CA2111572C - Digital signature algorithm - Google Patents

Digital signature algorithm

Info

Publication number
CA2111572C
CA2111572C CA002111572A CA2111572A CA2111572C CA 2111572 C CA2111572 C CA 2111572C CA 002111572 A CA002111572 A CA 002111572A CA 2111572 A CA2111572 A CA 2111572A CA 2111572 C CA2111572 C CA 2111572C
Authority
CA
Canada
Prior art keywords
value
mod
digital signature
message
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002111572A
Other languages
French (fr)
Other versions
CA2111572A1 (en
Inventor
David William Kravitz
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
UNITED STATES GOVERNMENT AS REPRESENTED BY THE SECRETARY OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECH
Original Assignee
UNITED STATES GOVERNMENT AS REPRESENTED BY THE SECRETARY OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by UNITED STATES GOVERNMENT AS REPRESENTED BY THE SECRETARY OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECH filed Critical UNITED STATES GOVERNMENT AS REPRESENTED BY THE SECRETARY OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECH
Publication of CA2111572A1 publication Critical patent/CA2111572A1/en
Application granted granted Critical
Publication of CA2111572C publication Critical patent/CA2111572C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3013Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems

Abstract

A method is provided for generating and verifying a digital signature of a message m. This method requires a pair of corresponding public and secret keys (y and x) for each signer, as well as a pair of public and secret values (r and k) generated for each message by the signer. The public value r is calculated according to the rule r = (g k mod p) mod q. A value s is then selected according to the rule s = k-1(H(m) + xr) mod q where H is a known conventional hashing function. The message m, along with the signature (r, s) is then transmitted. When the transmitted signal is received a verification process is provided. The received values of r and s are tested to determine whether they are congruent to 0 mod q. Additionnally, r is tested to determine whether it is equal to v mod q, where v is computed from r, s, m and y. For legitimately executed signatures, v = g k mod p.

Description

- WO 93/035~2 PCI~US92/06184 DIGITA~ 8IGNATURE ALGORIT~M

r~k~JrOuna of the Invention ~ :
1~ Field of the Invention.

~ The field of;this invention is data integrity, ; :~and in particular~ geDerating and verifying a digital signature for a message or data file.~:
2-) ~ Back~o~ Art.: :

When a~message is~ transmitted from one party to ~:
another,~ the~receiving party~may desire to determine whether:the~me~A~e:has~been~altered:in:transit. Further-:more, the receiv~ng~party~may wish~to be certain of theorigin of~the message:. It is known ~in the prior art to provide both of these~functions using digital signaturé
algorithms. Several~known~digital signature algorithms are available~or~verifying the integrity of a me~sage.
These known digital:~signature algorithms-may also be used to prove to a third: party that the message was signed by : :~:: : :
~he actual originator. ~
:

:SUBSlTll~rE SltEET

W093/03562 PCT/USg2/06184 21115'7~ 2 The use of public key cryptography to achieve instantiations of these digital signature algorithms is also known in the art. For example, Diffie and Hellman teach using public key cryptography to derive a digital signature algorithm in "New Directions in Cryptography,"
IEEE Transactions on Information Theory, Vol. IT-22 pp. 472-492, 1976. See also U.S. Patent No. 4,200,770.
Since then, several attempts have been made to find practical public key signature~techniques which depend on the difficulty of solving certain mathematical problems to make message alteration or forgery by unauthorized parties difficult. For example,~the Rivest-Shamir-Adleman system d~r~n~ on the difficulty of:factoring large integers.

:
Seé~R. Rivest, A. Shamir,~and L. Adléman, "A Method ~or Obt~ini~g Digital~Signatures and~Public Key Crypto-systems,"~Com~unications~of~the~ACM,:~Feb. 1978, Vol. 21, No.~2~,'pp.~ l2:0-l26~ and~U.S.~:Patent~No. 4,405,829.

Taher~ElGamal~teaches:~a~signature scheme in "A
Pub}ic Key Cryptosystem~and~a~SignatUre Scheme R~ on Discretè~ Logarithms"~ in~IEEE Transactions on~Information Theory,~ Vol. IT-31,~No. 4,~July 198S. It is believed that this:system relies on~the difficulty~of~computing discrete logarithms:over finite~fields.~In;the system taught by ElGamal:m:denotes~a~document~to be~signed, where O < m S p-l where ~ p ~ is ~ a~large prime and ~ is a primitive SUBSTITUTE SHEET

W093~03562 PCT/US92/06184 3 ~ 2 element mod p, both known. In any of the cryptographic systems h~s~ on discrete logarithms, p must be chosen such that p-1 has at least one large prime factor. If p-1 has only small prime factors, then computing the discrete logarithms is easy. The public file consists of a public key y - ax mod p for each user~where each user has a secret x, a large prime p, and a primitive element a. To sign a document, user A uses a secret key x~ to find a ,. ~
signature for m in such a~way~that all users can verify the authenticity of the~signature by using the public key ~: YA together with a and p~, and no one can forge a signature without knowing the secret x~.~

The signature~ for mt is~the pair (r,s), 0 S r,s ; < p-l, chosen such that ~
o~ yrr~mod p ~ Equation (1) -is satisfi d . ~

In;many~appllcàtions~it is convenient or neces-sary~ to sign~the message~on~ ine. ~However,~the Rivest-~Shamir-Adle~an~system~is~expensive to sign on-line. The sy~stem of~ElGamal,~however,~ allows~much of the computation to~be done~prior to going on-line since use is made o~
values~which are not~dependent upon message m. Thus, on-~ ~: SUB~ JTE SHEET

W093~03562 PCT/US92/06184 2 '~ 7 2 line signature generation is very simple in the system ofElGamal The signing procedure in the method taught by ElGamal includes three steps In the first step, a random number k is chosen such that k is uniformly between 0 and p-l, and gcd(k,p~ 1 Next, r is determined by the relationship ~r ~ ak mod p Equation (2) . ~
~; ~ In ~iew of Equation (2~, the~relationship which must be satisfied for determining the signature for message m, as set forth in Equation (~ may~be~written as : ~ :
o~ =~o~ od p ~ Equation (3) Equation (~3) may be~solved ~or J~by =sing m S~xr +~ks mod(p -~1) Equation (4) Equation~4) has~a solution~ for s;provided k is chosen such that;gcd(k, p~

In the method;~taught by ElGamal it is easy to verify~the~authenticity~of~the signature (r,sJ by comput-ing~both~sides of~Egu~tion ~ and determining that they are~equal ;The c-~ocen~value~of k should never be used ;more than once This~can~be guaranteed, for example, by :
'SUBSmUTE SHEET

S 21~1572 using a Data Encryption StA~Ard chip in the counter mode as a stream cipher to generate values of k.

It is possible to attempt two types of attacks on the signature scheme of ElGamal. The first type of attack includes attacks designed~to recover the secret key x. m e second type of~attack includes attacks designed to forge signatures without recoverinq x. Some of these attempted attacks are easily shown to ~e equivalent to computing discrete logarithms over GF(p).

In the first type~of attack attempt an intruder may try~to solve t equations of;the~form of Equation (4) when given lm~ :1, 2, ..:~.~, tl;~docuDents, together with the corresponding~signa~u~e~~(ri,s1): i = 1, 2, ..., t~.

However, there are;t ~l unknowns in this system of equa-tions since~each~signàture~uses a different value of k.
Thus, this~system~of~equations is~underdetermined and the number~:of soIutions.is~larg~e.~The~reason is that each value of x~yields a~solution~for~the~kf since a system of linear equations with~a:~diagonal matrix o~ coefficients results. Since p-l:is:chosen to have at least one large prime factor q, potential Le_u~ery o~x mod g would re-quire an eYronential'~number~of message-signature pairs.

If any value of k~ is~uséd twice in the signing, then the system of equations:is~uniquely~determined and x may be SUBS I I ~ UTE SHEEl WOg3/0356~ PCT/US92/oC184 2 1 1~ '7 2 recoverable. Thus, for the system o~ ElGamal to be se-cure, no value of k should be used more than once, as previously described.

In another attack attempt of this first type an intruder may try to solve equations o~ the form of Equa-tion (3). This is always eguivalent to computing discrete logarithms over GF(p), since both unknowns x and k appear in the exponent. ;In still another attack of this type an intruder may attempt to develop~some linear dependencies among the unknowns { ki = 1, 2, ..., t }. ~Thi~s is also equivalent to computing discrate logarithms~since i$ kf e~Ck~ mod ~p-1), then rl ;~ r~c mod p, ~ and~if c~can~be computed then computing discrete logarithms~is~easy.

In the~second~type~of~attack attempt, trying to forge;~signatures~without~knowledge o~f x, a ~orger may try~
to~ find~ r ~and s~ such~that;~Equation~(l) is satisfied for a rl~ment~m.~ If~r~ ai~mod~p~is fixed~for some ~ chosen at ;random, then computing;s is equivalent to solvin~ a dis-crete logaritkm problem over GF~p). ~

If the ~forger~fixes s first, then r may be computed as follows~

.
:: ::
: ~ ~

r~l Inc~T~Tl tTC ~UC~T

2ill~72 r 8y r - A mod p Equation (5) ..

