The Inner Circle

 View Only
Expand all | Collapse all

Reputable institutions that evaluate new cybersecurity patents

  • 1.  Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 16, 2023 06:25:00 AM
    Hi guys!
     
    My patent for 'METHOD AND SYSTEM FOR STRONG AUTHENTICATION AND SECURE COMMUNICATION' has been recently granted.
     
    I believe that TUPLEZZ is, most likely, the strongest phishing-resistant MFA ever invented, designed to be very beneficial to our national interest and security – but I could use some inputs. 
     
    Do you know of any reputable institutions (say, universities, but not only) that review and provide an evaluation for new patents in cybersecurity? 
    Thank you,


    ------------------------------
    Dan Mimis
    TUPLEZZ
    TUPLEZZ
    ------------------------------


  • 2.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 17, 2023 08:24:00 AM

    would you share the patent no?



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 3.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 17, 2023 12:13:00 PM
    Edited by Dan Mimis Nov 17, 2023 12:13:42 PM

    Yes, you can find all the details at https://tuplezz.blogspot.com/

    (The link was in my first post but the moderator deleted it)



    ------------------------------
    Dan Mimis
    TUPLEZZ
    TUPLEZZ
    ------------------------------



  • 4.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 17, 2023 12:51:00 PM

    I am not interested in promotional marketing sales materials. would you share the patent number?



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 5.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 17, 2023 05:06:00 PM

    The patent number is mentioned on my blog. Here it is: US11290444B2

    The method is by far better explained on my blog (where I posted the Provisional in plain English AND the White Paper, which I'll post below) for anybody who is not a patent attorney. The non-Provisional is way longer and you'll enjoy all the legal mumbo jumbo ... 

    White Paper:



    ------------------------------
    Dan Mimis
    TUPLEZZ
    TUPLEZZ
    ------------------------------



  • 6.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 18, 2023 03:25:00 AM
    Edited by boris taratine Nov 18, 2023 03:26:56 AM

    thank you, Dan

    you claimed your method makes *it* "impossible". the only way it is possible is when an attacker shall break laws of physics or mathematics to circumvent.

    so, here is my question: what are those laws the attacker shall break that makes it impossible to defeat your method?



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 7.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 18, 2023 04:59:00 AM

    It's really simple, as stated in the White Paper #3: "Due to the infinite number of possible formulas that can be used, a brute force attack to figure out the algorithm is impossible."

    So, I dare a top hacker to be the MitM with a quantum computer and figure out (after he recorded 1,000,000 logins):

    1. The formulas used, out of an INFINITE number of possible formulas! -- it's impossible, it's mathematical common sense;
    2. The predetermined positions of the Active Elements inside the AOTC;
    3. The numerical correspondents of the Active Elements;
    4. The position of Rc;
    5. The relationship between Rc and the sets of formulas. 

    Yes, I know that not many people have access to a quantum computer, so just ask a mathematician. It doesn't even need to be a mathematician, any highschooler should know the answer: one just can't "solve" the infinite. 



    ------------------------------
    Dan Mimis
    TUPLEZZ
    TUPLEZZ
    ------------------------------



  • 8.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 03:22:00 AM
    Edited by Alex Sharpe Nov 19, 2023 03:30:23 AM

    Thank you for posting. Let me make some observations and see what I can do to help.

    First, it is a common misperception that the quantum threat to cryptography and MFA is the ability to perform brute force attacks faster and cheaper. The actual game changer from quantum is that it makes certain crypto-analytic attacks viable while also making the solution to previously thought intractable problems solvable.

    If it were about brute force attacks, we would just need to change the algorithm's inner workings and increase the key's length.

    Second, not all quantum computers are created equal. For example, some types of quantum computers are great at solving traveling salesman problems while others are not. Just because one kind of quantum computer becomes viable does not mean the type of quantum computer you need is viable.

    Third, in my experience, the crypto-based solutions that get the most attention and review are the ones that know their weaknesses. Sometimes, the weaknesses have been made publicly available to foster review and comment. RSA is a good example-just a thought.

    I am not as active in the community as I was, but I will ping some folks to see who might be interested.

    BTW, small math error. On average, a brute force attack takes one-half the time of the total possibilities. The average time to break your system would be one-half of infinity, which is still infinity.  ;)

    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 9.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 05:08:00 AM

    Thank you for your input, Alex. I checked your page: well done and impressive Strategic Partnerships, including your former employer, NSA. 

    Your willing to ping around is highly appreciated.

    Best,



    ------------------------------
    Dan Mimis
    ------------------------------



  • 10.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 05:42:00 AM

    first, to break something it is not necessary to have a quantum computer, it is sufficient to invalidate assumptions. in this case, "mathematical common sense" is not "mathematical proof", therefore, your claim of "impossibility" is at best questionable. 

    second, you claimed this is an "authentication method", therefore, even for its lowest level (by nist definition) the claimant shall demonstrate possession and control of the token. the problem telling apart remotely the legit user of the remote system and the adversary compromised that system is still an opened question. and you have not demonstrated how exactly this is done without circular reasoning, that is a fallacy by definition.

    no doubts, your method is novel - granted patent assured that. however, the patent does not assure the strength of the method - so far this is only your unsubstantiated claim on something that does not satisfy requirements of the lowest authentication level.



