more databases containing random information. The entropy sources may comprise one or more quantum random number generators. The underlying cryptosystem may be, for example, AES-256, RSA, or ECC.
In accordance with further aspects, the invention provides a method for producing ephemeral, disposable cryptographic keys including, for example, the following steps: selecting one or more sources of random information; multiplexing the random information in a pre-defined or arbitrary manner; formatting the random information for storage in a random-access database; shuffling and/or re-indexing the information in the random-access database relative to its index positions; formatting the shuffled random information from the database to form a i) key and ii) initialization vector; sending the formatted key material to the cryptosystem; selecting the format for upper layer payload data packets; disassembling the payload packet into smaller packets that can be transported by the cryptosystem; and assembling data payload packets arriving from the cryptosystem into decrypted payload packets that are then passed to the upper layers of the system.
In the method, the term cryptosystem may be replaced with specific, difference types of cryptosystems. The upper layer payload packets may refer to Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or other Transport Layer data packets. The upper layer payload packets may refer to any other type of data packet format originating or terminating in any logical layer of the network.
In addition to performing the known functions of the key material management and synchronization system described by the prior art, the system adds 1) the multiplexing of raw entropy which may be generated from more than one source, 2) controlling the quantization boundaries of the raw permuted key material, 3) controlling the generation (or not) of the initialization vector data and 4) controlling the bit/word boundaries of the payload data.
As compared to existing systems using an underlying encryption/decryption method, a temporal element is added to the usage of the permuted key material extracted from the key material database, with the ability to set the periodicity of ephemeral key creation and usage. Keys are never stored, and only created before immediate use. Keys are never exchanged, only the index values are communicated among peers, which are meaningless to intruders. New keys may be manufactured at variable periodicity making them immediately useless to an intruder.
As further compared to existing system using an underlying encryption/decryption method, the synchronization of the indexing of key material database by the key material management and synchronization system among communicating peers eliminates the need for stored keys. Index synchronization means that all the peers know where to start constructing their keys and initialization sequences from the database of permuted key material. Therefore, no keys are stored before, or after their usage.
Systems and methods of various aspects of the present invention therefore are the i) introduction of a temporal component and ii) the fact that the keys are used once, and then discarded. The temporal component provides the ability to continually and rapidly generate sequential cryptographic keys that will be used over a very short period of time, e.g., 100 ms. This means that the information used for one key will never be used for another, identical key and that a random attack is unlikely to succeed, but in the event that it did succeed, there would be an extremely low probability of random attacks succeeding over the entire length of the message. With regard to the disposable keys, the fact that the keys are never used more than once, and furthermore never stored, means that there is no benefit to an attacker, because there is nothing relevant to steal or misuse by an attacker.
With reference to
So even if an attacker was fortunate to randomly guess an attack on one 1500 octet quantity of encrypted information, it would require 833 periods−1, making p=832
to decode the remaining data in the entire message, because each 1500 octet quantity would require 2.29*1038 years to brute force attack. So, in one second of information transfer, the key has changed 833 times. This simple analysis reflects only the case of having the ability to decode all elements in the 833 periods. In reality, an attacker could learn something useful from partial decode of the message, although this would remain difficult.
In addition to the temporal element of rapidly changing keys, the fact that the keys are never stored and only used one time means that stealing useful keys is impossible, as there is nothing useful to steal because both (or all) endpoints have synchronized on the index of their respective (or central) databases containing key material.
Those skilled in the art will appreciate that numerous modifications and variations may be made to the above disclosed embodiments without departing from the spirit and scope of the present invention.
The present application claims priority to U.S. Provisional Patent Application No. 63/438,186 filed Jan. 10, 2023, the disclosure of which is hereby incorporated by reference in its entirety.
