• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method of verifying public and private cryptographic key pair integrity in the additive group of integers modulo n, where n is the product of two prime numbers p and q, the method comprising the following steps: - calculation (201), from said number n, from a public exponent e of said public key, and from a private exponent d of said private key, from two candidate factors p 'and q' respectively corresponding to the numbers p and q, - of verification ( 206) to check the consistency of said private exponent with respect to said public exponent and said number n, said verification step involving said candidate factors.
    公开号:FR3015080A1
    申请号:FR1362841
    申请日:2013-12-17
    公开日:2015-06-19
    发明作者:Alberto Battistello;Christophe Giraud;Guillaume Dabosville;Laurie Genelle
    申请人:Oberthur Technologies SA;
    IPC主号:
    专利说明:

    [0001] The present invention relates to the field of computer security. It relates more particularly to securing cryptographic processes implementing public and private key pairs. Certain cryptographic systems implementing methods such as, for example, the digital signature of a message or its encryption, require the generation of cryptographic key pairs. The public key is shared in clear by the cryptographic system with the recipient systems of the message processed while the private key is kept secret. As the generation of public and private key pairs is a sensitive operation, test mechanisms are usually provided to verify their integrity. For example, the US FIPS 140-2 standard published by NIST (National Institute of Standards and Technology) provides for such a test (called "pair-wise consistency test"). In the case of RSA cryptographic methods ("Rivest Shamir Adelman"), the key pair is obtained in the following manner. To obtain p and q, two large prime numbers, the following two steps are repeated: obtaining two candidate numbers p and q from numbers drawn at random from the set Z, from the additive group of integers modulo n, and test of the primality of the p and q candidates (for example according to a probabilistic primality test, for example of the Miller-Rabin type, for example according to FIPS 140-2, until a prime number is obtained. numbers p and q thus form a number n (n = pq) Then the number 1 (n) = (p-1). (q-1) is calculated (I) being the indicator function of Euler, or "Totient" in Anglo-Saxon terminology).
    [0002] The public key is then formed by the numbers n and e, with e, the public exponent ", being an integer such that: - 1 <e <(1) (n), and - e and 1 (n) are prime between them (gcd (e, (1) (n)) = 1, "gcd" being the acronym for "greatest common divisor", that is, the greatest common divisor. The private key is formed by the numbers n and d, with d, the "private exponent", being an integer such that: - de = 1 mod À (n), with - À (n) being the most common small multiple between p-1 and q-1 (À (n) = lcm (p-1, q-1), "lcm" being the acronym of "least common multiplier", that is to say, smaller common multiple in English). When the cryptographic method is an encryption of a message m (m belonging to Zn), the integrity test provided by FIPS 140-2 can be summarized as follows: 1) the message m is encrypted with the public key so as to obtain an encrypted message c = me mod n, 2) the encrypted message c is decrypted with the private key so as to obtain a decrypted message m '= cd mod n, and 3) it is verified that the initial message m and the decrypted message are the same (m '= m). When the cryptographic method is a signature of a message m (m belonging to 4), the integrity test provided by FIPS 140-2 can be summarized as follows: 1) the message m is signed with the private key in so as to obtain a signature s = (m) d mod n, (or possibly s = (H (m)) d, H being a hash function, 2) a value h 'is computed as h' = mod n, and 3) it is verified that the value h 'thus calculated and the message m are the same (or possibly that the value h' and the condensate of the message by the hashing function are the same (h '= H (m) The inventors, however, have noted that the integrity tests currently in use may not detect certain key pair generation errors, and thus have updated a need to improve the reliability of the generation integrity verification processes. of key pairs in cryptographic systems The present invention falls within This first aspect of the invention relates to a method for verifying public and private cryptographic key pair integrity in the additive group of integers modulo n, where n is the product of two prime numbers p and q, the method comprising the following steps: - computation (201), from said number n, of a public exponent e of said public key, and of a private exponent d of said private key, of two candidate factors p 'and q 'corresponding respectively to the numbers p and q, - checking (206) to check the consistency of said private exponent with respect to said public exponent and said number n, said verification step involving said candidate factors. A method according to the first aspect allows to significantly improve the reliability of the integrity tests, with an optimal additional calculation cost. For example, said verification step relates to the product of the public exponent e by said private exponent d. For example again, during said verification step, it is verified whether the product of the public exponent e by said private exponent d is congruent to 1 modulo À '(n), the least common multiple between (p'-1 ) and (q'-1).
