CPC training H04L9 - e-courses.epo.org · CPC field-specific training H04L9: Cryptographic...
Transcript of CPC training H04L9 - e-courses.epo.org · CPC field-specific training H04L9: Cryptographic...
CPC field-specific trainingH04L9: Cryptographic mechanisms for secret communication
Radu Apostolescu July 2019Examiner, European Patent Office
European Patent Office 2
Table of contents
§ Introduction
§ How to classify
§ Overall and group structure
§ Examples
European Patent Office 3
Introduction
§ H04L9/00 focuses on cryptographic mechanisms such as encryption schemes, digital signatures, hash functions,key management
§ Cryptographic mechanisms includes cryptographic protocols (e.g. cryptographic protocol for key agreement) and cryptographic algorithms (e.g. cryptographic algorithm for symmetric key encryption)
§ The cryptographic mechanisms provide information security such as privacy or confidentiality, data integrity, message or entity authentication, certification, anonymity, authorization, non-repudiation
§ H04L9/00 covers also countermeasures against attacks on cryptographic mechanisms
European Patent Office 4
Introduction
Relationship between large subject-matter areas:
§ H04L63 covers secure network architectures/protocols for supporting inter alia filtering traffic according to security rules (e.g. firewalls), detecting intruders and preventing the transmission of unauthorized, malicious or forged packets, lawful interception for legally authorized parties to access protected information
§ H04W12 covers security aspects for wireless networks as secure pairing of devices, context awareness, mobile device/application security
§ G06F21 covers security arrangements for protecting computers against unauthorized activity
European Patent Office 5
Introduction
CPC classification scheme and definition of H04L9are located here:
https://www.cooperativepatentclassification.org/index.html
https://worldwide.espacenet.com/
European Patent Office 6
Table of contents
§ Introduction
§ How to classify
§ Overall and group structure
§ Examples
European Patent Office 7
How to classify
§ Invention information (CCI symbol) is mandatory
§ The classification of additional information (CCA symbol)is not seen as mandatory; it is up to the classifier to decide whether the additional information should be assigned or not (is pertinent or not)
§ CCA symbols are to be used as orthogonal cross with the CCI symbols
§ Application may by assigned more than one CCI and CCA symbol if necessary
European Patent Office 8
Table of contents
§ Introduction
§ How to classify
§ Overall and group structure
§ Examples
European Patent Office 9
Overall and group structure
Invention information:
§ Hierarchical structure with one main group H04L9/00 and different one-dot, two-dot, three-dot, four-dot, five-dot and six-dot subgroups
§ Ca. 100 000 documents (30 000 family members) are classified under H04L9 (CCI)
Additional information:
§ Hierarchical structure with one main group H04L2209/00and different one-dot and two-dot subgroups
§ Ca. 56 000 documents (17 000 family members) are classified under H04L2209/00 (CCA)
European Patent Office 10
Overall and group structure
Key management
1 dot
2 dots
3 dots
4 dots
European Patent Office 11
Overall and group structure
Authentication
1 dot
2 dots
3 dots
European Patent Office 12
Overall and group structure
Symmetric and asymmetric encryption algorithms
1 dot
2 dots
3 dots
4 dots
European Patent Office 13
Overall and group structure
H04L9/001using chaotic signals
H04L9/002countermeasures against attacks on
cryptographic mechanisms
for power analysis, as DPA, SPA
for faultattacks for timing attacks
H04L9/006involving Public Key Infrastructure (PKI)
trust models
involving hierarchical structures
H04L9/008involving homomorphic encryption
European Patent Office 14
Overall and group structure
the keys or algorithms being changed during operation
H04L9/12transmitting and receiving encryption devices synchronised in a particular
manner
H04L9/14using a plurality of keys
or algorithms
H04L9/34bits, or block of bits, of the telegraphic message being
interchanged in time
H04L9/36with means for detecting characters not meant for
transmission
European Patent Office 15
Overall and group structure
European Patent Office 16
Table of contents
§ Introduction
§ How to classify
§ Overall and group structure
§ Examples
European Patent Office 17
Example 1 (Part 1/4)
D1 = US2010014659
TI: CRYPTOGRAPHIC PROCESSING APPARATUS AND CRYPTOGRAPHIC PROCESSING METHOD, ANDCOMPUTER PROGRAM
AB: In extended Feistel type common key block cipherprocessing, a configuration is realized in which an encryption function and a decryption function are commonly used. In a cryptographic processing configuration to which an extended Feistel structure in which the number of data lines d is set toan integer satisfying d≥3 is applied, involution properties, that is, the application of a common function to encryption processing and decryption processing, can be achieved.
CCI = H04L9/0625 because of the Feistel based structure of the block cipher
European Patent Office 18
Example 1 (Part 2/4)
[0009] However, problems of common key block cipher processing to
which the Feistel structure is applied involve leakage of keys due to
cryptanalysis. Typical known techniques of cryptanalysis or attack
techniques include differential analysis (also called differential
cryptanalysis or differential attack) in which multiple pieces of input data
(plaintext) having certain differences there between and output data
(ciphertext) thereof are analysed to analyse applied keys in
respective round functions, and linear analysis (also called linear
cryptanalysis or linear attack) in which analysis based on plaintext and
corresponding ciphertext is performed.
CCI = H04L9/002 because of the technical problem directed to the leakage of keys due to cryptanalysis
European Patent Office 19
Example 1 (Part 3/4)
[0045] Furthermore, in an embodiment of the cryptographic processing
method of the present invention, it is characterized in that the data
processing step is the step of executing cryptographic processing in
which transformation matrices of linear transformation processes
executed in F-functions of respective rounds constituting the extended
Feistel structure are set to a common matrix, wherein a round key
permutation process in which an applied sequence for round keys
applied in respective rounds of the decryption processing is set to
a sequence opposite to that of the cryptographic processing and
in which round keys input to a plurality of F-functions for each of
even-numbered rounds are set to have an input style different
from an input style in the encryption processing is performed.
