# Brown, Mississauga

## Daniel Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20130064363 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 03-14-2013 |

20130067218 | INCORPORATING DATA INTO CRYPTOGRAPHIC COMPONENTS OF AN ECQV CERTIFICATE - During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information. | 03-14-2013 |

## Daniel R. Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20090003590 | MULTI-DIMENSIONAL MONTGOMERY LADDERS FOR ELLIPTIC CURVES - An algorithm is provided having a matrix phase and point addition phase that permits computation of the combination of more than two point multiples. The algorithm has particular utility in elliptic curve cryptography (ECC) such as for computing scalar multiplications in, e.g. batch ECC operations, accelerating Lenstra's ECM factoring algorithm, exploiting expanded ECC certificates (which contain pre-computed multiples of a party's public key), incremental hashing based on elliptic curves, accelerating verification of ECDSA signatures, etc. | 01-01-2009 |

20090022309 | METHOD OF PROVIDING TEXT REPRESENTATION OF A CRYPTOGRAPHIC VALUE - A method of representing crytographic values in text form is described. The text representation is formed from words selected from a vocabulary, which may include a collection of pseudowords. The text representations can be further transformed to a paragraph in an apparently grammatically correct form. | 01-22-2009 |

20090022311 | METHOD OF COMPRESSING A CRYPTOGRAPHIC VALUE - A method of compressing a cryptographic value. The method comprising the steps of: (a) selecting a secret value; (b) performing a cryptographic operation on the secret value to generate the cryptographic value; (c) determining whether the cryptographic value satisfies the pre-determined criteria; and (d) repeating the sequence of steps starting at step (a) until the cryptographic value satisfies the pre-determined criteria. | 01-22-2009 |

20090100267 | Signatures with confidential message recovery - A portion of the signed message in an ECPVS is kept truly confidential by dividing the message being signed into at least three parts, wherein one portion is visible, another portion is recoverable by any entity and carries the necessary redundancy for verification, and at least one additional portion is kept confidential. The additional portion is kept confidential by encrypting such portion using a key generated from information specific to that verifying entity. In this way, any entity with access to the signer's public key can verify the signature by checking for a specific characteristic, such as a certain amount of redundancy in the one recovered portion, but cannot recover the confidential portion, only the specific entity can do so. Message recovery is also provided in an elliptic curve signature using a modification of the well analyzed ECDSA signing equation instead of, e.g. the Schnorr equation used in traditional PV signature schemes. | 04-16-2009 |

20110268270 | Method of Public Key Generation - A potential bias in the generation of a private key is avoided by selecting the key and comparing it against the system parameters. If a predetermined condition is attained it is accepted. If not it is rejected and a new key is generated. | 11-03-2011 |

20120039466 | Method of Compressing a Cryptographic Value - A computer implemented method of compressing a digitally represented cryptographic value. The method comprising the steps of: (a) selecting a secret value; (b) performing a cryptographic operation on the secret value to generate the cryptographic value; (c) determining whether the cryptographic value satisfies the pre-determined criteria; and (d) repeating the sequence of steps starting at step (a) until the cryptographic value satisfies the pre-determined criteria. | 02-16-2012 |

20120131322 | System and Method for Authenticating a Gaming Device - A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key. | 05-24-2012 |

20120213366 | Aggregate Signature Schemes - An authenticated RFID system is provided that uses elliptic curve cryptography (ECC) to reduce the signature size and read/write times when compared to traditional public key implementations such as RSA. Either ECDSA or ECPVS can be used to reduce the signature size and ECPVS can be used to hide a portion of the RFID tag that contains sensitive product identifying information. As a result, smaller tags can be used or multiple signatures can be written at different stages in a manufacturing or supply chain. A key management system is used to distribute the verification keys and aggregate signature schemes are also provided for adding multiple signatures to the RFID tags, for example in a supply chain. | 08-23-2012 |

20120230494 | Accelerated Verification of Digital Signatures and Public Keys - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained. | 09-13-2012 |

20130013916 | Method and Apparatus for Verifiable Generation of Public Keys - The invention provides a method of verifiable generation of public keys. According to the method, a self-signed signature is first generated and then used as input to the generation of a pair of private and public keys. Verification of the signature proves that the keys are generated from a key generation process utilizing the signature. A certification authority can validate and verify a public key generated from a verifiable key generation process. | 01-10-2013 |

20130064367 | ACCELERATED VERIFICATION OF DIGITAL SIGNATURES AND PUBLIC KEYS - Accelerated computation of combinations of group operations in a finite field is provided by arranging for at least one of the operands to have a relatively small bit length. In a elliptic curve group, verification that a value representative of a point R corresponds the sum of two other points uG and vG is obtained by deriving integers w,z of reduced bit length and so that v=w/z. The verification equality R=uG+vQ may then be computed as −zR+(uz mod n) G+wQ=O with z and w of reduced bit length. This is beneficial in digital signature verification where increased verification can be attained. | 03-14-2013 |