Solving Equation (5) for r may not be as hard as computing discrete logarithms. However, it is believed that solving Equation (5) in polynomial time is not feasible. In another possible attack of the second type, a forger may try to solve Equation (l) for both r and s simultaneously.
However, it is believed:that an efficient algorithm for doing so is not known.~

: The signature~scheme of:ElGamal also permits an ~attack:attempt wherein~the~intruder,~knowing one legiti-mate signature ~(r~s)~for:one~message m~ may generate other legitimate signatures~(r,sJ~ and~messages m. However, this sttack~attempt,~aLthough~imple ntable,~does not allow the intruder to~sign~an~rbitrary~message~m and therefore does not~;break:the~system.;~ This :l~imited:ability to create ac~ able~message-si~nature~pairs can~be avoided by reguiring~;m~to~haYe~a~ certain;~structure.~ Alternatively this can be~avoided~ ffl~applying~a~one-'way function H to message'm~ before~s~ ng.~it.~ This~causes a~::potential forger to be unable to~determine:a value of m which cor-to the~(m)~ which~:was~.signed using the method shown bel~w.~ The~forger~must~;;be~ab~le:tQ transmit such an m~to;~the~verifier,~ if:~:~the~forgery;is to be considered suc~c~ful.

; SUBS ~ JTE SHEET

W093/03562 PCT/US92/061~

2111~72 8 Given a signature ~r,s) for the legitimately signed message m, then aJ ~ yrr g mod p.

Integers A, B, and C are selected by the forger arbi-trarily such that (Ar - Cs) is relatively prime to p - 1.
The values of r', s', m' are selected such that :

r = ~AaByC mod p, s' = sr';/(Ar-Cs) mod(p - 1), m' = r'(Am ~ ~Bs) /(Ar - Csjmod(p - 1) .

~Then it is claimed~that ~(r'~,s') signs;the message m': The : verification equation~will be~satisf~ied, since yr'r~ e ~yr'~ (r~AaB~y~9 g~ C

( y r ~ -~ ~cs ~ ~cg~ a~ ~a Bs~ C

( (yrr ~ aBsr~ c8) ~ ~ Bs~ Cs):

~ wherein~all~calculations~are~performed;~mod p.

..
,. ~ .

As~:a~e~ case,~setting A = 0, verifiable signaLu~s~(r',s')~ may~be~generated with corresron~in~
ssages~m' with ue~ ~-t~ eo a~ny signature:

:~

:
~: :
SUBSmUrE SHEET
:

9 ~ 1 1 1'3'~~ 2 = a8yCmod p, s' = -r'/C mod (p-l ), m' = -r'B/C mod (p-l ) .
Thus it will be understood by those skilled in the art that applying a one-way function H to message m, prior to signing, thwarts the general and special-case attack .
attempts. It will also be understood ~hat function ~ may be used to form a digest of long messages so that the signature function does not have to be iteratively applied to segments of the full message m. This results in fur-ther efficiency.

U.S. Patent No. 4,995,082, issued to Schnorr, ~n : : February l9, l99l, entitled "Method for Identifying Sub-scribers:and for:Generating and ~erifying Electronic Signatures in a Data Exchange~System,i' provides a system wherein co~munication~and:verifiaation is more efficient relative to ElGamal~.~ Additionally,~tb~ system of Schnorr maintains the extremely efficient on-line signing capabil-ity.~ However, some~of~'the desirable~features of ElGamal, as~w~ as the extensive~body~of~ëxpérience and literature a~sociated with the ElGamal model, are not applicable to the:~Schnorr:model.~

: Thus, it~is~desirable to provide a system having efficiencies~of~on-line~signing,:;communication, and ver-ificat~ion which are comparable to the~system of Schnorr :

' ~ ' SUBs~ TEsHE~T

;' W093/03562 Pcr/us92/~

while still ~aintaining compatibility with the ElGamal model and its analytical tools ~n particular, it is desirable to retain the complexity of the ElGamal ~igna-ture equation which enables secure use of the straight-forward expression N(mJ, rather than simplifying the signature equation at the expense of replacing H(m) by Schnorr's H(~k mod p,m), 8nMNARY OF~T~E l~.V~ ON

A method~is provided for generating and verify-ing a digital signature of~a~message m This method requ~ires a pair;;of~ corresponding public and secret keys (y and x) for~each signer, as well~as a pair of public and seCret values (r and~ :k~): generated for;each message by the sign-r The publlC ~alue~r~is~calculated according to the rule r~ g~mod p)~ mod~ A ~va:lue s ~is then selected according~to the rule s~ k~~tn~+~;xr) mod~q where ~ is a~known~conventional~'h~shi~ function The~message m, along~with the s ~ (r,s~)~is~th n tr~ne~itted When the transmitted signal~is~received a verification process is proYided~ The~recelved~values of r and s are tested to determine~whether~ ey~are congruent to ~ mod q Addi-tionally, r is tésted~to~determine whether it is egual to mod g, where v~is~compùtéd~from~r, s, m and y For legitimately executed~signatures, v = gk mod p.

SUBSTITUTE SHEET

W093/03S62 PCT/US92/061~

ll 2111S72 BRIEF DESCRIPTION OF THE DR~WINGS

Figs. 1, 2 show the digital signature algorithm of the present invention, Fîg. 3 shows a h~ching algorithm suitable for use within the digital signature algorithm of Pigs. l, 2.

DET~TT~ DESCRIPTION OF ~HE lNV~:N-~ION

Referring now to Figs. 1, 2, there is shown digital signature algorithm 10. In digital signature algorithm 10, the two keys in a pair of private and public keys are used respectively to~generate~and verify digital signatures (r,s), each of which corresponds to a trans-mitted message m. Using digital signature algorithm 10 the holder of a private key~ nay generate a digital signa-ture f or message m where message m may contain any amount of data. ~A holder of the~co~responding~public key may then~receive message m~and verify the signature [r,s). An intruder~who does not~know~the~private~key cannot generate the~signature~(r,s)~;of the holder of~the private key for any ~essage m and therefore signatures (r,s) cannot be forged.- ~An intruder;also~cannot alter any signed message m without invalidating the signature ~(r,s).

If digital~signature algorithm 10 is to be used effectively, a means of associating à public and private .

SUB~ UTE SHEEr WO 93/03562 PCr/US92/06184 2 1 i i - r~ 2 key pair With each signer is required. There mUst be a binding of information identifying the signer with the corresponding public key. In order to insure that each private key or secret key i5 held by the individual whose identity is bound to the correspondîng public key, this bin~in~ must be certified by a mutually trusted third party. For example, a certifying authority may sign credentials containing the public key of a user of digital signature algorithm 10 and the identity of the user to form a certificate. ~ ~

Executîon of~digital signature algorithm 10 of the pl Fent invention begins~at~start~terminal S. A user of digital signature~algorithm~10 first selects a secret value of k as shown in block l5. The selected k is a secret~integer generated~by the signer~for each message m.
The~value of k is chosen~such that O<k~g. The k of digi-'tal signature~algorithm~lO~ y be~generated in a random or ps~llAo-random fashion.~It~will be~understood by those ;skille~in the art~ that~the~pseudo-random generation of integer k may be performëd in any conventional manner~

:~
In block~2~0~of~digital signature algorithm lO a determina~tion is made of~ g-~ mod p.~ It is known în the art ;to~determine the quantlty~of block 20~and~transmit this ~ quantity. However, this~quantity can be quite long.

: :
SU~STITUTE SHE~T

Therefore, in block 25, the quantity of block 20 is re-duced to a one hundred sixty bit image by reducing it mod g as follows r = (g~ mod p) mod ~. Equation (6) In order to generate r as set forth in Equation (6), the value g is determined as follows:
: g = h/p-aJ/q mod p, Equation (7) where h is any non-zero integer mod p such that h (p-lJ/q is not congruent to l~;mod p.~ The value~g may be common to all users of digital~signature algorithm~10. In Equation (63, p~is a~prime:modulus,~where 25ll<p~25l2.~: The prime modulus p may be co ~ n~to~all~users of digital signature ;algorithm lO.~: The~value~q~is a~prime divisor of (p-l), where:~2~59<q<2l60. ~q~may~also~be::co., on to all users of gital~signatore algorithm~10~

erlttion~of~digital~ signature algorithm lO then p ~ to block~3~0~where~the:~quantity k~l mod q.is determinéd~ This~va;lue~will be~useful in the determina-tion of the signature for transmission within the system of'~digital si~-t~re algorithm~lO..~It will be understood y~those~skil~led~in~the:art that all;of the operations performed~within~digitaI signature algorithm 10 up to and including~the computation~of~block:30 are independent of ~essage m. Thus, these;computations may be made off-line, .

2 1 11 3r~2 14 thereby permitting a greatly ~hortened on-line signing pro~e~re. ~

Execution of digital signature algorithm lO then proceeds to block 35 whexein message m is h~Fh~A. This hAshi~g of message~ m performed in~block 35 provides an output of one hundred sixty bits or less, denoted ~y H(m).
Many conventional h~hing algorithms, suitable ~or hashing ; message m as shown in block~35 of algorithm lO, are known in the prior art. Additionally, it will be understood that the message to~which~the~hashing algorithm is applied may be in an unencrypted form.