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 11.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 05:56:00 AM

    Then how about you take the top 3 authentication methods and compare them with TUPLEZZ: yep, use a top hacker as MitM. You'll notice that the method that you said "does not satisfy requirements of the lowest authentication level" will come up as the safest. You'll also see that the new concept AOTC makes phishing impossible. 



    ------------------------------
    Dan Mimis
    ------------------------------



  • 12.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 07:06:00 AM

    the problem with this approach is twofold:

    1. security is unobservable property - it is impossible to prove security positive, i.e., design a test to demonstrate security. and no number of negative tests can serve as proof.
    2. necessary claims for security and sufficient claims for insecurity are unfalsifiable.

    >>You'll also see that the new concept AOTC makes phishing impossible. 

    no, it is not. i can simply ask the user to authenticate and take over the channel.



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 13.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 19, 2023 05:23:00 PM

    @Boris:

    1. If you think that a "mathematical proof" is needed to show that a hacker can't win against the infinite, then I'm happy we didn't study math at the same school.
    2. Regarding the AOTC you're wrong again: nobody is sending the AOTC to the Client for Authentication. The "A" stands for Authenticated* -- obviously you failed to understand the AOTC concept. * The Server is authenticating the AOTC and nobody else can cos they don't know: (A) how many Active Elements (AEs) are used; (B) what are the predetermined positions of the AEs inside the AOTC; (C) what are the AEs' corresponding numerical values; (D) what are the formulas to compute the authentication.
    3. You are way off topic -- just check out the title of this thread. So, unless you are some "Reputable Entity" (which I highly doubt), your overall aggression and your 100% negative comments on patents that you clearly don't understand are out of place. 

     



    ------------------------------
    Dan Mimis
    ------------------------------



  • 14.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 20, 2023 01:07:00 AM
    Edited by boris taratine Nov 20, 2023 01:07:43 AM
    1. yes, as you say it is "unbreakable" - the only way it is possible is when to break the adversary need to break the laws of nature. and the common sense here is not a proof. appealing to a crowd is a fallacy, and there is no need to go personal - let's stay on the claims made and prove those claims are sound.
    2. i was wrong many times that gives me an advantage to see things better. so, let's look at the statement in red: * The Server is authenticating the AOTC and nobody else can cos they don't know: (A) how many Active Elements (AEs) are used; (B) what are the predetermined positions of the AEs inside the AOTC; (C) what are the AEs' corresponding numerical values; (D) what are the formulas to compute the authentication. how exactly will this prevent an adversary who compromised the remote system act on the user behalf and spoof any signal the server side is expecting? according to the claims this is the part of the problem space you claimed was solved by the solution described in the patent you promote.
    3. i ignore your second personal remark as this is not relevant to the conversation. what is relevant is an onus on you to prove your claims of "impossibility": extraordinary claims require extraordinary scrutiny. if you feel asking for proof or stating verifiable facts are negative comments there is little i can do about it, but to remind 1) our industry wastes hundreds of billions justifying spending by narrative fallacies without measurable improvement, 2) we have already seen extraordinary claims that spectacularly failed, e.g., wep, secureid, sha1, (next will be zerotrust), etc. - the list of extraordinary claims about unbreakable (i.e., "impossible" to break) things is too long to wholeheartedly jump on yet another extraordinary miracle (YAEM).    



    ------------------------------
    boris taratine
    helping the internet become the safest digital place in the world
    ------------------------------



  • 15.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 21, 2023 08:26:00 AM

    Got to agree with @boris taratine here with a few comments:

    • Although the concept of infinity has a mathematical basis, we have yet to perform an experiment that yields an infinite result. Even in maths, the idea that something could have no limit is paradoxical.
    • 'unbreakable' or 'unhackable' is superfluous, any system is breakable, its just a question of how hard. For example, what if your patent implementation has a 0day, vulnerability, or misconfiguration?
    • As implied by Boris, if an attacker is next to the client/user, with a gun to their head, they can get into the system. Every system needs to be considered from the perspective of clever compromise.
    • I don't think Boris is being negative or out of place. This is a public forum for conversation. I have spared with Boris in this forum before, he means well and is trying to elicit your value proposition and how it can be demonstrably measured. This is the scientific process which helps to make things better.
    • On that note, I like to think of myself as technically literate across a wide variety of topics. From my brief reading of tuplezz I do not yet understand how it is unbreakable. If others do not understand, do not blame them, blame yourself for not being able to communicate in a simple manner. This is the art of communication and convincing people.


    ------------------------------
    Philip Griffiths
    Head of Business Development
    NetFoundry
    ------------------------------



  • 16.  RE: Reputable institutions that evaluate new cybersecurity patents

    Posted Nov 21, 2023 08:51:00 AM

    Good thread. Just highlight a couple of points.

    1. Nothing is unbreakable. Most successful attacks are performed by going around the way the defense was designed.
    2. It is generally regarded, when the answer is infinite, we did something wrong.
    3. It is a basic logic principle, you cannot prove something cannot happen. You can only prove it can.

      "If you think that a "mathematical proof" is needed to show that a hacker can't win against the infinite, then I'm happy we didn't study math at the same school."

      Keep in mind, any credible institution who evaluates your patent will be asking for the mathematical proofs behind your assertions.


    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------