| Number | Name | Date | Kind |
|---|---|---|---|
| 4405829 | Rivest et al. | Sep 1983 | A |
| 4649233 | Bass et al. | Mar 1987 | A |
| 5651064 | Newell | Jul 1997 | A |
| 5729608 | Janson | Mar 1998 | A |
| 5987483 | Edelkind et al. | Nov 1999 | A |
| 6055637 | Hudson et al. | Apr 2000 | A |
| 6295541 | Bodnar et al. | Sep 2001 | B1 |
| 8321670 | Lior et al. | Nov 2012 | B2 |
| 8510565 | Tie et al. | Aug 2013 | B2 |
| 8817985 | Fukuda | Aug 2014 | B2 |
| 8855312 | Hodgman et al. | Oct 2014 | B1 |
| 8964947 | Noolu et al. | Feb 2015 | B1 |
| 9021269 | Spilman | Apr 2015 | B2 |
| 9178699 | Lambert et al. | Nov 2015 | B2 |
| 9432198 | Falk et al. | Aug 2016 | B2 |
| 9722803 | Ellingson et al. | Aug 2017 | B1 |
| 9813245 | Le Saint et al. | Nov 2017 | B2 |
| 9980140 | Spencer et al. | May 2018 | B1 |
| 10015153 | Dotan | Jul 2018 | B1 |
| 10021100 | Ellingson et al. | Jul 2018 | B2 |
| 10057269 | Ellingson | Aug 2018 | B1 |
| 10097344 | Davis | Oct 2018 | B2 |
| 10122699 | Ellingson et al. | Nov 2018 | B1 |
| 10149156 | Tiku et al. | Dec 2018 | B1 |
| 10541989 | Ellingson et al. | Jan 2020 | B2 |
| 10542002 | Ellingson et al. | Jan 2020 | B2 |
| 10771243 | Pasquali | Sep 2020 | B1 |
| 11196720 | Thompson | Dec 2021 | B2 |
| 11670188 | Aharonson | Jun 2023 | B2 |
| 20010044786 | Ishibashi | Nov 2001 | A1 |
| 20020138761 | Kanemaki et al. | Sep 2002 | A1 |
| 20030084287 | Wang et al. | May 2003 | A1 |
| 20030182327 | Ramanujam et al. | Sep 2003 | A1 |
| 20040067736 | Kamma | Apr 2004 | A1 |
| 20040131187 | Takao | Jul 2004 | A1 |
| 20040167804 | Simpson et al. | Aug 2004 | A1 |
| 20040172300 | Mihai et al. | Sep 2004 | A1 |
| 20040172423 | Kaasten et al. | Sep 2004 | A1 |
| 20050187966 | Lino | Aug 2005 | A1 |
| 20050208940 | Takase et al. | Sep 2005 | A1 |
| 20050216769 | Matsuoka | Sep 2005 | A1 |
| 20060010182 | Altepeter et al. | Jan 2006 | A1 |
| 20060010183 | Rabin et al. | Jan 2006 | A1 |
| 20060053285 | Kimmel et al. | Mar 2006 | A1 |
| 20060075234 | You et al. | Apr 2006 | A1 |
| 20060080545 | Bagley | Apr 2006 | A1 |
| 20060087999 | Gustave et al. | Apr 2006 | A1 |
| 20060133613 | Ando et al. | Jun 2006 | A1 |
| 20060136702 | Vantalon et al. | Jun 2006 | A1 |
| 20060147043 | Mann et al. | Jul 2006 | A1 |
| 20060161775 | O'Brien et al. | Jul 2006 | A1 |
| 20070005985 | Eldar et al. | Jan 2007 | A1 |
| 20070022302 | Richards, Jr. et al. | Jan 2007 | A1 |
| 20070186115 | Gao et al. | Aug 2007 | A1 |
| 20070256118 | Nomura et al. | Nov 2007 | A1 |
| 20080022091 | Deschpande et al. | Jan 2008 | A1 |
| 20080086646 | Pizano | Apr 2008 | A1 |
| 20080209214 | Schrijen et al. | Aug 2008 | A1 |
| 20080235768 | Walter et al. | Sep 2008 | A1 |
| 20080301228 | Flavin | Dec 2008 | A1 |
| 20080313698 | Zhao et al. | Dec 2008 | A1 |
| 20080313723 | Naono et al. | Dec 2008 | A1 |
| 20090006850 | Birger et al. | Jan 2009 | A1 |
| 20090135725 | Tanaka et al. | May 2009 | A1 |
| 20090161876 | Sherkin | Jun 2009 | A1 |
| 20090199009 | Chia et al. | Aug 2009 | A1 |
| 20090282467 | Schenk | Nov 2009 | A1 |
| 20090287921 | Zhu et al. | Nov 2009 | A1 |
| 20100042833 | Platt | Feb 2010 | A1 |
| 20100062758 | Proctor | Mar 2010 | A1 |
| 20100104102 | Brown et al. | Apr 2010 | A1 |
| 20100228981 | Yao | Sep 2010 | A1 |
| 20100250952 | Pang et al. | Sep 2010 | A1 |
| 20100279611 | Kumazawa | Nov 2010 | A1 |
| 20100299308 | Prasad et al. | Nov 2010 | A1 |
| 20110010543 | Schmidt et al. | Jan 2011 | A1 |