When r and k~l mod g are determined as set forth in Equations (6) and ~7~ the value~of s for message m may be~determined~ as shown in~block-~40 of digital signature algorieh~;~0~

s=k~l(H(mJ+xr)mod ~q. Equation (8) ~he~so}ution of Eguation~(8~) of block 40 of digital signa-ture~a1gorithm~10~also~re~ults ~in~ a~one hu~-dLed sixty bit integer. The values r~:and. s thus determined respectively in~bIocks~2~5,~40, constitute the signature (r,s) of mes-;sage m. ~They are~transmitted along with message m to the reCipient~as shown~in~block~45. It Will be understood ; ;~ that m may be transmitted in~an unencrypted form. Execu-: ~
~ : : SUBSmUTE SHEET

WOg3/03562 PCT/US92/06184 2 ~ 7 2 ., . . ~ . .

tion of algorithm 10 then proceeds by way of off-page connector 50 Within digital signature algorithm 10, each signer is provided with~a secret key x, where 0 < x < q A secret key x is fixed for all messages m transmitted by an individual user of algorithm lO Additionally, public key y is provided to the user holding the secret key x or secret value x, where y = gx mod p ~ Prior to verifying a signature (r,s), the public key y and the identity of the signer who possesses the corresponding secret key x must ~be available to the~recipient in an~authenticated manner~
where~the ultimate~purpose of~verification is to prove that (r,s) was originally created~by;one who had knowledge of~the~value of x which~corresponds~to th~ particular value of~ y If x~has~not~been compromised, this signer is known to~ be the one ~ ose identity is linked to the par-ticular y~in ~an~authenticated mann-r ~ Additionally, the recipient must;know~the~global values~g, p, and q Execution~of-algorithm~lO then proceeds by way of on-page connector~55~to~start terminal 60 After receiving message~m~as~shown ~in~block~65, along with its ;purported~signature~(r~,s)~ the~recipient within the system ~of the present invention~must~verify both the received r and the received~s~ ~It~will be understood therefore that ~ SUBSTlTUrE SltEET

wo s3~03s62 Pcr/uss2to6ls4 and the received s. It will be understood therefore that within digital signature algorithm 10 the prior art kernel gk mod p is reduced mod q and transmitted. gk mod p is then recovered and verified within algorithm 10. ThUs, using the system of the present invention, the prior art gk mod p may be reconstructed at~ the receiving end rather than transmitted by~the~cend~r~

Therefore, a determination is made at decision diamond 70 of algorithm 10 whether either s or r is con-gruent to 0 mod q. :If~either~:r or s~ is congruent to 0 mod :
then execution:pr~oceeds~to:block l~5 and the received' signature~ ~r,s) is rejeGted~by~dlgital signature algorithm lO. :If r and s are:~not~ol-~L~ent~to 0 mod g, then the recip~ent pro~ee~q~vit~verification~of the received signature (r,:s) as~shown~in ~h~ verification box 75.

Digital~signature~algorithm~10, upon entering ch~ verifi~ation~bloek 75~ rec~overs: gk mod p as shown in~d~ch~A ~ vvery block~80.~ is~ known in the art to recover g:~ mod p after;receiving a transmltted message because many prior~a:rt~methods~transmitted gk modp with-out~any~;reducing prior~to~transmission. Within recovery block 80, the values~of~u~ and~u2~are determined as shown , in block 85. The :values~ of; block 85 are determined as ~ ~:
' ~ Ul = (H(mJ ) (5) -I mod:q, and u2 =~(rJ~sJ~l mod q. Determina-~: : gUBSTlTllTE: SHEE~-W093/03562 PCT/USg2/06184 17 2 ~ 7 ~

tion of the values ul and u2 permits a determination of gk mod p from u1, u2, and y as set forth in Equation t9).
This determination is shown in block 90. It will be understood by those ski:lled in the art that it is not known at this point whether the quantity recovered in blocX 90 is a legitimate g~k mod p. .However, ~Yec~tion of digital signature algorithm 10 proceeds on the assumption th'at it is legitimate and checks this assumption.

V~= ~(g)Ul(y)4 ~ d p ~ (gN(~)(yr))~S~'~mod p = (gff(m)~x~)*~N(mi~xr) mod p ~ = gk~mod~p].~ Equation (9) .
Within dashed~checking~bloaX 95, the recovered ;quantity yk mod~p~of~;Equation (~9) is checked:by first determining *he;value~of,w:~as shown:in block lO0. The value~of~blocX~lOO~is determined~:as~w:~= v mod g. In ::deoision diamond lOS'~a,~determ;n~tion~is made:as to whether the~Fecèived~value~of::r~is~equal:~to~the:mod~q''r~educed value~of g~mocl p,~where~m,k,r and s satisfy the relation-s~ip~:~set~fo~th in~Eguation:~8),~ for;'the given value of y.
I~~the~determination~of~decision lO5~is~affirmative, execution ~.ieed~;to~verify~:blocX llO:where the signature (r~sJ~received ~in~block~65:is considered verified by : : : ~ ~ :

SUBS I l I UTE :SHEET
:: ~

W093/03562 PCT/US92/061~

j 7 2 18 digital signature algorithm lO. I~ the determination of decision diamond 105 is negative, execution proceeds to reject box 115 where ~he received signature (r~sJ is rejected.

The security of digital signature algorithm 10 is dependent upon maintaining the secrecy of private keys.
Users of digital signature algorithm 10 must therefore guard against the unauthorized disclosure of their private keys. In addition, the hash function H of block 35 used to determine the value :of s must be selected such that it is computationally infeasible to find any message m which has a given hash value.: Likewise, it should be computa-:tionally infeasible to find any pair of distinct messages m which hash to the same value~

Referring now:to Fig. 3, there is shown hashing algorithm 150. A conventional algorithm such as algorithm - : :
150 may be found:, for example, in R~L. Rivest, "The MD4 ~ge~Digest Algorithm,"~Abstracts Crypto '90, pp.. 281-291:. ~As previously~de-cribed~, the~signature and verifica-~tion processes within digital signature algorithm lO

: re~uire a secure hash~algorithm which takes an arbitrary I
length message as~input and o~L~-s a hash value of length one hilnAred sixty bits;or:~less. ~h;~g algorithm lS0 is :: suitable for performing the hashing function of digital signature algorithm 10 as set forth in block 35. It will ~' sussmuTE SHEET

19 2ill~72 ~e understood by those skilled in the art that conven-tional hashing functions other than hashing algorithm 150 may also be used to perform the hashing function of block 35 within digital signature algorithm 10.

Execution of hashing algorithm 150 proceeds from block 30 of digital signature algorithm 10 and begins at start terminal 152. Hashing algorithm 150 then receives as its input a b-bit message m to ~e hashed as shown in block 153 and operates to provide a message digest A, B, C, D as its output. The:number of bits b in the message m received in block 153 is an arbitrary non-negative in-teger. The value of:b may be zero and it need not be a multiple of eight. Furthermore, b may ~e arbitrarily large. The bits of message m ~ay~be described as follows:

mOm~ mb-l The next step of hAQhi~g algorithm 150 is pad-di~g or extending message m~so that its length in bits is : congruent to~4;48, modulo 512~, as~shown in dashed padding block 155. Thus, message~m is extended so that it is just ~sixty-four bits short of~being a multiple of five hundred :twelve bits long. ~Padding of mc~s~ge m must always be performed within hashing algorithm 150, even if the length of message m is already congruent to 448, modulo 512. In the case where the length~of message m is already con-: su8smuT~ SHEET

~''b 2~ 2 20 gruent to 448, modulo 512, five hundred twelve bits ofpadding are A~e~ in dashed padding block 155~

In the padding of message m set forth in padding block 155, a single bit having a value of one is appended to message m as shown in block 160 within padding block 155. Then enough zero bits are appended to message m to c~lls~ the length in bits of padded message m to become ~o~ ent~to 448, modul~o 512~as shown in block 165. The r~Aing operation of padding block 155 is thus invertible :so that different inputs yield different ou~ s. The r~Aing operation of~dashèd padding block 155 would not be ,invertible if it were done only with zeros.

~ c~ltion of;~h~shi;ng algorithm 150 then proceeds to block 170, where a:sixty-four bit representation of b s~appenA~d to the:re~sult~o~f~the appending operations of blocks 160,~165. It~will~be understood that b is the length:of~message~m~before~the~padding:bits are added as set~forth in~bloc;ks~l60,~165.~;This sixty-four bit repre-sentation i6:~rr~nA~ as two,thirty-two bit words, low-,order word first. In the unlikely event that b is greater than 2~', then only~the l~o~ oIder;sixty four bits are rr~n~A in ~l:ock 170.~ At~this stage:in the exec~tion of h~chi~n~ algorithm l50,~the resulting padded message has a ~length that is an exact~multiple of five hundred twelve .

: ~ S'JBSTIJUTESHEET

WOg3/03562 PCT/US92/o61~

21 ~lllj'7~

bits. Equivalently, this padded message has a length that is an exact multiple of sixteen words where each word is understood to be thirty-two bits. Let M ~ u ], O < u < N-l, denote the word~ of the message resulting from processing in block 170, where N is a multiple of sixteen.
:
~ Yer~ltion of~h~hlng algorithm lS0 then proceeds to dashed message digest;block~175 where a four word buffer is used to compute the message digest A, B, C, ~.
Each of the four words::of the message digest A, B, C, D is a thirty-two bit register.~ In block 180 of message digest block 175 these registers are initialized to the hexadeci-mal values shown in~Table I,~low-order bytes first.