    [0003] According to embodiments, during said verification step, it is verified whether the product of the public exponent e by said private exponent d is congruent to 1 modulo the product (p'-1). (Q'-1) . For example, said verification step relates to the smallest common multiple A (n) between (p-1) and (q-1). For example again, during said verification step, the least common multiple A (n) between (p-1) and (q-1) is compared to the least common multiple A '(n) between (p'-1). ) and (q'-1). According to embodiments, during said verification step, Io is checked whether: the smallest common multiple A (n) between (p-1) and (q-1) is congruent to 0 modulo (p'- 1), and - the smallest common multiple A (n) between (p-1) and (q-1) is congruent to 0 modulo (q'-1). Said candidate factors may for example be calculated by a probabilistic factorization algorithm. For example, the method is implemented in an electronic device with respect to an auxiliary channel driving combination and a fault injection attack, said combination being implemented at runtime. a cryptographic method using a pair of cryptographic keys. A second aspect of the invention relates to a method of testing the security of an electronic device against an attack, said device implementing a generation of a public cryptographic key e and a private cryptographic key d in the additive group of integers modulo n, such that: - n = pq, with p and q being prime numbers,) (q-1), and 5 - 1 <e <(1) (n), with e and (1) (n) being prime between them and l (n) = (p- = 1 mod À (n), where (n) is the smallest common multiple between p-1 and q-1, the method comprising a step of disrupting the calculation of the value A (n), so as to obtain, instead of the value A (n), a value A '(n) = A (n) / a, with dividing A (n), said perturbation causing to calculate a private key of, in place of the private key such that of .e = 1 mod À (n) / a A method according to the second aspect allows to test electronic devices implementing a generation of pairs of keys, checking their reaction to the disruption of the calculation of the least common multiple. A method according to the second aspect can be implemented in the industrial process for testing electronic devices using a cryptographic key generation, for example in a test laboratory. Said disturbance step may make it possible to update a vulnerability in the resistance to an erroneous calculation of the value À (n). A second aspect of the invention relates to a computer program as well as a computer program product and a storage medium for such program and product, enabling the implementation of a method according to the first aspect when the program is loaded and executed by a processor of an electronic device, for example a cryptographic device. A third aspect relates to an electronic device, for example a cryptographic device, configured to implement a method according to the first aspect. For example, a device according to the third aspect is a portable electronic entity.
    [0004] The device according to the third aspect may be a smart card. Other types of devices may be considered, including security documents (electronic passport, electronic identity cards or other), USB keys, mobile phones or "smartphones".
    [0005] Other advantages, aims and features of the present invention appear from the following detailed description, given by way of non-limiting example, with reference to the accompanying drawings in which: - Figure 1 illustrates a method of testing the integrity of the key generation; FIG. 2 illustrates a key integrity verification method; - Figure 3 schematically illustrates a device according to embodiments. In the following, embodiments are described. However, as a preliminary, there is described a cryptographic key pair generation integrity test method. This test method can be used for cryptographic keys used in encryption and / or digital signature mechanisms. Thus, this method can be used even before knowing the subsequent use of the generated key pair. We suppose that a public cryptographic key (e, n) and a private cryptographic key z (d, n) are generated such that: - n = pq, with p and q being prime numbers, - 1 <e <1 ( n) and e and (I) (n) are prime between them (gcd (e, 1 (n)) = 1), with 1 (n) = (p-1). (q-1) (I) being the indicator function of Euler, or "totient" in English terminology), and 25 - de = 1 mod À (n), where (n) is the least common multiple between p- 1 and q-1 (At (n) = 1cm (p-1, q-1)).