| 20110138179 | Jiang et al. | Jun 2011 | A1 |
| 20110138719 | Gosling et al. | Jun 2011 | A1 |
| 20110154037 | Orre et al. | Jun 2011 | A1 |
| 20110197064 | Garcia Morchon | Aug 2011 | A1 |
| 20110202755 | Orsini et al. | Aug 2011 | A1 |
| 20120011360 | Engels et al. | Jan 2012 | A1 |
| 20120033803 | Huang | Feb 2012 | A1 |
| 20120093311 | Nierzwick et al. | Apr 2012 | A1 |
| 20120106735 | Fukuda | May 2012 | A1 |
| 20120167169 | Ge | Jun 2012 | A1 |
| 20120170751 | Wurm | Jul 2012 | A1 |
| 20120243679 | Obana | Sep 2012 | A1 |
| 20130276092 | Sun et al. | Jan 2013 | A1 |
| 20130035067 | Zhang et al. | Feb 2013 | A1 |
| 20130046972 | Campagna et al. | Feb 2013 | A1 |
| 20130097117 | Lasky et al. | Apr 2013 | A1 |
| 20130152160 | Smith et al. | Jun 2013 | A1 |
| 20130182848 | Sundaram et al. | Jul 2013 | A1 |
| 20130232551 | Du et al. | Sep 2013 | A1 |
| 20130243194 | Hawkes et al. | Sep 2013 | A1 |
| 20140013108 | Pellikka et al. | Jan 2014 | A1 |
| 20140057601 | Michau et al. | Feb 2014 | A1 |
| 20140162601 | Kim et al. | Jun 2014 | A1 |
| 20140164768 | Kruglick | Jun 2014 | A1 |
| 20140164776 | Hook et al. | Jun 2014 | A1 |
| 20150013015 | Zheng et al. | Jan 2015 | A1 |
| 20150039651 | Kinsely et al. | Feb 2015 | A1 |
| 20150058841 | Krempa | Feb 2015 | A1 |
| 20150101037 | Yang et al. | Apr 2015 | A1 |
| 20150106898 | Du et al. | Apr 2015 | A1 |
| 20150220726 | Huo | Aug 2015 | A1 |
| 20150222632 | Ichijo et al. | Aug 2015 | A1 |
| 20150237026 | Kumar | Aug 2015 | A1 |
| 20150281199 | Sharma | Oct 2015 | A1 |
| 20150286719 | Sampathkumaran | Oct 2015 | A1 |
| 20150372811 | Le Saint et al. | Dec 2015 | A1 |
| 20160063466 | Sheridan et al. | Mar 2016 | A1 |
| 20160065370 | Le Saint et al. | Mar 2016 | A1 |
| 20160099901 | Allen et al. | Apr 2016 | A1 |
| 20160099922 | Dover | Apr 2016 | A1 |
| 20160156614 | Jain et al. | Jun 2016 | A1 |
| 20160182497 | Smith | Jun 2016 | A1 |
| 20160197706 | Lester et al. | Jul 2016 | A1 |
| 20160260169 | Arnold et al. | Sep 2016 | A1 |
| 20160261690 | Ford | Sep 2016 | A1 |
| 20160308858 | Nordstrom | Oct 2016 | A1 |
| 20160337326 | O'Hare et al. | Nov 2016 | A1 |
| 20160342394 | Tsirkin | Nov 2016 | A1 |
| 20170034167 | Figueira | Feb 2017 | A1 |
| 20170201380 | Schaap et al. | Jul 2017 | A1 |
| 20170243212 | Castinado et al. | Aug 2017 | A1 |
| 20170324548 | Anshel et al. | Nov 2017 | A1 |
| 20180052662 | Dale | Feb 2018 | A1 |
| 20180077156 | Ellingson et al. | Mar 2018 | A1 |
| 20180131526 | Ellingson et al. | May 2018 | A1 |
| 20180343259 | Ellingson | Nov 2018 | A1 |
| 20180367533 | Ellingson et al. | Dec 2018 | A1 |
| 20190036899 | Ellingson et al. | Jan 2019 | A1 |
| 20190149552 | Ellingson | May 2019 | A1 |
| 20200067927 | Ellingson et al. | Feb 2020 | A1 |
| 20200111091 | Ellingson | Apr 2020 | A1 |
| 20200235914 | Zhang | Jul 2020 | A1 |
| 20200287716 | Zitlaw | Sep 2020 | A1 |
| 20200301670 | Thornton et al. | Sep 2020 | A1 |
| 20200322148 | McGough | Oct 2020 | A1 |
| 20210211271 | Kuang | Jul 2021 | A1 |
| 20210373854 | Hill | Dec 2021 | A1 |
| 20220126210 | Kumar | Apr 2022 | A1 |
| 20220158826 | Gordon | May 2022 | A1 |
| 20220271927 | Stayskal | Aug 2022 | A1 |
| 20220391174 | Kleijn et al. | Dec 2022 | A1 |
| 20230023529 | Jenkins | Jan 2023 | A1 |
| 20230048912 | Gasti | Feb 2023 | A1 |
| 20230155825 | Wu | May 2023 | A1 |
| 20230179411 | Van Loon | Jun 2023 | A1 |
| 20230180017 | Gadalin | Jun 2023 | A1 |
| 20240012619 | Ellingson et al. | Jan 2024 | A1 |