: Word;A:: 0l 23~45 67 Word;B~ 8~9~ab cd~ef Word C:~:fe~dc ba 98 Word~D~ ;7~6 54 32 10 :Table I ;

Three~auxiliary functions f~, f2, f3, are then defined~as~shown in~block~l85.~The auxiliary functions :fl,~ f2, f3,~are~set~forth~in~Table II.~ Each auxiliary ;function fl, f2, f3, of:Table II receives as input three thirty-two bit words~X,~Y, Z and~produces as ou~ one thirty-two:bit word~f~(X,Y,8~), f2(X,Y,Z), and f3(X,Y,Z) respectively.:

SUBS I 11 ~ITE S~EET

WO g3/03~62 P~r/USg2/06184 2111~2 22 fi (X, Y, Z~ = XY V ( ~X) Z
f2 ~X, Y, Z) - ~ V XZ V YZ
f3 (X, Y, Z) - X~$) Y~Z
Table II

In each bit position of the input words X, YJ Z
the auxiliary function fl acts as a conditional to imple-ment the condition: if X then ~ else Z. In each bit position the auxiliary function f2 acts as a ~ajority function: if a~ least two of X, Y, Z have a value of one, then f2 has a one in that bit position. The auxiliary function f3 applies the bit-wise:exclusive OR or parity function to each bit position.: If the bits of X, Y, and Z
are independent and unbiased, then each bit of f1(X,Y,Z) , i5 independent and;~unbiased. Similarly the auxiliary functions f2(X,Y,Z) and~f3(X,Y,Z) are independent and : :unbiased if~ tbe bits of~X, Y, and Z are independent and unbiased.

ng algorithm 150 initializes the loop :~
induction variab1e~n~to:zéro in blook 186, and then sets '~he current values of the array X~j] ~or O ~ j < 15 in : ~
~: blo k 187~and~performs~a~set of thre~ rounds of h~h;ng as :
show~ in blocks l90,~195, 197,~where array X~j] is updated and three ro~1n~ of ~Aphin9~ ~are performed a total of N/16 times. In rou1,~s two and three, hA5hing algorithm 150 -:

: SUBSTITUTE SHEET

23 ~ 2 uses constants. The round two constant is the square root of two and the round three constant is the square root of three. The values oP these constants, with high-order digits given first, are set forth in Table III.
Octal Hex Round 2 constant (¦~) 013240474631 5A82799~
Round 3 constant ~ 01S666365641 6E~9EBAl Table III

: Each of the N/16:sets of three rounds begins with execution of the instruction sequence in Table IV as occurs in block 187, where~the valùe of n denotes the set currently being processed.: ;The sets are indexed by 0:to (N/16)~

: Set Xt~j~3~to M~n*16~j]:,~:for j = 0, 1, ..., 15.
Save A as~AA~,;B~:as:~:BB,~C as CC, and D as DD.
Table lV

: When::execution ~of hAchi ng: algorithm 150 prO~ c :~
to~block~l90 and~round~one~of~the: :h~~~h;n~ occurs, tA B C D
t]~::denotes~the operation:A =~(A~ fl(B,C,D) + Xti]) <~<
t.: It~will be~understood:~by those skilled in the art that (A~<<<t)~denotes the~thirty-two~bit~value obtained by çir~ularly~shi~fting~or~ro.tating~A left t bit positions.
The~:operation denoted~above~generically by [A B C D i t]
:oc~L~, sixteen times~during round one, where the values :

:~ :

UBSl l l lJTE SHEET

2111~72 24 assumed consecutively by operands A, B, C, D, i, and t respectively a~e given in Table V.

D A B C l 7 C D A B 2 ll-B C D A 3 l9 tC D A B 6 ll rB C D A:7 I9 A B C D:8 3 : D A B C 9 7 : C D A B:lO:: ll;
B C D:~A ll l9:

D A:B C 13 7 - ~ ~ C:D~A~B~::14 ll .B C~D A~15~ 19~:
Table V
:

When execution~proceeds to block 195, round two of~the~h~ebing algorit ~ ~150 begins.~ In round two tA B C
D i:~t~denotes~the;~operation A =~A + f2(B,C,D) + X~i3 +
5A8279:99~) <~< t. ~The~operation~denoted immediately above by;~[A~B~C D~l t]:o~u.s~sixteen~times during~round two, where~;the values~assume~consecutively~by operands A, B, -D,~ and:~t~r -pectlv ly~are~given in Table~VI.

.

SUBSTITU~E SHEET

W093/03562 PCT/US92/~6184 2~i 2ill~j72 tA B C D 0 3]
~D A B C 4 5 ~B C D A 13 13.

: ~C D A B 11 9 ~able VI

.
When execution~proceeds to block 197, round ~three o~ the:h~ g algorithm 150 be~ins. In round three ~A B C D i t] denotes:~the operation A - (A + f3(B,C~D) +
X[i3 + 6ED9EBAl) <<< t. ;The operation denoted i~mediately above by ~[A B:C~D~i t];occurs sixteen~times during round : three, where~thé values~ assumed consecuti~ely by operands A, B,; C,~ D, i,: and~t~ respectively ~are given in Table VII.

,~ ~

:

: - .

:~

~ ~ SUBSrlT~JTESHEET

W093/0~562 PCT/US92~06~84 D A B C lO 9 : B C D A 13 15 : C D A B 7 11 B C D A~15 15 ~able VII
::
: ~ After round:three is complete, execution of : h~h;ng algorithm 150~within~block 35 of digital signature algorith~ lO proceed~ to block 199 where the following :additions a~e performed~

B~ B:*~:BB~
D:=:~D~ DD ~

Thus~, ea~ of th- rQur reglsters A, B, C, D
which~together uItimately~form~the~digest of~the recei~ed me~ssage is incremented by~;the~val~e it had-before the particular set was~started~

The~message~digest produced as the o~uL of h~ sh;~n~ algorithm 150~within;digital;signature algorithm 10 is thus the 4-tuple of:values of A, B, C, D obtained in block l99 after processing the last set. The loop induc-.

SllBSTITUTE- SHEET

W093/03562 PCT/USg2/06184 tion variable is incremented in block 201 and tested in decision diamond 202. If execution is not complete block 187 is performed again. Otherwise e~clltion of algorithm 50 ~oc~eA~ to exit terminal 203.

It will be understo d by those skilled in the art that more than one hundred twenty eight bits of~output may be required in some applications. This may be accom-plished, for example, by~providing two systems in parallel wherein each of the parallel systems executes hashing algorithm 150 with appropriately chosen constants and initialized registers, in order to~provide at most two Ared fifty six blts of final output.

:
Although~an~example mode, which includes specification of parameter range restrictions, for carry-ing out the~presènt invention has~been herein shown and described, it will~be~apparent~that~modification and variation may be made~'without~departing from what is ~ega:ae~to~be;the~subject-~matter of~this invention.
i~ I claim~

.
:

: ~ : : : :~ ' : ' ~ ~::

~ ~ SlIB~lllUTE S~ET

Claims (44)

1. A method for generating a digital signature (r,s) of a message m in a system wherein information is transmitted and received by users of said system, comprising the steps of:
(a) providing a secret value k unique to said message m;
(b) providing a public value g;
(c) calculating said value r proceeding from a prime modulus p and a value q selected to be a prime divisor of p-1 according to the rule r = (g k mod p) mod g;

(d) applying a hashing transform H only to said message m to generate a transformed message H(m);