    [0006] Then, as illustrated by FIG. 1, during a first step 100 a message m (m belonging to Zn, the additive group of integers modulo n), is encrypted with the public exponent e so as to obtain a first encrypted message c = me mod n. Then, in step 102, the encrypted message c is decrypted with the private key so as to obtain a decrypted message m '= Cd mod n. It is then verified, in a step 103, whether the initial message m and the decrypted message are the same (m '= m). If this is not the case (NOK), it is determined in step 104 that the key pair generated is not integrity. If, on the other hand, the initial message m and the decrypted message are the same (OK), the decrypted message m 'is encrypted, during a step 105, with the public exponent e so as to obtain a second encrypted message c' = (m ') e mod n. It is then verified, in a step 106, whether the first encrypted message c and the second encrypted message c 'are the same (c' = c). If this is the case (OK), it is determined in step 107 that the integrity test is successful. Otherwise (NOK), it is determined, in step 108, that the key pair generated is not integrity. Certain non-integrity key pairs may pass the integrity tests as described above or other prior art tests. For example, if, instead of generating the private exponent d, it is generated a number such that: - of .e = 1 mod To (n) / a, - 1 a, 25 - a divides To ( n), it may happen that for messages, the pair of keys with the numbers of and e pass the test successfully while an error has occurred on the private exponent d.
    [0007] In addition to being a source of errors for a cryptographic system using keys, it can be a source of attacks by malicious third parties. For example, the number of can be generated by error if the calculation of the least common multiple of p-1 and q-1 (which should normally give to (n)) is tainted by an error. The number of can be calculated by implementing the Euclidean algorithm. The integers a and b are calculated so that e.a + b. At (n) / a = 1 (Bezout relationship). The number of is then obtained as d = a mod À (n) / a. Under these conditions, we have .e = 1 mod À (n) / a. By causing the number to be determined instead of the number d, an attacker can thus find one of the secret factors (p and q) of the number n such that n = P.a. Indeed, suppose that the integer has divided the number (q-1) without dividing the number (p-1) gcd (p-1, q-1) 'then by noting t the number such that t = ( q-1) a.gcd (p-1, q-1) we obtain d = e-1 mod t (p-1). Thus, the private exponent is the inverse of the public exponent in the ring Zp_ 1 instead of the ring ZÀ (i). For a random message m, we then have: (md) e = m mod n, but we also have 20 (md) e = m mod p. A multiple of the factor p can thus be obtained as (md) e - m mod n. An attacker can thus disrupt key generation and request the signing of random messages. For some messages m, the signature s obtained is such that gcd (se - m, n) gives a factor of n.
    [0008] Suppose that the smallest common multiple of p-1 and q-1 is calculated as follows, Â (n) = 1). (C1 with gcd (p-1, q-1) being the largest common divisor gcep-1 , q-1) of p-1 and q-1. If the calculation of this greatest common divisor gives a. gcd (p-1, q-1) (the product of a by gcd (p-1, q-1)) instead of gcd (p-1, q-1), instead of calculating d. The inventors have noticed that the integrity tests currently used may not detect certain key pair generation errors, especially during attacks as mentioned above. An attacker can cause errors in the computation of the private exponent by auxiliary channel observation of the operation of the device implementing the key generation and then by physical attack of the device to disrupt this operation. The attacker may for example use lasers to disrupt the device or disrupt the power supply thereof. By way of illustration, if an error a (as mentioned above) is introduced so that the number has divide the value k.A (n) / a (k being an integer), and the number d is determined in place of the number d such that .e = 1 + k.A (n) / a then an integrity test as for example defined in the FIPS 140-2 standard executed on a message m It is not possible to detect the error if 20 s divides k.À (n) / a while it detects it if s does not divide k.À (n) / a. Remember that the order s of the message m in the additive group is the number of times to add the message m to obtain 1. Indeed, let e, p and q be RSA parameters with n = p.q. if d '= e-1 mod À (n) / a is the erroneous exponent, the correct exponent being d = e-1 mod À (n), if d is equal to d then 3m E Zn * tel that (me) of # m mod n. On the other hand, if Vm E Zn we have (me) d = m mod n then d =. The demonstration of this is possible but is not presented here for the sake of brevity.
