CPC training H04L9 - e-courses.epo.org · CPC field-specific training H04L9: Cryptographic...

CPC field-specific trainingH04L9: Cryptographic mechanisms for secret communication

Radu Apostolescu July 2019Examiner, European Patent Office

European Patent Office 2

Table of contents

§ Introduction

§ How to classify

§ Overall and group structure

§ Examples


Introduction

§ H04L9/00 focuses on cryptographic mechanisms such as encryption schemes, digital signatures, hash functions,key management

§ Cryptographic mechanisms includes cryptographic protocols (e.g. cryptographic protocol for key agreement) and cryptographic algorithms (e.g. cryptographic algorithm for symmetric key encryption)

§ The cryptographic mechanisms provide information security such as privacy or confidentiality, data integrity, message or entity authentication, certification, anonymity, authorization, non-repudiation

§ H04L9/00 covers also countermeasures against attacks on cryptographic mechanisms


Introduction

Relationship between large subject-matter areas:

§ H04L63 covers secure network architectures/protocols for supporting inter alia filtering traffic according to security rules (e.g. firewalls), detecting intruders and preventing the transmission of unauthorized, malicious or forged packets, lawful interception for legally authorized parties to access protected information

§ H04W12 covers security aspects for wireless networks as secure pairing of devices, context awareness, mobile device/application security

§ G06F21 covers security arrangements for protecting computers against unauthorized activity


Introduction

CPC classification scheme and definition of H04L9are located here:

https://www.cooperativepatentclassification.org/index.html

https://worldwide.espacenet.com/


Table of contents

§ Introduction

§ How to classify


§ Examples


How to classify

§ Invention information (CCI symbol) is mandatory

§ The classification of additional information (CCA symbol)is not seen as mandatory; it is up to the classifier to decide whether the additional information should be assigned or not (is pertinent or not)

§ CCA symbols are to be used as orthogonal cross with the CCI symbols

§ Application may by assigned more than one CCI and CCA symbol if necessary


Table of contents

§ Introduction

§ How to classify


§ Examples


Overall and group structure

Invention information:

§ Hierarchical structure with one main group H04L9/00 and different one-dot, two-dot, three-dot, four-dot, five-dot and six-dot subgroups

§ Ca. 100 000 documents (30 000 family members) are classified under H04L9 (CCI)

Additional information:

§ Hierarchical structure with one main group H04L2209/00and different one-dot and two-dot subgroups

§ Ca. 56 000 documents (17 000 family members) are classified under H04L2209/00 (CCA)



Key management

1 dot

2 dots

3 dots

4 dots



Authentication

1 dot

2 dots

3 dots



Symmetric and asymmetric encryption algorithms

1 dot

2 dots

3 dots

4 dots



H04L9/001using chaotic signals

H04L9/002countermeasures against attacks on

cryptographic mechanisms

for power analysis, as DPA, SPA

for faultattacks for timing attacks

H04L9/006involving Public Key Infrastructure (PKI)

trust models

involving hierarchical structures

H04L9/008involving homomorphic encryption



the keys or algorithms being changed during operation

H04L9/12transmitting and receiving encryption devices synchronised in a particular

manner

H04L9/14using a plurality of keys

or algorithms

H04L9/34bits, or block of bits, of the telegraphic message being

interchanged in time

H04L9/36with means for detecting characters not meant for

transmission


Table of contents

§ Introduction

§ How to classify


§ Examples


Example 1 (Part 1/4)

D1 = US2010014659

TI: CRYPTOGRAPHIC PROCESSING APPARATUS AND CRYPTOGRAPHIC PROCESSING METHOD, ANDCOMPUTER PROGRAM

AB: In extended Feistel type common key block cipherprocessing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set toan integer satisfying d≥3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved.

CCI = H04L9/0625 because of the Feistel based structure of the block cipher



[0009] However, problems of common key block cipher processing to

which the Feistel structure is applied involve leakage of keys due to

cryptanalysis. Typical known techniques of cryptanalysis or attack

techniques include differential analysis (also called differential

cryptanalysis or differential attack) in which multiple pieces of input data

(plaintext) having certain differences there between and output data

(ciphertext) thereof are analysed to analyse applied keys in

respective round functions, and linear analysis (also called linear

cryptanalysis or linear attack) in which analysis based on plaintext and

corresponding ciphertext is performed.

CCI = H04L9/002 because of the technical problem directed to the leakage of keys due to cryptanalysis



[0045] Furthermore, in an embodiment of the cryptographic processing

method of the present invention, it is characterized in that the data

processing step is the step of executing cryptographic processing in

which transformation matrices of linear transformation processes

executed in F-functions of respective rounds constituting the extended

Feistel structure are set to a common matrix, wherein a round key

permutation process in which an applied sequence for round keys

applied in respective rounds of the decryption processing is set to

a sequence opposite to that of the cryptographic processing and

in which round keys input to a plurality of F-functions for each of

even-numbered rounds are set to have an input style different

from an input style in the encryption processing is performed.