CCA = H04L2209/24 because of the aspect directed to theround keys
European Patent Office 20
Example 1 (Part 4/4)
[0172] Given a configuration in which the same swap function can be
applied to both encryption processing and decryption processing, when
a cryptographic processing apparatus is constructed, it is possible to
reduce implementation cost in either hardware implementation or
software implementation, leading to the achievement of size reduction
of the apparatus, particularly, in the case of hardware
implementation. Another advantage is that verification cost is halved.
That is, it is only required to verify one of an encryption function and a
decryption function in order to verify function sections. Additionally, in
software, there are significant advantages such as halving the code
size. It is therefore desirable to provide a configuration that uses the
same function for an encryption function and a decryption function as
far as possible.
CCA = H04L2209/122 because of the aspect directed tohardware reduction
European Patent Office 21
Example 2
D2 = US2010014659
TI: ENCRYPTING DATA FOR ACCESS BY MULTIPLE USERS
AB: A method for protecting data for access by a plurality of users.A server encrypts data using a master key and a symmetric encryption algorithm. For each authorized user, a key encryption key (KEK) is derived from a passphrase, and the master key is encrypted using the KEK. The server posts the encrypted data and an ancillary file that includes, for each user, a user identifier and the master key encrypted according to the user's KEK. To access the data, a user enters the passphrase into a client, which re-derives the user's KEK, and finds, in the ancillary file, the master key encrypted using the user's KEK. The client decrypts the master key and then decrypts the data.
CCI = H04L9/0822 because the master key is encrypted/decrypted with a key encryption key (KEK)
CCI = H04L9/0863 because the key encryption key (KEK) is derived from a passphrase
European Patent Office 22
Example 3 (Part 1/2)
D3 = US2010153728
TI: ACCELERATION OF KEY AGREEMENT PROTOCOLS
AB: The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key Kis used which reduces the number of scalar multiplication operations for an additive group or exponentiation operationsfor a multiplicative group.
CCI = H04L9/0844 because of the key agreement protocol based on MQV (Menezes, Qu, Vanstone)
European Patent Office 23
Example 3 (Part 2/2)
[0075] To reduce the number of scalar multiplication, and thereby accelerate the key agreement protocol, the framework of FIG. 3 is adapted as shown in FIG. 4 based on the recognition that scalar multiplication costs may be further reduced when the pair of public keys for a correspondent are equal, such that RB=QB and/or RA=QA. For Bob, the accelerated computation occurs when RA=QA, which allows the shared secret key computation to simplify and become K=uQA, where the simplified factor u is dependent on (1+ RA). In the particular example, u=hsB(1+ RA). Similarly, for Alice, the accelerated computation occurs when RB=QB, which allows the shared secret key computation to simplify and become K=vQB, where the simplified factor v is dependent on (1+ RA). In this example, v=hsA(1+ RB). A scalar multiplication cost of 1.0 is required to compute the shared secret key. Therefore the protocol described in FIG. 4 can be implemented as much as 33% faster than that described in FIG. 3.
CCI = H04L9/3066 because of the aspect directed to public key cryptography involving elliptic curves
European Patent Office 24
Example 4 (Part 1/3)
D4 = WO2019032089
TI: BLOCKCHAIN ARCHITECTURE WITH RECORD SECURITY
AB: Described herein is a system in which an electronic record is stored within a distributed environment. In this system, a validation node may receive a transaction record from an acceptance node. The validation node may verify that the acceptance node is authorized to participate in a blockchain network, identify a user associated with the transaction record, and append the transaction record to an electronic record.The transaction record may be associated with a digital signature formed by hashing multiple data elements, and then encrypting the hashed data elements using a private encryption key.
CCI = H04L9/3239 because of the aspect directed to blockchain
CCI = H04L9/3247 because of the aspect directed to verification involving digital signature
European Patent Office 25
Example 4 (Part 2/3)
[0004] Embodiments of the disclosure are directed to a system in which an electronic record (e.g., a ledger) may be generated for a user within a distributed environment. The electronic record may comprise a number of transaction records that involve the user, where the transaction records are each associated with a resource provider entity and signed by a service provider using that service provider's private key. Transaction records may be associated with a user and may be appended to a ledger associated with that user as they are received by the service provider. In some embodiments, transaction details and/or user information may be hashed in order to prevent unauthorized access of personal details. The hashed information related to both a transaction and a user may be combined, hashed again, and then signed using a private key to form a signature, which can be used to verify the authenticity of the transaction details and the user information in the ledger.
CCA = H04L2209/38 because a blockchain is a chain of hashes
European Patent Office 26
Example 4 (Part 3/3)
[0001] Before a resource provider completes a transaction with a user,it is often desirable for the resource provider to determine a level of risk for the transaction. For example, a banking institution may want to assess the risks associated with extending a line of credit to a particular person or business. In conventional systems, resource providers may consult with credit bureaus or other entities to determine a level of risk for each user.
[0002] However, such credit bureaus and other entities may only constitute a single source of information. As a result, retrieval of data from such entities may be slow and burdensome. Furthermore, the data held by such entities could be corrupted or erroneous due to human error or computer malfunction. Accordingly, improved systems and methods to address such problems are desirable.
CCA = H04L2209/56 because of the aspect directed to financial cryptography
European Patent Office 27
Thank you for your attention!