| Patent application number | Description | Published |
|---|
| 20080232583 | Vehicle Segment Certificate Management Using Shared Certificate Schemes - The present invention advantageously provides techniques to solve problems with combinatorial anonymous certificate management by addressing critical issues concerning its feasibility, scalability, and performance. Methods and procedures to manage IEEE 1609.2 anonymous and identifying cryptographic keys and certificates in the Vehicle Infrastructure Integration (VII) system are presented, along with methods for management of identifying and anonymous certificates in a partitioned Certificate Authority architecture designed to enhance vehicle privacy. Novel methods for vehicles to dynamically change an anonymous certificate for use while maintaining vehicle privacy are given. Refinements to basic combinatorial schemes are presented including probabilistic key replacement, rekey counter decrement, dynamic rekey threshold, geographic attack isolation and proofs of geographic position. | 09-25-2008 |
| 20080232595 | Vehicle Segment Certificate Management Using Short-Lived, Unlinked Certificate Schemes - The present invention advantageously provides a system and method for management of cryptographic keys and certificates for a plurality of vehicles. Each vehicle of the plurality of vehicles generates public/private key pairs, requests multiple time-distributed certificates, creates an encrypted identity, and surrenders expired certificates. An assigning authority receives the public/private key pairs, the request for multiple time-distributed certificates, the encrypted identity, and the expired certificates from said vehicle. The assigning authority authorizes the vehicle with an authorizing authority, validates the expired certificates, proves ownership, and distributes the requested time-distributed certificates to said vehicle. Validation can comprise checking expired certificates against misused, compromised and/or previously surrendered certificates. Time-distributed certificates can have lifetimes adjustable based on certificate misuse detection system algorithms, amount of malicious activity detected, and/or certificate authority capacity. | 09-25-2008 |
| 20090046854 | Method for a Public-Key Infrastructure Providing Communication Integrity and Anonymity While Detecting Malicious Communication - An inventive scheme for detecting parties responsible for repeated malicious activities in secure and anonymous communication is presented. The scheme comprises generating a pool of keys, distributing to and associating with each party a small number of keys chosen randomly from the pool, revoking a key when it is detected as used in a malicious activity, creating a set of parties associated with the revoked key, revoking additional keys randomly chosen among the keys not currently revoked, selecting new keys, and when a party requests an updated key, sending the updated key selected from among the new keys to the requesting party, wherein if an other malicious activity is detected, creating another set of the parties associated with the other malicious activity and identifying the parties in both sets. The steps of the inventive scheme are repeated until only one party is in the intersection set. | 02-19-2009 |
| 20100031025 | Method and system to authorize and assign digital certificates without loss of privacy, and/or to enhance privacy key selection - A method and system for public key infrastructure key and certificate management provides anonymity to certificate holders and protects the privacy of certificate holders from the compromise of a certificate authority. Functional separation is provided in the authorization of a certificate request and the assignment of certificates and key pairs. The authorizing certificate authority approves or denies each certificate request from a requestor whose identity is not made available to the assigning certificate authority. The assigning certificate authority, upon approval from the authorizing certificate authority, issues one or more certificates and optionally generates and provides the associated key pairs to the requester without disclosing these certificates and key pairs to the authorizing certificate authority. In another aspect, a distributed method is disclosed that allows individual nodes and/or units in a network to select certificates for broadcasting messages to a community of interest with a non-unique key. | 02-04-2010 |
| 20100031042 | Method and System for Secure Session Establishment Using Identity-Based Encryption (VDTLS) - The inventive system for providing strong security for UDP communications in networks comprises a server, a client, and a secure communication protocol wherein authentication of client and server, either unilaterally or mutually, is performed using identity based encryption, the secure communication protocol preserves privacy of the client, achieves significant bandwidth savings, and eliminates overheads associated with certificate management. VDTLS also enables session mobility across multiple IP domains through its session resumption capability. | 02-04-2010 |
| 20110145901 | SYSTEMS AND METHODS FOR AUTHENTICATING A SERVER BY COMBINING IMAGE RECOGNITION WITH CODES - A system and method is provided for authenticating a first device to a second device. This involves providing images to the second device, receiving an indication of selected ones of the images as authenticating images, and identifying an authenticating code associated with the second device. This also involves receiving a transaction request from the second device, the first device providing a display page to the second device, the display page including the authenticating images at locations identified by the authenticating code. | 06-16-2011 |
| 20110210973 | METHOD TO MODEL VEHICULAR COMMUNICATION NETWORKS AS RANDOM GEOMETRIC GRAPHS - A method for generating mathematical analysis of a communication protocol in a vehicular communications network. The method defines features of a vehicular network, which may include a graph of a street map within a geographic area. A random geometric graph with a plurality of parameters is generated. A plurality of communications protocols on the vehicular network are defined. A communication protocol over the random geometric graph is redefined. A communication protocol's basic properties and associated features on the random geometric graph are analyzed. Results of the analysis are generated. The results of the analysis based on the random geometric graph's parameters are translated into results based on the vehicular network features. The random geometric graph with the parameters are displayed. The parameters may include: a number of graph nodes; and a probability that any two nodes are communicably connected being expressed as a function of the vehicular network features. | 09-01-2011 |
| 20110231656 | SYSTEM AND METHODS FOR AUTHENTICATING A RECEIVER IN AN ON-DEMAND SENDER-RECEIVER TRANSACTION - A system and method are provided for authenticating a first device to a second device. This involves determining, at the directory, a secret key and a first set of images by communicating with the first device; receiving, at the directory, a transaction request from the second device to authenticate the first device; and generating, at the directory, a tag using said secret key and first information associated with said transaction request. This also involves selecting a second set of images from said first set of images according to said tag, and sending said second set of images from the directory to the second device. Moreover, using said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device. | 09-22-2011 |