| 20240333501 | Durham | Oct 2024 | A1 |
| Number | Date | Country |
|---|---|---|
| 20180108910 | Oct 2018 | KR |
| 2012089967 | Jul 2012 | WO |
| 2018049116 | Mar 2018 | WO |
| 2018194801 | Oct 2018 | WO |
| 2018222281 | Dec 2018 | WO |
| 2019126823 | Jun 2019 | WO |
| 2019200215 | Oct 2019 | WO |
| 2020092886 | May 2020 | WO |
| 2024151476 | Jul 2024 | WO |
| Entry |
|---|
| Luo, Shoufu et al. Fingerprinting Cryptographic Protocols with Key Exchange Using an Entropy Measure. 2018 IEEE Security and Privacy Workshops (SPW). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8424648 (Year: 2018). |
| Kazumori, Kohel et al. A Ternary Fuzzy Extractor for Efficient Cryptographic Key Generation. 2019 IEEE 49th International Symposium on Multiple-Valued Logic (ISMVL). https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8758710 (Year: 2019). |
| Taneja, Sachin; Alioto, Massimo. Fully Synthesizable All-Digital Unified Dynamic Entropy Generation, Extraction, and Utilization Within the Same Cryptographic Core. IEEE Solid-State Circuits Letters, vol. 3. https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9199880 (Year: 2020). |
| Communication Relating to the Results of the Partial International Search issued by the International Search Authority (the European Patent Office) in related international application No. PCT/US2024/010399 on Apr. 26, 2024, 2 pages. |
| Cheng Haosu et al., “OSCO: An Open Security-Enhanced Compatible OpenFlow Platform,” Jun. 13, 2018, SAT 2015 18th International Conference, Austin, TX, USA, Sep. 24-27, 2015; [Lecture Notes in Computer Science; Lect. Notes Computer], Springer, Berlin, Heidelberg, pp. 66-77, XP047475241, ISBN: 978-3-540-74549-5, retrieved on Jun. 13, 2018] Sections 1-4, Figures 1-5. |
| Sharma purva et al., “Quantum Key Distribution Secured Optical Networks: A Survey,” IEEE Open Journal of the Communications Society, IEEE, vol. 2, Aug. 23, 2021, pp. 2049-2083, XP011877197, DOI: 10.1109/OJCOMS.2021.3106659, retrieved on Sep. 3, 2021, sections III, IV, V, figures 12-15, 17, 18. |
| Piotr K Tysowski et al., “The Engineering of a Scalable Multi-Site Communications System Utilizing Quantum Key Distribution (QKD),” arxiv.org, Cornell University Library, 201 Olin Library Cornell University Ithaca, NY 14853, Dec. 7, 2017, XP080845597, DOI: 10.1088/2058-9565/AA9A5D. |
| Amyx, Managed PKI Certificates: One step at a time toward security the IoT, Unshackle the Internet of Things, TechBeacon, 14 pages, 2016. |
| Bocek, Venafi Blog, Attack on Trust Threat Bulletin: Sony Breach Leaks Private Keys, Leaving Door Open, |Dec. 4, 2014, retrieved from https://www.venafi.com/blog/attack-on-trust-threat-bulletin-sony-breach, 7 pages. |
| Chiba et al., Dynamic Authorization Extensions to Remote Authentication Dial in User Service (RADIUS), Network Working Group, Microsoft Corporation, RFC 5176, Jan. 2008, 35 pages. |
| Cisco, Dynamic Shared Secret for the Cisco CMTS Routers, Feb. 14, 2008, Cisco IOS CMTS Software Configuration Guide, 32 pages. |
| Cnodder et al., RADIUS Dynamic Authorization Server MIB, Network Working Group, Cisco Systems, Inc., RFC 4673, Sep. 2006, 25 pages. |
| Commission on Enhancing National Cybersecurity, Report on Securing and Growing the Digital Economy, 100 pages, Dec. 1, 2016. |
| Cremers et al., A Family of Multi-Party Authentication Protocols, 12 pages, 2006. |
| DBIR, 2016 Data Breach Investigations Report—89% of breaches had a financial or espionage motive, Verizon 2016 Data Breach Investigations Report, pp. 1-85, 2016. |