(e) calculating said value s according to the rule s = f (H(m)) where said value s is a function of m only by way of said transformed message H (m); and, (f) generating a signal representative of said digital signature (r,s) in accordance with said value r and said value s and transmitting said generated signal.
2. The method for generating a digital signature (r,s) of Claim 1, wherein step (a) comprises the step of randomly selecting said secret value k.
3. The method for generating a digital signature (r,s) of Claim 1, wherein step (b) comprises the step of calculating said value g proceeding from a value h which may be any non-zero integer such that h(p-1)/q is not congruent to 1 mod p according to the rule g = h(p-1)/q mod p.
4. The method for generating a digital signature (r, s) of Claim 1, wherein step (d) comprises the step of transforming said message m by applying a one-way transform H to said message m.
5. The method for generating a digital signature (r,s) of Claim 1, wherein step (e) further comprises the step of calculating said value s according to the rule s = k-1 (H(m) + xr) mod q wherein said value x is a secret value.
6. The method for generating a digital signature (r,s) of Claim 1, wherein steps (a)-(c) are performed prior to knowledge of said message m.
7. The method for generating a digital signature (r,s) of Claim 1, comprising the further step of transmitting a signed message formed of said message m and said digital signature (r,s).
8. The method for generating a digital signature (r,s) of Claim 7, comprising the further steps of:
(g) receiving said transmitted signed message including a received digital signature (r,s) with a received value r and a received value s; and, (h) verifying said received digital signature (r,s).
9. The method for generating a digital signature (r,s) of Claim 8, wherein step (h) comprises the step of reconstructing said g k mod p of step (c) to provide a recovered g k mod p.
10. The method for generating a digital signature (r,s) of Claim 9, comprising the step of determining a value v proceeding from a value u1 = (H(m))(s)-1 mod q and a value u2 = (r)(s)-1 mod q according to the rule v= (g)u1(y)u2mod p wherein said value y is congruent to g x mod p and said value x is a secret value.
11. The method for generating a digital signature (r,s) of Claim 10, comprising the step of determining whether said determined value v after reduction mod q is the same as said received value r.
12. The method for generating a digital signature (r,s) of Claim 11, comprising the further step of determining that said received digital signature (r,s) is verified in response to determining that said determined value v after reduction mod q is the same as said received value r.
13. The method for generating a digital signature (r,s) of Claim 8, wherein step (h) further comprises the step of determining whether said received value r is congruent to 0 mod q.
14. The method for generating a digital signature (r,s) of Claim 8, wherein step (h) further comprises the step of determining whether said received value s is congruent to 0 mod q.
15. A system for generating a digital signature (r,s) of a message m wherein information is transmitted and received by users of said system, comprising:
a secret value k unique to said message m;
a public value g;
transform means for applying a hashing transform H
only to said message m to generate a transformed message H(m);
means for calculating said value r proceeding from a prime modulus p and a value q selected to be a prime divisor of p-1 according to the rule r = (g k mod p) mod q;
means for calculating said value s according to the rule s = f(H(m)) where said value s is a function of said message m only by way of H(m);
generating means for receiving said calculated values of r and s and generating a signed message formed of said message m and said digital signature (r,s); and, transmitting means for transmitting said generated signal.
16. The system for generating a digital signature (r,s) of Claim 15, wherein said secret value k is randomly selected.
17. The system for generating a digital signature (r,s) of Claim 15, wherein said public value g is calculated proceeding from a value h which may be any non-zero integer such that h(P-1)/q is not congruent to 1 mod p according to the rule g = h (p-1)/q mod p.
18. The system for generating a digital signature (r,s) of Claim 15, wherein said transform means comprises one-way transform means for transforming said message m by applying a one-way hashing transform H to said message m.
19. The system for generating a digital signature (r,s) of Claim 15, wherein a value x is a secret value and said value s is calculated according to the rule s = k-1 (H(m) + xr) mod q.
20. The system for generating a digital signature (r,s) of Claim 15, wherein said values k, g, and r are determined independently of said message m.
21. The system for generating a digital signature (r,s) of Claim 15, further comprising:
means for receiving said transmitted signed message;
and, verifying means for verifying said digital signature (r,s).
22. The system for generating a digital signature (r,s) of Claim 21, wherein said verifying means further comprises means for reconstructing said g k mod p to provide a recovered g k mod p within said verifying means.
23. The system for generating a digital signature (r,s) of Claim 22, further comprising means for determining a value v proceeding from a value u l = (H(m))(s)-1 mod q and a value u2 = (r)(s)-1 mod q according to the rule v= (g) u2 (y) u2 mod p wherein said value y is congruent to g x mod p and said value x is a secret value.
24. The system for generating a digital signature (r,s) of Claim 23, further comprising means for determining whether said determined value of v after reduction mod q is the same as said received value r.
25. The system for generating a digital signature (r,s) of Claim 24, further comprising means for determining that said signature (r,s) is verified in response to determining that said value v after reduction mod q is the same as said received value r.
26. The system for generating a digital signature (r,s) of Claim 21, wherein said verifying means comprises means for determining whether said value r is congruent to 0 mod q.
27. The system for generating a digital signature (r,s) of Claim 21, wherein said verifying means comprises means for determining whether said value s is congruent to 0 mod q.
28. A method for generating and verifying a digital signature (r,s) of a message m in a system wherein information is transmitted and received by users of said system, comprising the steps of:
(a) providing a secret value k unique to said message m;
(b) providing a public value g;
(c) determining said value r proceeding from a prime modulus p according to the rule r = F(g k mod p) wherein F is a reduction function independent of said message m;
(d) receiving a signed message formed of said message m and said digital signature (r,s);
(e) recovering and isolating g k mod p in accordance with said message m;
(f) determining whether said isolated g k mod p after reduction according to said reduction function F is the same as said received value r;
(g) determining that said signature (r,s) is verified in accordance with the determination of step (f); and, (h) generating a verification signal in accordance with step (g) and transmitting said verification signal.
29. The method for generating and verifying a digital signature (r,s) of Claim 28, wherein step (b) comprises calculating said value g proceeding from a value h which may be any non-zero integer such that h(p-1)/q is not congruent to 1 mod p according to the rule g = h(p-1)/q mod p said value q being selected to be a prime divisor of p-1.
30. The method for generating and verifying a digital signature (r,s) of Claim 28, wherein step (a) comprises randomly selecting said secret value k.
31. The method for generating and verifying a digital signature (r,s) of Claim 29, wherein said reduction function F comprises reduction mod q.
32. The method for generating and verifying a digital signature (r,s) of Claim 29, further comprising the step of determining a value v proceeding from a value u1 =
(H(m))(s)-1 mod q and a value u2 = (r)(s)-1 mod q, according to the rule v = (g) u1 (y) u2 mod p where said value y is congruent to g x mod p and said value x is a secret value.
33. The method for generating and verifying a digital signature (r,s) of Claim 29, further comprising the step of calculating said value r proceeding from a prime modulus p, according to the rule r = (g k mod p) mod q prior to knowledge of said message m.
34. The method for generating and verifying a digital signature (r,s) of Claim 28, further comprising the step of calculating said value s according to the rule s = f(H(m)) where H is a hashing transform for producing a transformed message H(m) and said value s is a function of m only by way of said transformed message H(m).
35. The method for generating and verifying a digital signature (r,s) of Claim 34, comprising the step of transforming said message m by applying a one-way transform H to said message m.
36. The method for generating and verifying a digital signature (r,s) of Claim 29, further comprising the step of calculating said value s according to the rule s = k-1 ((H(m) + xr) mod q wherein said value x is a secret value.
37. The method for generating and verifying a digital signature (r,s) of Claim 36, comprising the step of determining k-1 prior to knowledge of message m.
38. The method for generating and verifying a digital signature (r,s) of Claim 28, wherein steps (a)-(c) are formed prior to knowledge of said message m.
39. The method for generating and verifying a digital signature of Claim 36, comprising the further step of transmitting a signed message formed of said message m and said digital signature (r,s) proceeding from said calculated value of s.
40. The method for generating and verifying a digital signature (r,s) of Claim 29, wherein step (g) further comprises the step of determining verification in accordance with a determination whether said received value r is congruent to 0 mod q.
41. The method for generating and verifying a digital signature (r,s) of Claim 29, wherein step (g) further comprises the step of determining verification in accordance with a determination whether said received value s is congruent to 0 mod q.
42. The method for generating a digital signature (r,s) of Claim 5, wherein k-1 is determined prior to knowledge of said message m.
43. The system for generating a digital signature (r,s) of Claim 19, wherein k-1 is determined prior to knowledge of said message m.
44. A system for generating and verifying a digital signature (r,s) of a message m wherein information is transmitted and received by users of said system, comprising:
a secret value k unique to said message m;
a public value g;
means for determining said value r proceeding from a prime modulus p according to the rule r = F(g k mod p) wherein F is a reduction function independent of said message m;
means for receiving a signed message formed of said message m and said digital signature (r,s);
means for recovering and isolating g k mod p in accordance with said message m;
comparison means for determining whether said isolated g k mod p after reduction according to said reduction function F is the same as said received value r;
verification means for determining that said signature (r,s) is verified in accordance with the determination of said comparison means;
means for generating a verification signal in accordance with the verification of said verification means; and, means for transmitting said verification signal.
CA002111572A 1991-07-26 1992-07-24 Digital signature algorithm Expired - Fee Related CA2111572C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US07/736,451 US5231668A (en) 1991-07-26 1991-07-26 Digital signature algorithm
US07/736,451 1991-07-26

Publications (2)

Publication Number Publication Date
CA2111572A1 CA2111572A1 (en) 1993-02-18
CA2111572C true CA2111572C (en) 1999-01-05

Family

ID=24959914

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002111572A Expired - Fee Related CA2111572C (en) 1991-07-26 1992-07-24 Digital signature algorithm

Country Status (12)

Country Link
US (1) US5231668A (en)
EP (1) EP0596945A1 (en)
JP (1) JPH07502346A (en)
AU (1) AU2394492A (en)
BR (1) BR9206315A (en)
CA (1) CA2111572C (en)
FI (1) FI940364A0 (en)
HU (1) HUT68148A (en)
NL (1) NL9220020A (en)
NO (1) NO940258L (en)
SE (1) SE9400103L (en)
WO (1) WO1993003562A1 (en)