    [0009] Hereinafter, a method is described for rendering integrity tests sensitive to such errors. Integrity tests can be implemented during key generation or after. Referring to FIG. 2, there is described a cryptographic key pair integrity test method which may be implemented when the prime numbers p and q from which the keys are generated are not known. During a first step 200, a counter i is initialized to the value 1. Next, a probabilistic factorization algorithm is implemented during a step 201. This algorithm makes it possible, starting from n (n = pq), of the public exponent e of the public key and of the private exponent of the private key which one seeks to know if it is erroneous or not, to find the prime factors p 'and q' of n. Once step 201 has been executed, it is determined in a step 202 if it made it possible to find the numbers p and q. If the execution of step 201 has not made it possible to determine these numbers (NOK), it is checked whether the counter ia reaches the value M during step 203. The value M is a maximum number of times that the algorithm of step 201 must be executed. If the number M is reached (OK), it is determined in a step 204 that the key pair is not integrity. If, on the contrary (NOK), the value M is not yet reached, step 201 is executed again. Returning to step 202, if in step 201 it was possible to determine the numbers p and q (OK), a step 205 is implemented in which the least common multiple A '(n) numbers p'-1 and q'-1 are calculated ('' (n) = (p'-1). (q'-1)). Then, it is tested during a step 206, if the product e.d 'is congruent to 1 modulo À' (n) (e.d '= 1 mod À' (n)). If this is the case (OK), it is determined in step 207 that the key pair is intact. If not (NOK), the process returns to step 204.
    [0010] Alternatively, or in combination, a comparison can be made between A '(n) and A (n) to verify that A' (n) = A (n). Alternatively, or in combination, it can also be verified if A (n) mod p'-1 and A (n) mod q'-1 are both equal to 0.
    [0011] In these alternatives, the value À (n), calculated from p and q is kept in memory and then read for the checks. Still alternatively, or in combination, the values p 'and q' can be used to verify that e.d '= 1 mod (p' -1). (Q'-1). The search for the factors p and q of n can have a computational cost of the order of O (u.log3 (n)), typically for a probabilistic factorization algorithm. The probability of finding a factor of n after u tests is greater than or equal to 1- 2-u. Thus, after ten trials, the factorization probability is greater than or equal to 99.9%. Once the factorization has been performed, the cost of the test of step 406 is dominated by the cost of calculating the greatest common divisor used to calculate the least common multiple (recall that lcm (p'-1; '-1) = (p'-1). (Q'-1) / gcd (p'-1, q'-1)). Thus, the total cost of the process is of the order of O (log3 (n)) + O (log3 (n)) = O (log3 (n)) for a probability of detection greater than or equal to 99.9% . A conventional verification method is for its part of a cost of the order of O (log3 (n)) for a probability of detection of the order of 50% (experimental data). Figure 3 schematically illustrates a device according to embodiments. The device 30 of FIG. 3 comprises a memory unit 31 (MEM). This memory unit comprises a random access memory for storing in an unsustainable manner calculation data used during the implementation of a method according to the invention, according to various embodiments. The memory unit furthermore comprises a non-volatile memory (for example of the EEPROM type) for storing, for example, a computer program, according to one embodiment, for its execution by a processor (not shown) of a memory unit. processing 31 (PROC) of the device.
    [0012] The device further comprises a communication unit 33 (COM), for example for exchanging data with another device according to embodiments. Data exchanges between devices can be done according to the APDU protocol, acronym for "Application Protocol Data Unit", as defined in ISO 7816 part 4.
    [0013] The communication unit may thus include an input / output interface capable of exchanging according to this protocol. The data exchanged can be done by APDU commands and responses to this type of commands. A device according to embodiments may be in accordance with IS07816. It can for example be a smart card or a secure element. A device according to embodiments is for example an integrated circuit. The present invention has been described and illustrated in the present detailed description with reference to the accompanying figures. However, the present invention is not limited to the embodiments presented. Other variants, embodiments and combinations of features may be deduced and implemented by the person skilled in the art upon reading the present description and the appended figures.
    [0014] In the claims, the term "include" does not exclude other elements or steps. The indefinite article "one" does not exclude the plural. A single processor or several other units may be used to implement the invention. The various features presented and / or claimed can be advantageously combined. Their presence in the description or in different dependent claims does not exclude the possibility of combining them. The reference signs can not be understood as limiting the scope of the invention.
    权利要求:
    Claims (12)
    [0001]
    REVENDICATIONS1. A method of verifying public and private cryptographic key pair integrity in the additive group of integers modulo 5 n, where n is the product of two prime numbers p and q, the method comprising the following steps: - calculation (201) from said number n, a public exponent e of said public key, and a private exponent d of said private key, two candidate factors p 'and q' respectively corresponding to the numbers p and q, - de checking (206) to check the consistency of said private exponent with respect to said public exponent and said number n, said verification step involving said candidate factors.
    [0002]
    2. The method of claim 1, wherein said verifying step relates to the product of the public exponent e said private exponent d.