## Daniel Richard L. Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20100308978 | SYSTEM AND METHOD FOR AUTHENTICATING RFID TAGS - A system and method of providing authenticity to a radio frequency identification (RFID) tag are provided. The method comprises generating a plurality of digital signatures, wherein each digital signature is generated using an index value unique to that digital signature and using information associated with the RFID tag; and storing the plurality of digital signatures on the RFID tag in association with respective index values to enable a desired digital signature to be selected according to a provided index value. Also provided are a system and method of enabling an RFID reader to authenticate an RFID tag, which utilize a challenge comprising an index value to request one of the stored signature and authenticating same. Also provided is an RFID tag that is configured to participate in the challenge-response protocol. | 12-09-2010 |

20110208970 | DIGITAL SIGNATURE AND KEY AGREEMENT SCHEMES - A method is disclosed for performing key agreement to establish a shared key between correspondents and for generating a digital signature. The method comprises performing one of key agreement or signature generation, and using information generated in said one of key agreement or signature generation in the other of said key agreement or said signature generation. By doing this, computations and/or bandwidth can be saved. | 08-25-2011 |

20110213982 | ELGAMAL SIGNATURE SCHEMES - There is disclosed a method of generating a digital signature of a message m. A signature component s of the digital signature is calculated by first masking the long-term private key d using a single additive operation to combine the key d with a first value. The masked value is then multiplied by a second value to obtain component s. The first value is calculated using the message m and another component of the digital signature, and the second value is derived using the inverse of a component of the first value. In this way, the signature component s is generated using a method that counters the effectiveness of side channel attacks, such as differential side channel analysis, by avoiding a direct multiplication using long-term private key d. | 09-01-2011 |

20120075099 | Systems and Methods for Managing Lost Devices - A method for a device to determine that it has been lost is provided. The method comprises the device determining its current location, the device comparing its current location to a plurality of stored locations, and the device determining that it has been lost when its current location is a stored location that has been designated as a location where the device is unlikely to be located or is not a stored location that has been designated as a location where the device is likely to be located. | 03-29-2012 |

20120096273 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |

20120096274 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |

20120237021 | MULTI-DIMENSIONAL MONTGOMERY LADDERS FOR ELLIPTIC CURVES - An algorithm is provided having a matrix phase and point addition phase that permits computation of the combination of more than two point multiples. The algorithm has particular utility in elliptic curve cryptography (ECC) such as for computing scalar multiplications in, e.g. batch ECC operations, accelerating Lenstra's ECM factoring algorithm, exploiting expanded ECC certificates (which contain pre-computed multiples of a party's public key), incremental hashing based on elliptic curves, accelerating verification of ECDSA signatures, etc. | 09-20-2012 |

20120243680 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 09-27-2012 |

20120246465 | INCORPORATING DATA INTO CRYPTOGRAPHIC COMPONENTS OF AN ECQV CERTIFICATE - During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information. | 09-27-2012 |

20120300925 | RANDOMNESS FOR ENCRYPTION OPERATIONS - Methods, systems, and computer programs for generating random values for encryption operations are described. In some examples, information from a message to be encrypted can be used to refresh the state of a pseudorandom generator. In some aspects, a state parameter of the pseudorandom generator is modified based on information in the message. Modifying the state parameter changes the state parameter from a prior state to a refreshed state based on the information in the message. A random output value is obtained by the pseudorandom generator in the refreshed state. The message is encrypted based on the random output value. | 11-29-2012 |

20120314856 | IMPLICITLY CERTIFIED PUBLIC KEYS - Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value. | 12-13-2012 |

20120317412 | IMPLICITLY CERTIFIED DIGITAL SIGNATURES - Methods, systems, and computer programs for using an implicit certificate are disclosed. In some aspects, a message and an implicit certificate are accessed. The implicit certificate is associated with an entity. A modified message is generated by combining the message with a value based on the implicit certificate. A digital signature can be generated based on the modified message and transmitted to a recipient. In some aspects, a digital signature from an entity and a message to be verified based on the digital signature are accessed. An implicit certificate associated with the entity is accessed. A modified message is generated by combining the message with a value based on the implicit certificate. The message is verified based on the digital signature and the modified message. | 12-13-2012 |

20130136255 | ASSESSING CRYPTOGRAPHIC ENTROPY - Systems, methods, software, and combinations thereof for evaluating entropy in a cryptography system are described. In some aspects, sample values are produced by an entropy source system. A typicality can be determined for each of the sample values. A grading is determined for preselected distributions based on the typicalities of the sample values. A subset of the preselected distributions are selected based on the gradings. An entropy of the entropy source system is calculated based on the subset of the plurality of distributions. | 05-30-2013 |