Families Citing this family (202)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5271061A (en) * 1991-09-17 1993-12-14 Next Computer, Inc. Method and apparatus for public key exchange in a cryptographic system
EP0611506B1 (en) * 1991-11-05 1997-04-09 THOMSON multimedia Method, sender apparatus and receiver apparatus for modulo operation
US5373560A (en) * 1991-12-06 1994-12-13 Schlafly; Roger Partial modular reduction method
DE4142964C2 (en) * 1991-12-24 2003-05-08 Gao Ges Automation Org Data exchange system with verification of the device for authentication status
US5414771A (en) * 1993-07-13 1995-05-09 Mrj, Inc. System and method for the creation of random sequences and for the cryptographic protection of communications
US5347581A (en) * 1993-09-15 1994-09-13 Gemplus Developpement Verification process for a communication system
US5432852A (en) * 1993-09-29 1995-07-11 Leighton; Frank T. Large provably fast and secure digital signature schemes based on secure hash functions
US5343527A (en) * 1993-10-27 1994-08-30 International Business Machines Corporation Hybrid encryption method and system for protecting reusable software components
FR2713420B1 (en) * 1993-12-02 1996-01-19 Gemplus Card Int Method for generating DSA signatures with low cost portable devices.
FR2713419B1 (en) * 1993-12-02 1996-07-05 Gemplus Card Int Method for generating DSA signatures with low cost portable devices.
US5588060A (en) * 1994-06-10 1996-12-24 Sun Microsystems, Inc. Method and apparatus for a key-management scheme for internet protocols
EP0693836A1 (en) * 1994-06-10 1996-01-24 Sun Microsystems, Inc. Method and apparatus for a key-management scheme for internet protocols.
US5748738A (en) * 1995-01-17 1998-05-05 Document Authentication Systems, Inc. System and method for electronic transmission, storage and retrieval of authenticated documents
US7162635B2 (en) * 1995-01-17 2007-01-09 Eoriginal, Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US5615268A (en) * 1995-01-17 1997-03-25 Document Authentication Systems, Inc. System and method for electronic transmission storage and retrieval of authenticated documents
US6237096B1 (en) 1995-01-17 2001-05-22 Eoriginal Inc. System and method for electronic transmission storage and retrieval of authenticated documents
US7743248B2 (en) * 1995-01-17 2010-06-22 Eoriginal, Inc. System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components
SE512279C2 (en) * 1995-02-24 2000-02-21 Telia Ab Electronic transaction system
DE19513896A1 (en) * 1995-04-12 1996-10-17 Deutsche Telekom Ag Method of signing a message
FR2733379B1 (en) * 1995-04-20 1997-06-20 Gemplus Card Int PROCESS FOR GENERATING ELECTRONIC SIGNATURES, ESPECIALLY FOR SMART CARDS
DE69528449T2 (en) * 1995-05-18 2003-07-03 Hewlett Packard Co Integrated semiconductor circuit arrangement for protecting multiple aids in one electronic unit
EP0743602B1 (en) * 1995-05-18 2002-08-14 Hewlett-Packard Company, A Delaware Corporation Circuit device for function usage control in an integrated circuit
US5633931A (en) * 1995-06-30 1997-05-27 Novell, Inc. Method and apparatus for calculating message signatures in advance
US5625693A (en) * 1995-07-07 1997-04-29 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitting applications in an interactive TV system
AU758834B2 (en) * 1995-09-15 2003-04-03 Eoriginal, Inc. Document authentication system and method
US5822738A (en) 1995-11-22 1998-10-13 F.M.E. Corporation Method and apparatus for a modular postage accounting system
US5754659A (en) * 1995-12-22 1998-05-19 General Instrument Corporation Of Delaware Generation of cryptographic signatures using hash keys
US5926551A (en) * 1995-12-28 1999-07-20 International Business Machines Corporation System and method for certifying content of hard-copy documents
US5999626A (en) * 1996-04-16 1999-12-07 Certicom Corp. Digital signatures on a smartcard
US5737425A (en) * 1996-05-21 1998-04-07 International Business Machines Corporation Cryptosystem employing worst-case difficult-to solve lattice problem
KR100397601B1 (en) * 1996-07-31 2003-10-23 삼성전자주식회사 Method for message added digital signature and verifying method thereof
AU716797B2 (en) 1996-08-19 2000-03-09 Ntru Cryptosystems, Inc. Public key cryptosystem method and apparatus
GB9621274D0 (en) * 1996-10-11 1996-11-27 Certicom Corp Signature protocol for mail delivery
US6724893B1 (en) 1996-10-11 2004-04-20 The United States Of America As Represented By The National Security Agency Method of passing a cryptographic key that allows third party access to the key
US5881226A (en) * 1996-10-28 1999-03-09 Veneklase; Brian J. Computer security system
JPH10133576A (en) * 1996-10-31 1998-05-22 Hitachi Ltd Open key ciphering method and device therefor
US5903652A (en) * 1996-11-25 1999-05-11 Microsoft Corporation System and apparatus for monitoring secure information in a computer network
US6078593A (en) 1997-02-04 2000-06-20 Next Level Communications Method and apparatus for reliable operation of universal voice grade cards
US6058187A (en) * 1997-04-17 2000-05-02 At&T Corp. Secure telecommunications data transmission
US6243466B1 (en) 1997-08-29 2001-06-05 Adam Lucas Young Auto-escrowable and auto-certifiable cryptosystems with fast key generation
US6389136B1 (en) 1997-05-28 2002-05-14 Adam Lucas Young Auto-Recoverable and Auto-certifiable cryptosystems with RSA or factoring based keys
US6122742A (en) * 1997-06-18 2000-09-19 Young; Adam Lucas Auto-recoverable and auto-certifiable cryptosystem with unescrowed signing keys
US6282295B1 (en) 1997-10-28 2001-08-28 Adam Lucas Young Auto-recoverable and auto-certifiable cryptostem using zero-knowledge proofs for key escrow in general exponential ciphers
US6202150B1 (en) 1997-05-28 2001-03-13 Adam Lucas Young Auto-escrowable and auto-certifiable cryptosystems
US6212637B1 (en) * 1997-07-04 2001-04-03 Nippon Telegraph And Telephone Corporation Method and apparatus for en-bloc verification of plural digital signatures and recording medium with the method recorded thereon
DE19731304B4 (en) * 1997-07-14 2005-02-24 Francotyp-Postalia Ag & Co. Kg Statistical mode reload and statistical statistics acquisition method when storing a data set
US6708273B1 (en) * 1997-09-16 2004-03-16 Safenet, Inc. Apparatus and method for implementing IPSEC transforms within an integrated circuit
CA2272595C (en) * 1997-09-22 2005-06-21 Ascom Hasler Mailing Systems, Inc. Technique for effectively generating multi-dimensional symbols representing postal information
US20030004900A1 (en) * 1999-05-19 2003-01-02 Robert G. Schwartz Technique for effectively generating multi-dimensional symbols representing postal information
US6076163A (en) * 1997-10-20 2000-06-13 Rsa Security Inc. Secure user identification based on constrained polynomials
DE19748954A1 (en) 1997-10-29 1999-05-06 Francotyp Postalia Gmbh Producing security markings in franking machine
JP4307589B2 (en) * 1997-10-31 2009-08-05 サーティコム コーポレーション Authentication protocol
US6424954B1 (en) 1998-02-17 2002-07-23 Neopost Inc. Postage metering system
US6269350B1 (en) 1998-07-24 2001-07-31 Neopost Inc. Method and apparatus for placing automated service calls for postage meter and base
EP1082836B1 (en) * 1998-03-18 2005-11-23 Kent Ridge Digital Labs A method of exchanging digital data
US6505773B1 (en) * 1998-04-03 2003-01-14 International Business Machines Corporation Authenticated electronic coupon issuing and redemption
US7236610B1 (en) * 1998-04-30 2007-06-26 Fraunhofer Gesellschaft Authenticating executable code and executions thereof
US6504941B2 (en) * 1998-04-30 2003-01-07 Hewlett-Packard Company Method and apparatus for digital watermarking of images
US7039805B1 (en) 1998-05-20 2006-05-02 Messing John H Electronic signature method
US6591251B1 (en) 1998-07-22 2003-07-08 Neopost Inc. Method, apparatus, and code for maintaining secure postage data
US6243467B1 (en) 1998-07-23 2001-06-05 The United States Of America As Represented By The National Security Agency Method of elliptic curve cryptographic digital signature generation and verification using reduced base tau expansion in non-adjacent form
US6523013B2 (en) 1998-07-24 2003-02-18 Neopost, Inc. Method and apparatus for performing automated fraud reporting
US6356935B1 (en) 1998-08-14 2002-03-12 Xircom Wireless, Inc. Apparatus and method for an authenticated electronic userid
US6615348B1 (en) 1999-04-16 2003-09-02 Intel Corporation Method and apparatus for an adapted digital signature
US6085321A (en) 1998-08-14 2000-07-04 Omnipoint Corporation Unique digital signature
US6820202B1 (en) * 1998-11-09 2004-11-16 First Data Corporation Account authority digital signature (AADS) system
US7047416B2 (en) * 1998-11-09 2006-05-16 First Data Corporation Account-based digital signature (ABDS) system
US6473508B1 (en) 1998-12-22 2002-10-29 Adam Lucas Young Auto-recoverable auto-certifiable cryptosystems with unescrowed signature-only keys
US6381589B1 (en) 1999-02-16 2002-04-30 Neopost Inc. Method and apparatus for performing secure processing of postal data
US6971027B1 (en) * 1999-04-01 2005-11-29 Veneklase Brian J Computer security system
US6178412B1 (en) * 1999-04-19 2001-01-23 Pitney Bowes Inc. Postage metering system having separable modules with multiple currency capability and synchronization
CA2285770A1 (en) * 1999-05-26 2000-11-26 Certicom Corp. Efficient digital signatures for mail systems
US7058817B1 (en) 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
US20080082446A1 (en) * 1999-10-01 2008-04-03 Hicks Christian B Remote Authorization for Unlocking Electronic Data System and Method
US7194957B1 (en) 1999-11-10 2007-03-27 Neopost Inc. System and method of printing labels
US20020040353A1 (en) * 1999-11-10 2002-04-04 Neopost Inc. Method and system for a user obtaining stamps over a communication network
US20020046195A1 (en) * 1999-11-10 2002-04-18 Neopost Inc. Method and system for providing stamps by kiosk
EP1236179B1 (en) * 1999-11-16 2004-10-20 Neopost, Inc. System and method for managing multiple postal functions in a single account
US7237116B1 (en) 2000-01-19 2007-06-26 International Business Machines Corporation Digital signature system and method based on hard lattice problem
US7076061B1 (en) 2000-02-07 2006-07-11 Citibank, N.A. Efficient and compact subgroup trace representation (“XTR”)
US20050213758A1 (en) * 2000-02-07 2005-09-29 Lenstra Arjen K Efficient and compact subgroup trace representation ("XTR")
US20040186996A1 (en) * 2000-03-29 2004-09-23 Gibbs Benjamin K. Unique digital signature
US20020016726A1 (en) * 2000-05-15 2002-02-07 Ross Kenneth J. Package delivery systems and methods
US7089420B1 (en) 2000-05-24 2006-08-08 Tracer Detection Technology Corp. Authentication method and system
US7162035B1 (en) 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
US7152047B1 (en) 2000-05-24 2006-12-19 Esecure.Biz, Inc. System and method for production and authentication of original documents
US7085725B1 (en) 2000-07-07 2006-08-01 Neopost Inc. Methods of distributing postage label sheets with security features
US6978369B2 (en) * 2000-08-04 2005-12-20 First Data Corporation Person-centric account-based digital signature system
US7558965B2 (en) * 2000-08-04 2009-07-07 First Data Corporation Entity authentication in electronic communications by providing verification status of device
US7010691B2 (en) * 2000-08-04 2006-03-07 First Data Corporation ABDS system utilizing security information in authenticating entity access
US7082533B2 (en) * 2000-08-04 2006-07-25 First Data Corporation Gauging risk in electronic communications regarding accounts in ABDS system
US7552333B2 (en) * 2000-08-04 2009-06-23 First Data Corporation Trusted authentication digital signature (tads) system
EP1316168A4 (en) * 2000-08-04 2006-05-10 First Data Corp Method and system for using electronic communications for an electronic contact
US6789189B2 (en) * 2000-08-04 2004-09-07 First Data Corporation Managing account database in ABDS system
US7096354B2 (en) * 2000-08-04 2006-08-22 First Data Corporation Central key authority database in an ABDS system
US6983368B2 (en) * 2000-08-04 2006-01-03 First Data Corporation Linking public key of device to information during manufacture
US20020083020A1 (en) * 2000-11-07 2002-06-27 Neopost Inc. Method and apparatus for providing postage over a data communication network
KR20010008248A (en) * 2000-11-17 2001-02-05 김태선 Authentication service method and system by preservation of supporting evidence
FI111491B (en) * 2000-11-28 2003-07-31 Setec Oy Generating a key pair
US20020073010A1 (en) * 2000-12-11 2002-06-13 Charles Tresser Secure electronic stocks and other titles and instruments
DE10061665A1 (en) 2000-12-11 2002-06-20 Francotyp Postalia Gmbh Method for determining a need to replace a component and arrangement for carrying out the method
US20020124170A1 (en) * 2001-03-02 2002-09-05 Johnson William S. Secure content system and method
US20020138732A1 (en) * 2001-03-23 2002-09-26 Irvin David R. Methods, systems and computer program products for providing digital signatures in a network environment
DE10116703A1 (en) * 2001-03-29 2002-10-10 Francotyp Postalia Ag Method for recording a consumption value and consumption counter with a sensor
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
JP2004527051A (en) * 2001-04-27 2004-09-02 マサチューセッツ・インスティテュート・オブ・テクノロジー Methods and systems for micropayment transactions
US20020172363A1 (en) * 2001-05-15 2002-11-21 Dierks Timothy M. Data security on a mobile device
AU2002312381A1 (en) 2001-06-07 2002-12-16 First Usa Bank, N.A. System and method for rapid updating of credit information
US7266839B2 (en) 2001-07-12 2007-09-04 J P Morgan Chase Bank System and method for providing discriminated content to network users
DE10136608B4 (en) 2001-07-16 2005-12-08 Francotyp-Postalia Ag & Co. Kg Method and system for real-time recording with security module
US20040128508A1 (en) * 2001-08-06 2004-07-01 Wheeler Lynn Henry Method and apparatus for access authentication entity
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
JP3709373B2 (en) * 2001-12-19 2005-10-26 株式会社日立製作所 Flow measuring device
EP1459254A1 (en) * 2001-12-21 2004-09-22 Koninklijke Philips Electronics N.V. Increasing integrity of watermarks using robust features
US20180165441A1 (en) 2002-03-25 2018-06-14 Glenn Cobourn Everhart Systems and methods for multifactor authentication
US8226473B2 (en) * 2002-04-10 2012-07-24 Wms Gaming Inc. Gaming software authentication
US7151829B2 (en) * 2002-04-22 2006-12-19 International Business Machines Corporation System and method for implementing a hash algorithm
JP2004030102A (en) * 2002-06-25 2004-01-29 Sony Corp Information storage device, system and method for memory access control, and computer program
JP4016741B2 (en) * 2002-06-25 2007-12-05 ソニー株式会社 Information storage device, memory access control system and method, and computer program
US7062043B1 (en) 2002-06-28 2006-06-13 The United States Of America As Represented By The National Security Agency Method of elliptic curve digital signature using coefficient splitting
US7024559B1 (en) 2002-06-28 2006-04-04 The United States Of America As Represented By The National Security Agency Method of elliptic curve digital signature using expansion in joint sparse form
US8171567B1 (en) 2002-09-04 2012-05-01 Tracer Detection Technology Corp. Authentication method and system
US7320642B2 (en) * 2002-09-06 2008-01-22 Wms Gaming Inc. Security of gaming software
US20040064422A1 (en) * 2002-09-26 2004-04-01 Neopost Inc. Method for tracking and accounting for reply mailpieces and mailpiece supporting the method
US7069253B2 (en) 2002-09-26 2006-06-27 Neopost Inc. Techniques for tracking mailpieces and accounting for postage payment
US7058660B2 (en) 2002-10-02 2006-06-06 Bank One Corporation System and method for network-based project management
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
DE10260406B4 (en) * 2002-12-16 2007-03-08 Francotyp-Postalia Gmbh Method and arrangement for different generation of cryptographic backups of messages in a host device
US20040249765A1 (en) * 2003-06-06 2004-12-09 Neopost Inc. Use of a kiosk to provide verifiable identification using cryptographic identifiers
US7367889B2 (en) * 2003-06-09 2008-05-06 Wms Gaming Inc. Gaming machine having hardware-accelerated software authentication
US7600108B2 (en) * 2003-06-17 2009-10-06 Wms Gaming Inc. Gaming machine having reduced-read software authentication
US7491122B2 (en) * 2003-07-09 2009-02-17 Wms Gaming Inc. Gaming machine having targeted run-time software authentication
US7424706B2 (en) * 2003-07-16 2008-09-09 Microsoft Corporation Automatic detection and patching of vulnerable files
US20050143171A1 (en) * 2003-12-30 2005-06-30 Loose Timothy C. Gaming machine having sampled software verification
US7526643B2 (en) * 2004-01-08 2009-04-28 Encryption Solutions, Inc. System for transmitting encrypted data
US7752453B2 (en) * 2004-01-08 2010-07-06 Encryption Solutions, Inc. Method of encrypting and transmitting data and system for transmitting encrypted data
US8031865B2 (en) * 2004-01-08 2011-10-04 Encryption Solutions, Inc. Multiple level security system and method for encrypting data within documents
US7289629B2 (en) * 2004-02-09 2007-10-30 Microsoft Corporation Primitives for fast secure hash functions and stream ciphers
US20050183142A1 (en) * 2004-02-18 2005-08-18 Michael Podanoffsky Identification of Trusted Relationships in Electronic Documents
US7562052B2 (en) * 2004-06-07 2009-07-14 Tony Dezonno Secure customer communication method and system
US20060153370A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Generating public-private key pair based on user input data
US7593527B2 (en) * 2005-01-07 2009-09-22 First Data Corporation Providing digital signature and public key based on shared knowledge
US20060153364A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Asymmetric key cryptosystem based on shared knowledge
US20060156013A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Digital signature software using ephemeral private key and system
US20060153367A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Digital signature system based on shared knowledge
US20060153369A1 (en) * 2005-01-07 2006-07-13 Beeson Curtis L Providing cryptographic key based on user input data
US7869593B2 (en) * 2005-01-07 2011-01-11 First Data Corporation Software for providing based on shared knowledge public keys having same private key
US7936869B2 (en) * 2005-01-07 2011-05-03 First Data Corporation Verifying digital signature based on shared knowledge
US7490239B2 (en) * 2005-01-07 2009-02-10 First Data Corporation Facilitating digital signature based on ephemeral private key
US7693277B2 (en) * 2005-01-07 2010-04-06 First Data Corporation Generating digital signatures using ephemeral cryptographic key
US8038530B2 (en) 2005-02-28 2011-10-18 Wms Gaming Inc. Method and apparatus for filtering wagering game content
KR100659607B1 (en) * 2005-03-05 2006-12-21 삼성전자주식회사 Method and apparatus for digital signature generation and validation
US7869590B2 (en) * 2005-04-12 2011-01-11 Broadcom Corporation Method and system for hardware accelerator for implementing f9 integrity algorithm in WCDMA compliant handsets
WO2007027427A2 (en) * 2005-08-29 2007-03-08 Wms Gaming Inc. On-the-fly encryption on a gaming machine
US7606844B2 (en) 2005-12-19 2009-10-20 Commvault Systems, Inc. System and method for performing replication copy storage operations
EP1974296B8 (en) 2005-12-19 2016-09-21 Commvault Systems, Inc. Systems and methods for performing data replication
US7651593B2 (en) 2005-12-19 2010-01-26 Commvault Systems, Inc. Systems and methods for performing data replication
US8661216B2 (en) 2005-12-19 2014-02-25 Commvault Systems, Inc. Systems and methods for migrating components in a hierarchical storage network
US7805479B2 (en) * 2006-03-28 2010-09-28 Michael Andrew Moshier Scalable, faster method and apparatus for montgomery multiplication
WO2007135580A2 (en) * 2006-05-21 2007-11-29 International Business Machines Corporation Assertion message signatures
US8726242B2 (en) * 2006-07-27 2014-05-13 Commvault Systems, Inc. Systems and methods for continuous data replication
US20090132813A1 (en) * 2007-11-08 2009-05-21 Suridx, Inc. Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones
US7995196B1 (en) 2008-04-23 2011-08-09 Tracer Detection Technology Corp. Authentication method and system
GB0811210D0 (en) * 2008-06-18 2008-07-23 Isis Innovation Improvements related to the authentication of messages
US9424712B2 (en) 2008-06-27 2016-08-23 Bally Gaming, Inc. Authenticating components in wagering game systems
US8204859B2 (en) 2008-12-10 2012-06-19 Commvault Systems, Inc. Systems and methods for managing replicated database data
US9495382B2 (en) 2008-12-10 2016-11-15 Commvault Systems, Inc. Systems and methods for performing discrete data replication
US20110022835A1 (en) * 2009-07-27 2011-01-27 Suridx, Inc. Secure Communication Using Asymmetric Cryptography and Light-Weight Certificates
US20110167258A1 (en) * 2009-12-30 2011-07-07 Suridx, Inc. Efficient Secure Cloud-Based Processing of Certificate Status Information
US8504517B2 (en) 2010-03-29 2013-08-06 Commvault Systems, Inc. Systems and methods for selective data replication
US8725698B2 (en) 2010-03-30 2014-05-13 Commvault Systems, Inc. Stub file prioritization in a data replication system
US8504515B2 (en) 2010-03-30 2013-08-06 Commvault Systems, Inc. Stubbing systems and methods in a data replication environment
US8572038B2 (en) 2010-05-28 2013-10-29 Commvault Systems, Inc. Systems and methods for performing data replication
JP5578553B2 (en) * 2010-06-02 2014-08-27 独立行政法人産業技術総合研究所 Domain parameter generation in public key cryptography
US10375107B2 (en) * 2010-07-22 2019-08-06 International Business Machines Corporation Method and apparatus for dynamic content marking to facilitate context-aware output escaping
US8775794B2 (en) 2010-11-15 2014-07-08 Jpmorgan Chase Bank, N.A. System and method for end to end encryption
US8782397B2 (en) * 2011-01-06 2014-07-15 International Business Machines Corporation Compact attribute for cryptographically protected messages
FR2974916A1 (en) 2011-05-05 2012-11-09 Altis Semiconductor Snc DEVICE AND METHOD FOR RAPID MULTIPLICATION
JP5734095B2 (en) * 2011-05-30 2015-06-10 三菱電機株式会社 Terminal device, server device, electronic certificate issuing system, electronic certificate receiving method, electronic certificate transmitting method, and program
GB2491896A (en) 2011-06-17 2012-12-19 Univ Bruxelles Secret key generation
US8949954B2 (en) 2011-12-08 2015-02-03 Uniloc Luxembourg, S.A. Customer notification program alerting customer-specified network address of unauthorized access attempts to customer account
AU2012100460B4 (en) 2012-01-04 2012-11-08 Uniloc Usa, Inc. Method and system implementing zone-restricted behavior of a computing device
AU2012100462B4 (en) 2012-02-06 2012-11-08 Uniloc Usa, Inc. Near field authentication through communication of enclosed content sound waves
US8627097B2 (en) 2012-03-27 2014-01-07 Igt System and method enabling parallel processing of hash functions using authentication checkpoint hashes
US9673983B2 (en) 2012-09-14 2017-06-06 Qualcomm Incorporated Apparatus and method for protecting message data
AU2013100355B4 (en) 2013-02-28 2013-10-31 Netauthority, Inc Device-specific content delivery
WO2015100109A1 (en) 2013-12-27 2015-07-02 Abbott Diabetes Care Inc. Systems, devices, and methods for authentication in an analyte monitoring environment
US9621525B2 (en) * 2014-06-02 2017-04-11 Qualcomm Incorporated Semi-deterministic digital signature generation
CN104243456B (en) * 2014-08-29 2017-11-03 中国科学院信息工程研究所 Suitable for signature of the cloud computing based on SM2 algorithms and decryption method and system
WO2016155565A1 (en) 2015-03-30 2016-10-06 Jintai Ding Improvements on multivariate digital signature schemes based on hfev- and new applications of multivariate digital signature schemes for white-box encryption
US20160355043A1 (en) * 2015-06-03 2016-12-08 Yxcorp14 Inc. System and method for production and verification of counterfeit-protected banknotes
JP6527090B2 (en) 2016-02-01 2019-06-05 株式会社日立製作所 User authorization confirmation system
EP3214567B1 (en) * 2016-03-01 2020-02-19 Siemens Aktiengesellschaft Secure external update of memory content for a certain system on chip
US10788229B2 (en) 2017-05-10 2020-09-29 Johnson Controls Technology Company Building management system with a distributed blockchain database
US20190026749A1 (en) 2017-07-18 2019-01-24 Eaton Corporation Security tag and electronic system usable with molded case circuit breakers
US11602899B2 (en) 2017-10-31 2023-03-14 Carbon, Inc. Efficient surface texturing of objects produced by additive manufacturing
US11562073B2 (en) 2018-11-28 2023-01-24 The Boeing Company Systems and methods of software load verification
US10826598B1 (en) * 2019-07-10 2020-11-03 Eagle Technology, Llc Satellite communication system having mitigation action for rain fade and associated method
US11042318B2 (en) 2019-07-29 2021-06-22 Commvault Systems, Inc. Block-level data replication
CN110517147B (en) * 2019-08-30 2023-04-14 深圳市迅雷网络技术有限公司 Transaction data processing method, device and system and computer readable storage medium
CN113442597B (en) 2019-12-31 2022-12-23 极海微电子股份有限公司 Consumable chip, response method of consumable chip, consumable box and storage medium
US11809285B2 (en) 2022-02-09 2023-11-07 Commvault Systems, Inc. Protecting a management database of a data storage management system to meet a recovery point objective (RPO)