| Dierks et al., The Transport Layer Security (TLS) Protocol Version 1.1, Network Working Group, https://tools.ietf.org/html/rfc4346?cm_mc_uid=55413578387314706858380&cm_mc_sid_50200000=14 72153170, pp. 1-174, Apr. 2006. |
| Dr. Dobbs, The Book Cipher Algorithm, retrieved from http://www.drdobbs.com/security/the-book-cipher-algorithm/210603676 on Sep. 24, 2008, 5 pages. |
| Glover, PC1 3.1: Stop Using SSL and Outdate TLS Immediately, http://blog.securitymetrics.com/2015/04/pci-3-1-ssl-and-tls.html, pp. 1-6, Aug. 25, 2016. |
| Grass et al., Draft NIST Special Publication 800-63B Digital Authentication Guideline, Authentication and Lifecycle Management, National Institute of Standards and Technology, U.S. Department of Commerce, pp. 1-48, Nov. 18, 2016. |
| Hosseinkhani et al., Using image as cipher key in AES, IJCSI International Journal of Computer Science Issues, vol. 9, Issue 2, No. 2, ISSN (Online): 1694-0814, pp. 538-544, Mar. 2012. |
| IBM Knowledge Center, RSCS Dynamic Authorization Server Virtual Machine, Version 6.3.0, 2 pages, 2023. |
| IBM, The Secure Sockets Layer and Transport Layer Security, Verification of X.509 Public Key Certificates for Secure Communications, http://www.ibm.com/developerworks/library/ws-ssi-security, pp. 1-48, Jun. 6, 2012. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2017/050614 on Mar. 12, 2019, 9 pages. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2018/027316 on Dec. 3, 2019, 9 pages. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2018/024521 dated Oct. 22, 2019, 7 pages. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2018/067444 dated Jun. 30, 2020, 6 pages. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2019/059369 dated Apr. 27, 2021, 5 pages. |
| International Preliminary Report on Patentability issued by the International Bureau of WIPO in related International Application No. PCT/US2019/027161 dated Oct. 13, 2020, 5 pages. |
| International Search Report and Written Opinion issued by the International Searching Authority, the Korean Intellectual Property Office, in related International Application No. PCT/US2019/059369 dated Feb. 24, 2020, 9 pages. |
| International Search Report and Written Opinion issued by the International Searching Authority, the Korean Intellectual Property Office, in related International Application No. PCT/US2019/027161 dated Aug. 13, 2019, 8 pages. |
| International Search Report and Written Opinion issued by the International Searching Authority (the European Patent Office) in related international application No. PCT/US2024/010399 on Jun. 17, 2024, 14 pages. |
| International Search Report and Written Opinion issued by the Korean Intellectual Property Office, as the International Searching Authority, in related International Application No. PCT/US2018/024521 dated Jul. 12, 2018, 9 pages. |
| International Search Report and Written Opinion issued by the Korean Intellectual Property Office, as the International Searching Authority, in related International Application No. PCT/US2018/067444 dated Apr. 5, 2019, 9 pages. |
| International Search Report and Written Opinion of the International Searching Authority, the Korean Intellectual Property Office, issued in related International Application No. PCT/US2017/050614 on Nov. 16, 2017, 11 pages. |