    [0003]
    3. Method according to claim 2, wherein during said verification step, it is checked whether the product of the public exponent e by said private exponent d is congruent to 1 modulo À '(n), the least common multiple between (p'-1) and (q'-1). 20
    [0004]
    4. The method according to claim 2, wherein during said verification step, it is verified whether the product of the public exponent e by said private exponent d is congruent to 1 modulo the product (p'-1). '-1).
    [0005]
    5. The method of claim 1, wherein said verification step relates to the smallest common multiple A (n) between (p-1) and (q-1). 25
    [0006]
    The method of claim 5, wherein in said verification step, the least common multiple A (n) between (p-1) and (q-1) is compared to the least common multiple A '(n) between (p'-1) and (q'-1).
    [0007]
    7. The method according to claim 5, wherein during said verification step, it is verified whether: the least common multiple A (n) between (p-1) and (q-1) is congruent to 0 modulo ( p'-1), and - the smallest common multiple A (n) between (p-1) and (q-1) is congruent to 0 modulo (q'-1).
    [0008]
    8. Method according to one of claims 1 to 7, wherein said candidate factors are calculated by a probabilistic factorization algorithm.
    [0009]
    9. A method for testing the security of an electronic device with respect to an attack, said device implementing a generation of a public cryptographic key e and a private cryptographic key d in the additive group of the integers modulo n, such that: - n = pq, with p and q being prime numbers, - 1 <e <(I) (n), with e and (I) (n) being prime between them and 1 (n) = (P-1). (Q-1), and - de = 1 mod À (n), where (n) is the smallest common multiple between p1 and q-1, the method comprising a step of disturbing the calculating the value À (n), so as to obtain, instead of the value À (n), a value À '(n) 20 = À (n) / a, with a dividing to (n), said perturbation causing to calculate a private key of, in place of the private key such that of .e = 1 mod À (n) / a.
    [0010]
    A computer program comprising instructions for carrying out a method according to any one of claims 1 to 9 when it is loaded and executed by a processor of a cryptographic device.
    [0011]
    11. Cryptographic device comprising a processing unit configured to implement a method according to one of claims 1 to 9.
    [0012]
    Portable electronic entity comprising a device according to claim 11.
    类似技术:
    公开号 | 公开日 | 专利标题
    FR3015080A1|2015-06-19|INTEGRITY VERIFICATION OF PAIR OF CRYPTOGRAPHIC KEYS
    Nemec et al.2017|The return of coppersmith's attack: Practical factorization of widely used rsa moduli
    EP2256987B1|2014-12-03|Protection of a generation of prime numbers for the RSA algorithm
    EP2296086B1|2011-11-02|Protection of prime number generation against side-channel attacks
    EP2345202B1|2017-04-05|Digital signature method in two steps
    EP2706455B1|2015-03-25|Method for testing the security of an electronic device against an attack, and electronic device implementing countermeasures
    FR3015079A1|2015-06-19|INTEGRITY VERIFICATION OF PAIR OF CRYPTOGRAPHIC KEYS
    WO2009088938A1|2009-07-16|Method for protecting data against differential fault analysis involved in rivest, shamir and adleman cryptography using the chinese remainder theorem
    FR3005186A1|2014-10-31|PROJECT FOR VALIDATION OF A CRYPTOGRAPHIC PARAMETER, AND CORRESPONDING DEVICE
    FR3088452A1|2020-05-15|METHOD FOR VERIFYING INTEGRITY OF A PAIR OF CRYPTOGRAPHIC KEYS AND CRYPTOGRAPHIC DEVICE
    WO2015132524A2|2015-09-11|Message generation for a cryptographic keys generation test
    EP1433282B1|2007-08-15|Method for implementing in an electronic component a cryptographic algorithm for finding the public exponent