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) * 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US4218582A (en) * 1977-10-06 1980-08-19 The Board Of Trustees Of The Leland Stanford Junior University Public key cryptographic apparatus and method
US4405829A (en) * 1977-12-14 1983-09-20 Massachusetts Institute Of Technology Cryptographic communications system and method
US4424414A (en) * 1978-05-01 1984-01-03 Board Of Trustees Of The Leland Stanford Junior University Exponentiation cryptographic apparatus and method
US4641346A (en) * 1983-07-21 1987-02-03 Pitney Bowes Inc. System for the printing and reading of encrypted messages
FR2596177B1 (en) * 1986-03-19 1992-01-17 Infoscript METHOD AND DEVICE FOR QUALITATIVE BACKUP OF DIGITAL DATA
US4748668A (en) * 1986-07-09 1988-05-31 Yeda Research And Development Company Limited Method, apparatus and article for identification and signature
US4881264A (en) * 1987-07-30 1989-11-14 Merkle Ralph C Digital signature system and method based on a conventional encryption function
US4933970A (en) * 1988-01-19 1990-06-12 Yeda Research And Development Company Limited Variants of the fiat-shamir identification and signature scheme
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
EP0383985A1 (en) * 1989-02-24 1990-08-29 Claus Peter Prof. Dr. Schnorr Method for subscriber identification and for generation and verification of electronic signatures in a data exchange system