CCA = H04L2209/24 because of the aspect directed to theround keys



[0172] Given a configuration in which the same swap function can be

applied to both encryption processing and decryption processing, when

a cryptographic processing apparatus is constructed, it is possible to

reduce implementation cost in either hardware implementation or

software implementation, leading to the achievement of size reduction

of the apparatus, particularly, in the case of hardware

implementation. Another advantage is that verification cost is halved.

That is, it is only required to verify one of an encryption function and a

decryption function in order to verify function sections. Additionally, in

software, there are significant advantages such as halving the code

size. It is therefore desirable to provide a configuration that uses the

same function for an encryption function and a decryption function as

far as possible.

CCA = H04L2209/122 because of the aspect directed tohardware reduction


Example 2

D2 = US2010014659

TI: ENCRYPTING DATA FOR ACCESS BY MULTIPLE USERS

AB: A method for protecting data for access by a plurality of users.A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data.

CCI = H04L9/0822 because the master key is encrypted/decrypted with a key encryption key (KEK)

CCI = H04L9/0863 because the key encryption key (KEK) is derived from a passphrase



D3 = US2010153728

TI: ACCELERATION OF KEY AGREEMENT PROTOCOLS

AB: The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key Kis used which reduces the number of scalar multiplication operations for an additive group or exponentiation operationsfor a multiplicative group.

CCI = H04L9/0844 because of the key agreement protocol based on MQV (Menezes, Qu, Vanstone)



[0075] To reduce the number of scalar multiplication, and thereby accelerate the key agreement protocol, the framework of FIG. 3 is adapted as shown in FIG. 4 based on the recognition that scalar multiplication costs may be further reduced when the pair of public keys for a correspondent are equal, such that RB=QB and/or RA=QA. For Bob, the accelerated computation occurs when RA=QA, which allows the shared secret key computation to simplify and become K=uQA, where the simplified factor u is dependent on (1+ RA). In the particular example, u=hsB(1+ RA). Similarly, for Alice, the accelerated computation occurs when RB=QB, which allows the shared secret key computation to simplify and become K=vQB, where the simplified factor v is dependent on (1+ RA). In this example, v=hsA(1+ RB). A scalar multiplication cost of 1.0 is required to compute the shared secret key. Therefore the protocol described in FIG. 4 can be implemented as much as 33% faster than that described in FIG. 3.

CCI = H04L9/3066 because of the aspect directed to public key cryptography involving elliptic curves



D4 = WO2019032089

TI: BLOCKCHAIN ARCHITECTURE WITH RECORD SECURITY

AB: Described herein is a system in which an electronic record is stored within a distributed environment. In this system, a validation node may receive a transaction record from an acceptance node. The validation node may verify that the acceptance node is authorized to participate in a blockchain network, identify a user associated with the transaction record, and append the transaction record to an electronic record.The transaction record may be associated with a digital signature formed by hashing multiple data elements, and then encrypting the hashed data elements using a private encryption key.

CCI = H04L9/3239 because of the aspect directed to blockchain

CCI = H04L9/3247 because of the aspect directed to verification involving digital signature



[0004] Embodiments of the disclosure are directed to a system in which an electronic record (e.g., a ledger) may be generated for a user within a distributed environment. The electronic record may comprise a number of transaction records that involve the user, where the transaction records are each associated with a resource provider entity and signed by a service provider using that service provider's private key. Transaction records may be associated with a user and may be appended to a ledger associated with that user as they are received by the service provider. In some embodiments, transaction details and/or user information may be hashed in order to prevent unauthorized access of personal details. The hashed information related to both a transaction and a user may be combined, hashed again, and then signed using a private key to form a signature, which can be used to verify the authenticity of the transaction details and the user information in the ledger.

CCA = H04L2209/38 because a blockchain is a chain of hashes



[0001] Before a resource provider completes a transaction with a user,it is often desirable for the resource provider to determine a level of risk for the transaction. For example, a banking institution may want to assess the risks associated with extending a line of credit to a particular person or business. In conventional systems, resource providers may consult with credit bureaus or other entities to determine a level of risk for each user.

[0002] However, such credit bureaus and other entities may only constitute a single source of information. As a result, retrieval of data from such entities may be slow and burdensome. Furthermore, the data held by such entities could be corrupted or erroneous due to human error or computer malfunction. Accordingly, improved systems and methods to address such problems are desirable.

CCA = H04L2209/56 because of the aspect directed to financial cryptography


Thank you for your attention!

CPC training H04L9 - e-courses.epo.org · CPC field-specific training H04L9: Cryptographic...

Documents

Transcript of CPC training H04L9 - e-courses.epo.org · CPC field-specific training H04L9: Cryptographic...