    EP3100403B1|2019-12-04|Imbalanced montgomery ladder for resisting side-channel attacks
    FR3015076A1|2015-06-19|GENERATION OF CRYPTOGRAPHIC KEYS
    FR3086417A1|2020-03-27|CRYPTOGRAPHIC METHOD FOR SECURE COMPARISON OF TWO SECRET DATA X AND Y
    FR3069993A1|2019-02-08|DEVICES AND METHODS FOR MASKING RSA ENCRYPTION OPERATIONS
    FR3004043A1|2014-10-03|METHODS OF GENERATING AND USING PRIVATE CRYPTOGRAPHIC KEYS FOR RSA-CRT OR RSA-CRT VARIANTS
    FR2818846A1|2002-06-28|Method for protecting electronic component executing cryptographic algorithm against current measurement attack, comprises factorization of exponential in algorithm and permutation of the factors
    FR3010562A1|2015-03-13|DATA PROCESSING METHOD AND ASSOCIATED DEVICE
    FR3103922A3|2021-06-04|SECURE TOKEN STORAGE
    FR3087022A1|2020-04-10|CRYPTOGRAPHIC SYSTEMS AND METHODS RESISTANT TO DEFAULT ATTACKS
    FR3013476A1|2015-05-22|SECURING METHOD OF CRYPTOGRAPHY ON ELLIPTICAL CURVES
    FR3014582A1|2015-06-12|METHOD FOR TESTING MOV CONDITION AND DEVICE THEREFOR
    FR3013477A1|2015-05-22|METHOD AND SYSTEM FOR VERIFYING THE VALIDITY OF A DIGITAL MESSAGE SIGNATURE
    FR2986884A1|2013-08-16|SECURE NUMBER FIRST GENERATION METHOD, COMPUTER PROGRAM PRODUCT AND CORRESPONDING ELECTRONIC COMPONENT
    同族专利:
    公开号 | 公开日
    US9654290B2|2017-05-16|
    FR3015080B1|2016-01-22|
    US20150172052A1|2015-06-18|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO1998035467A1|1997-02-07|1998-08-13|Bell Communications Research, Inc.|A method of using transient faults to verify the security of a cryptosystem|
    US20130208886A1|2012-02-10|2013-08-15|Electronics And Telecommunications Research Institute|Method of preventing fault-injection attacks on chinese remainder theorem-rivest shamir adleman cryptographic operations and recording medium for storing program implementing the same|FR3088452A1|2018-11-08|2020-05-15|Idemia France|METHOD FOR VERIFYING INTEGRITY OF A PAIR OF CRYPTOGRAPHIC KEYS AND CRYPTOGRAPHIC DEVICE|
    CN104303450A|2012-05-21|2015-01-21|皇家飞利浦有限公司|Determination of cryptographic keys|
    FR3018372A1|2014-03-06|2015-09-11|Oberthur Technologies|MESSAGE GENERATION FOR CRYPTOGRAPHIC KEY GENERATION TEST|
    US9893885B1|2015-03-13|2018-02-13|Amazon Technologies, Inc.|Updating cryptographic key pair|
    US9674162B1|2015-03-13|2017-06-06|Amazon Technologies, Inc.|Updating encrypted cryptographic key pair|
    US10003467B1|2015-03-30|2018-06-19|Amazon Technologies, Inc.|Controlling digital certificate use|
    US9479340B1|2015-03-30|2016-10-25|Amazon Technologies, Inc.|Controlling use of encryption keys|
    GB2544814B|2015-11-30|2019-06-19|Imagination Tech Ltd|Modulo hardware generator|
    CN113783705A|2021-11-12|2021-12-10|北京华云安信息技术有限公司|Zero knowledge proof method, verification terminal, equipment and storage medium of key|
    法律状态:
    2015-11-23| PLFP| Fee payment|Year of fee payment: 3 |
    2016-11-21| PLFP| Fee payment|Year of fee payment: 4 |
    2017-11-21| PLFP| Fee payment|Year of fee payment: 5 |
    2019-11-20| PLFP| Fee payment|Year of fee payment: 7 |
    2020-03-27| CD| Change of name or company name|Owner name: IDEMIA FRANCE, FR Effective date: 20200218 |
    2020-03-27| CJ| Change in legal form|Effective date: 20200218 |
    2020-03-27| CA| Change of address|Effective date: 20200218 |
    2020-11-20| PLFP| Fee payment|Year of fee payment: 8 |
    2021-11-18| PLFP| Fee payment|Year of fee payment: 9 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1362841A|FR3015080B1|2013-12-17|2013-12-17|INTEGRITY VERIFICATION OF PAIR OF CRYPTOGRAPHIC KEYS|FR1362841A| FR3015080B1|2013-12-17|2013-12-17|INTEGRITY VERIFICATION OF PAIR OF CRYPTOGRAPHIC KEYS|
    US14/572,318| US9654290B2|2013-12-17|2014-12-16|Integrity verification of cryptographic key pairs|
    [返回顶部]