## Daniel R.l. Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20100111296 | COLLISION-RESISTANT ELLIPTIC CURVE HASH FUNCTIONS - Elliptic curve hash functions are provided which do not require a pre-existing hash function, such as that required by the MuHash. The elliptic curve hash functions can be built from scratch and are collision free and can be incremental. In one embodiment, rather than a pre-existing hash function, the identity function with padding is used; and in another embodiment, rather than a pre-existing hash function, a block cipher with a fixed non-secret key is used. | 05-06-2010 |

20100153728 | ACCELERATION OF KEY AGREEMENT PROTOCOLS - The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimisation may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K. | 06-17-2010 |

20100189253 | PRIVACY-ENHANCED E-PASSPORT AUTHENTICATION PROTOCOL - A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value. | 07-29-2010 |

20100250945 | PRIVACY-ENHANCED E-PASSPORT AUTHENTICATION PROTOCOL - A passport authentication protocol provides for encryption of sensitive data such as biometric data and transfer of the encryption key from the passport to the authentication authority to permit comparison to a reference value. | 09-30-2010 |

20110060909 | TRAPDOOR ONE-WAY FUNCTIONS ON ELLIPTIC CURVES AND THEIR APPLICATION TO SHORTER SIGNATURES AND ASYMMETRIC ENCRYPTION - The present invention provides a new trapdoor one-way function. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. Every rational map is a composition of a translation and an endomorphism. The most secure part of the rational map is the endomorphism as the translation is easy to invert. If the problem of inverting the endomorphism and thus [z] is as hard as the discrete logarithm problem in E, then the size of the cryptographic group can be smaller than the group used for RSA trapdoor one-way functions. | 03-10-2011 |

20120254616 | Identity-Based Decryption - Devices and methods are provided for managing identity-based decryption of digital content. A message sender (“Alice”) uses a random key (Krand) to encrypt message content for a message recipient (“Bob”). Then Alice uses the public key of a message decryption service provider (“Carmen”) to generate a wrapped key ciphertext comprising the Krand and authentication information associated with Bob. Alice then sends a message text containing the encrypted message content and the wrapped key ciphertext to Bob, who in turn sends the wrapped key ciphertext to Carmen along with his authentication information. Carmen then uses her private key to process the wrapped key ciphertext to decrypt the Krand and Bob's authentication information. If the authentication information provided by Bob matches the decrypted authentication information, then Carmen sends the decrypted Krand to Bob, who uses it to decrypt the encrypted message content. | 10-04-2012 |

20120314855 | Trapdoor One-Way Functions on Elliptic Curves and Their Application to Shorter Signatures and Asymmetric Encryption - A new trapdoor one-way function is provided. In a general sense, some quadratic algebraic integer z is used. One then finds a curve E and a rational map defining [z] on E. The rational map [z] is the trapdoor one-way function. A judicious selection of z will ensure that [z] can be efficiently computed, that it is difficult to invert, that determination of [z] from the rational functions defined by [z] is difficult, and knowledge of z allows one to invert [z] on a certain set of elliptic curve points. | 12-13-2012 |

20130246805 | SECURE INTERFACE FOR VERSATILE KEY DERIVATION FUNCTION SUPPORT - Improper re-use of a static Diffie-Hellman (DH) private key may leak information about the key. The leakage is prevented by a key derivation function (KDF), but standards do not agree on key derivation functions. The module for performing a DH private key operation must somehow support multiple different KDF standards. The present invention provides an intermediate approach that neither attempts to implement all possible KDF operations, nor provide unprotected access to the raw DH private key operation. Instead, the module performs parts of the KDF operation, as indicated by the application using the module. This saves the module from implementing the entire KDF for each KDF needed. Instead, the module implements only re-usable parts that are common to most KDFs. Furthermore, when new KDFs are required, the module may be able to support them if they built on the parts that the module has implemented. | 09-19-2013 |

## Daniel R. L. Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20100278333 | METHOD AND APPARATUS FOR PERFORMING ELLIPTIC CURVE ARITHMETIC - A method of performing a cryptographic operation on a point in an elliptic curve cryptosystem using an elliptic curve. The method comprises the steps of obtaining information that uniquely identifies the elliptic curve and performing computations on the point to obtain the result of the cryptographic operation. The computations use the information. The computations produce an incorrect result if the point is not on the elliptic curve. | 11-04-2010 |

## Michael William Brown, Mississauga CA

Patent application number | Description | Published |
---|---|---|

20100146449 | METHOD, APPARATUS AND SYSTEM FOR MANAGEMENT OF APPLICATION SWITCHING IN AN ELECTRONIC DEVICE - A method for managing an application switcher is provided. An embodiment includes loading a plurality of web pages and associating each web page with an application switcher application, and additionally associating the application switcher application with another application. When the application switcher application is invoked, both the open web pages and the another application are available for direct selection and invocation. | 06-10-2010 |