Also Published As

Publication number Publication date
CA2111572A1 (en) 1993-02-18
HU9400228D0 (en) 1994-05-30
BR9206315A (en) 1995-04-04
JPH07502346A (en) 1995-03-09
NO940258D0 (en) 1994-01-25
SE9400103L (en) 1994-03-17
FI940364A (en) 1994-01-25
EP0596945A1 (en) 1994-05-18
AU2394492A (en) 1993-03-02
FI940364A0 (en) 1994-01-25
US5231668A (en) 1993-07-27
NL9220020A (en) 1994-06-01
SE9400103D0 (en) 1994-01-17
HUT68148A (en) 1995-05-29
NO940258L (en) 1994-01-25
WO1993003562A1 (en) 1993-02-18

Similar Documents

Publication Publication Date Title
CA2111572C (en) Digital signature algorithm
CA2130250C (en) Digital signature method and key agreement method
Simmons Subliminal communication is easy using the DSA
Kohnfelder Towards a practical public-key cryptosystem.
US8184803B2 (en) Hash functions using elliptic curve cryptography
US4633036A (en) Method and apparatus for use in public-key data encryption system
Okamoto A digital multisignature scheme using bijective public-key cryptosystems
US5537475A (en) Efficient digital signature algorithm and use thereof technical field
EP0482233B1 (en) Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction
US4881264A (en) Digital signature system and method based on a conventional encryption function
EP0503119B1 (en) Public key cryptographic system using elliptic curves over rings
US5631961A (en) Device for and method of cryptography that allows third party access
US6307938B1 (en) Method, system and apparatus for generating self-validating prime numbers
Zhang et al. Efficient public key encryption with equality test in the standard model
US20020136401A1 (en) Digital signature and authentication method and apparatus
EP2686978B1 (en) Keyed pv signatures
Yang et al. Digital signature based on ISRSAC
WO2008022158A2 (en) System for non-interactive zero-knowledge proofs
Hwang et al. Threshold Signatures: Current Status and Key Issues.
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
Preneel et al. Cryptographic hash functions: an overview
Mohapatra Signcryption schemes with forward secrecy based on elliptic curve cryptography
Wang et al. A Quantum Concurrent Signature Scheme Based on the Quantum Finite Automata Signature Scheme
Harjito et al. Comparative Analysis between Elgamal and NTRU Algorithms and their implementation of Digital Signature for Electronic Certificate
Kajita et al. Short Lattice Signature Scheme with Tighter Reduction under Ring-SIS Assumption

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed