1
Rosario Gennaro, Donald Byron Johnson, Paul Ashley Karger, Stephen Michael Matyas Jr, Mohammad Peyravian, David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic: Two-phase cryptographic key recovery system. International Business Machines Corporation, William A Kinnaman Jr, August 10, 1999: US05937066 (238 worldwide citation)

A cryptographic key recovery system that operates in two phases. In the first phase, the sender establishes a secret value with the receiver. For each key recovery agent, the sender generates a key-generating value as a one-way function of the secret value and encrypts the key-generating value with ...


2
Rosario Gennaro, Paul Ashley Karger, Stephen Michael Matyas Jr, Mohammad Peyravian, David Robert Safford, Nevenko Zunic: Method and apparatus for verifiably providing key recovery information in a cryptographic system. International Business Machines Corporation, William A Kinnaman Jr, May 25, 1999: US05907618 (134 worldwide citation)

A method and apparatus for verifiably providing key recovery information to one or more trustees in a cryptographic communication system having a sender and a receiver Each communicating party has its own Diffie-Hellman key pair comprising a secret value and corresponding public value, as does each ...


3
Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman Jr, Stephen Michael Matyas Jr, David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic: Interoperable cryptographic key recovery system. International Business Machines Corporation, W A Kinnaman Jr, August 18, 1998: US05796830 (73 worldwide citation)

A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so t ...


4
Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman Jr, Stephen Michael Matyas Jr, David Robert Safford, Marcel Mordechay Yung, Nevenko Zunic: Interoperable cryptographic key recovery system with verification by comparison. International Business Machines Corporation, William A Kinnaman Jr, April 18, 2000: US06052469 (73 worldwide citation)

A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so t ...


5
Vernon Ralph Austel, Paul Ashley Karger, David Claude Toll: Security policy for protection of files on a storage device. International Business Machines Corporation, Ratner & Prestia, August 6, 2002: US06430561 (44 worldwide citation)

Access to files by accessing programs, where files comprise other files, programs and data is controlled. An initial access class is assigned to each file and to each accessing program. An access class comprises an integrity access class and a secrecy access class. An integrity access class comprise ...


6
Donald Byron Johnson, Paul Ashley Karger, Charles William Kaufman Jr, Stephen Michael Matyas Jr, Marcel Mordechay Yung, Nevenko Zunic: Cryptographic key recovery system. International Business Machines Corporation, W A Kinnaman Jr, September 29, 1998: US05815573 (41 worldwide citation)

A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key reco ...


7
Suresh Narayana Chari, Vincenzo Valentino Diluoffo, Paul Ashley Karger, Elaine Rivette Palmer, Tal Rabin, Josyula Ramachandra Rao, Pankaj Rohatgi, Helmut Scherzer, Michael Steiner, David Claude Toll: Method, apparatus and system for resistance to side channel attacks on random number generators. International Business Machines Corporation, Keusey Tutunjian & Bitetto P C, Brian P Verminski Esq, February 24, 2009: US07496616 (10 worldwide citation)

A random number generator (RNG) resistant to side channel attacks includes an activation pseudo random number generator (APRNG) having an activation output connected to an activation seed input to provide a next seed to the activation seed input. A second random number generator includes a second se ...


8
Pau Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M Wagner: System and method for fuzzy multi-level security. International Business Machines Corporation, Keusey Tutunjian & Bitetto P C, Joseph Jones, May 5, 2009: US07530110 (10 worldwide citation)

An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the r ...


9
Pau Chen Cheng, Shai Halevi, Trent Ray Jaeger, Paul Ashley Karger, Ronald Perez, Pankaj Rohatgi, Angela Marie Schuett, Michael Steiner, Grant M Wagner: Fuzzy multi-level security. International Business Machines Corporation, Tutunjian & Bitetto P C, Preston J Young Esq, December 27, 2011: US08087090 (6 worldwide citation)

An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the r ...


10
Kay Schwendimann Anderson, Pau Chen Cheng, Genady Ya Grabarnik, Paul Ashley Karger, Marc Lelarge, Zhen Liu, Anton Viktorovich Riabov, Pankaj Rohatgi, Angela Marie Schuett, Grant Wagner: System and method for security planning with hard security constraints. International Business Machines Corporation, F Chau & Associates, September 25, 2012: US08276192 (2 worldwide citation)

A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard se ...