| International Search Report and Written Opinion of the International Searching Authority, the Korean Intellectual Property Office, issued in related International Application No. PCT/US2018/043634 on Oct. 26, 2018, 11 pages. |
| International Search Report and Written Opinion of the International Searching Authority, the Korean Intellectual Property Office, issued in related International Application No. PCT/US2018/027316 on Aug. 30, 2018, 11 pages. |
| Jarmoc, Transitive Trust and SSL/TLS Interception Proxies, SecureWorks, https://www.secureworks.com/research/transitive-trust, pp. 1-21, Mar. 21, 2012. |
| Juniper Networks, Inc., Enabling IMS AAA Dynamic Authorization, 1999-2010, 5 pages. |
| Kin-Wah, et al., On the Feasibility and Efficacy of Protection Routin in IP Networks, University of Pennsylvania Scholarly Commons, Departmental Papers, Department of Electrical & Systems Engineering, Proceedings of the IEEE 2010 Conference on Computer Communications (INFOCOM 2010), San Diego, CA, Mar. 2010, Dec. 10, 2009, 11 pages. |
| Levi et al., An efficient, dynamic and trust preserving public key infrastructure, IEEE.org, IEEE Xplore Digital Library, Aug. 6, 2002, 3 pages. |
| Lim et al., A Dynamic Key Infrastructure for GRID, Information Security Group, 10 pages, 2005. |
| Meyburgh, Dynamic Distributed Key Infrastructure DDKI, Tunnel Project with GateKeeper and KeyVault, A00214314, (COMP 8045 & COMP 8046), 47 pages, 2017. |
| Moreau, Why Should We Look for Alternatives to the Public Key Infrastructure (PKI) Model?, CONNOTECH Experts-conseils Inc., Aug. 1999, Quebec, Canada, 4 pages. |
| Palo Alto Networks, Government Endpoint, Use Case, 6 pages, 2018. |
| Pansa et al., Web Security Improving by Using Dynamic Password Authentication, 2011 International Conference on Network and Electronics Engineering, pp. 32-36, 2011. |
| RSA, Global Security Chiefs Offer Five Recommendations to Overhaul Outdated Information Security Processes, http://www.rsa.com/en_us/company/newsroom/global-security-chiefs-offer-five-recommendations-to-overhaul, pp. 1-11, Dec. 10, 2013. |
| RSA, Two-Factor Authentication is a Must for Mobile, https://blogs.rsa.com/two-factor-authentication-is-a-must-for-mobile, www.rsa.com, pp. 1-7, Aug. 24, 2016. |
| Salem et al., The Case for Dynamic Distribution for PKI-based Vanets, International Journal of Computer Networks & Communications (IJCNC), vol. 6, No. 1, pp. 61-78, Jan. 2014. |
| Stack Exchange, What can an attacker do with a stolen SSL private key? What should the web admin do? Retrieved from http://security.stackexchange.com/questions/16685/what-can-an-attacker, 2012. |
| Wang et al., ID-Based Authenticated Multi-Party Key Agreement Protocol to Multimedia Applications Systems, 2008 International Conference on Computer Science and Software Engineering, 2008 IEEE, 4 pages. |
| Whitenoise, Unclassified story of Whitenoise Super Key Encryption and Dynamic Identity Verification and Authentication, 9 pages, 2024. |
| Wikipedia, Dynamic SSL, https://en.wikipedia.org/wiki/Dynamic_SSL_Dynamic SSL—Wikipedia, the free encyclopedia, pp. 1-4, Aug. 25, 2016. |
| Wikipedia, Man-in-the-middle attack, https://en.wikipedia.org/w/index.php?title-Man-in-the-middle_attach&oldid=753645501, 5 pages, Dec. 8, 2016. |
| Wnlabs, One time pad security, retrieved from http://wnlabs.com/solution.html on Jun. 13, 2017, 2 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20240235815 A1 | Jul 2024 | US |
| Number | Date | Country | |
|---|---|---|---|
| 63438186 | Jan 2023 | US |
