公开(公告)号：DE60318073T2

公开(公告)日：2008-12-11

申请号：DE60318073

申请日：2003-07-07

Applicant: IBM

Inventor： CAMENISCH JAN ,  KOPROWSKI MACIEJ

IPC: G09C1/00 ,  H04L9/32

Abstract: The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.

公开(公告)号：AU2003263543A1

公开(公告)日：2004-05-04

申请号：AU2003263543

申请日：2003-09-30

Applicant: IBM

Inventor： ALGESHEIMER JOY ,  CAMENISCH JAN ,  SHOUP VICTOR

IPC: H04L9/30 ,  G06F7/58

公开(公告)号：DE112018001285T5

公开(公告)日：2019-12-19

申请号：DE112018001285

申请日：2018-05-17

Applicant: IBM

Inventor： DE CARO ANGELO ,  GHOSH ESHA ,  SORNIOTTI ALESSANDRO ,  CAMENISCH JAN

IPC: H04L9/00

Abstract: Eine Erzeugung eines Verschlüsselungsschlüssels wird deterministisch aus Client-Daten abgeleitet, deren Kenntnis ein Client-Computer beweist, um den Schlüssel zu erhalten. Ein Client-Computer stellt Client-Daten bereit und ist so ausgelegt, dass er einen Vektor definiert, der über eine Vielzahl von Datenblöcken mit Indizes verfügt, die den Client-Daten entsprechen. Der Client-Computer ist des Weiteren so ausgelegt, dass er ein erstes, nicht versteckendes Vektor-Commitment und ein zweites, versteckendes Vektor-Commitment auf den Vektor und ein drittes Commitment auf das erste Commitment erzeugt. Der Client-Computer sendet das zweite und das dritte Commitment an den Schlüsselserver und stellt dem Schlüsselserver einen ersten Wissensbeweis, für eine Teilmenge der Indizes, über die Kenntnis der entsprechenden Datenblöcke des Vektors in dem zweiten und dem dritten Commitment bereit. Der Schlüsselserver speichert einen geheimen Serverschlüssel und ist so ausgelegt, dass er sich mit dem Client-Computer an einem Schlüsselerzeugungsprotokoll beteiligt.

公开(公告)号：DE112018000143T5

公开(公告)日：2019-07-25

申请号：DE112018000143

申请日：2018-01-02

Applicant: IBM

Inventor： LEHMANN ANJA ,  CACHIN CHRISTIAN ,  CAMENISCH JAN ,  FREIRE STOGBUCHNER EDUARDA

IPC: G06F21/00

Abstract: Eine Datenmaskierung wird für mindestens ein vorher festgelegtes Datenelement in zu sendenden Daten bereitgestellt, indem eine Einweg-Funktion auf dieses Datenelement angewendet wird, um einen ersten Wert zu erzeugen, ein maskiertes Datenelement erzeugt wird, indem der erste Wert über ein deterministisches Verschlüsselungsschema unter Verwendung eines aktuellen Verschlüsselungsschlüssels für eine aktuelle Epoche verschlüsselt wird, und dieses Datenelement durch das maskierte Datenelement ersetzt wird. Ein Datenanbieter-Computer sendet die maskierten Daten an den Datenbenutzer-Computer. Nach Ablauf der aktuellen Epoche erzeugt der Datenanbieter-Computer einen neuen Verschlüsselungsschlüssel für das Verschlüsselungsschema in einer neuen Epoche, erzeugt Maskierungsaktualisierungsdaten, die von dem aktuellen und dem neuen Verschlüsselungsschlüssel abhängen, und sendet die Maskierungsaktualisierungsdaten an den Datenbenutzer-Computer. Die Maskierungsaktualisierungsdaten erlauben das Aktualisieren, an dem Datenbenutzer-Computer, von maskierten, mit dem aktuellen Verschlüsselungsschlüssel erzeugten Datenelementen auf maskierte, mit dem neuen Verschlüsselungsschlüssel erzeugte Datenelemente.

公开(公告)号：GB2462012B

公开(公告)日：2012-05-16

申请号：GB0915404

申请日：2009-09-04

Applicant: IBM

Inventor： GROSS THOMAS ,  CAMENISCH JAN

IPC: H04L29/06 ,  G06F21/31 ,  H04L9/32

Abstract: An entity (D) is authenticated to a service provider (C) and/or a transaction is authorized with the entity (D) to the service provider (C) over a small bandwidth channel. The entity (D) pre-computes an identity proof (IDP) dependent on an identity information (CERTu) and a policy (Pc) of the service provider (C). The identity proof (IDP) is transmitted to a transaction authorization service (T). Alternatively, the entity (D) pre-computes the identity proof (IDP) interacting with the transaction authorization service (T). A primary transaction code (TAN) is determined and transmitted to the entity (D). With the entity (D), a secondary transaction code (A) is computed dependent on the primary transaction code (TAN) and is transmitted to the service provider (C). The secondary transaction code (A) is transmitted to the transaction authorization service (T). The secondary transaction code (A) is validated dependent on the primary transaction code (TAN). The transaction authorization service (T) transmits the pre-computed identity proof (IDP) and/or a validation information dependent on a validation result of the validation to the service provider (C). The arrangement allows an anonymous authentication with a service provider using zero-knowledge proof.

公开(公告)号：CA2494078C

公开(公告)日：2010-11-23

申请号：CA2494078

申请日：2003-07-07

Applicant: IBM

Inventor： CAMENISCH JAN ,  KOPROWSKI MACIEJ

IPC: G09C1/00 ,  H04L9/32

Abstract: The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.

公开(公告)号：AU2003263543A8

公开(公告)日：2004-05-04

申请号：AU2003263543

申请日：2003-09-30

Applicant: IBM

Inventor： CAMENISCH JAN ,  SHOUP VICTOR ,  ALGESHEIMER JOY

IPC: H04L9/30

公开(公告)号：CA2494078A1

公开(公告)日：2004-02-12

申请号：CA2494078

申请日：2003-07-07

Applicant: IBM

Inventor： CAMENISCH JAN ,  KOPROWSKI MACIEJ

IPC: G09C1/00 ,  H04L9/32

Abstract: The presented methods form the basis of a forward-secure signature scheme th at is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. T he scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signatur e values based on an exposed key can be identified accordingly. In general, ea ch prepared signature carries an ascending index such that once an index is use d, no lower index can be used to sign. Then, whenever an adversary breaks in, a n honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatur es made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.

公开(公告)号：AU1081402A

公开(公告)日：2002-05-15

申请号：AU1081402

申请日：2001-10-24

Applicant: IBM

Inventor： ALGESHEIMER-MULLER JOY ,  CACHIN CHRISTIAN ,  CAMENISCH JAN ,  KARJOTH GUNTER

IPC: G06F21/20 ,  G06F1/00 ,  G06F9/46 ,  G09C1/00 ,  H04L9/32

Abstract: The invention provides a method and system for processing securely an originator request of a customer. This originator request can be sent to at least one first entity. The method for processing the originator request comprises the steps of (a) sending from the customer the originator request to the or each first entity; (b) connecting the or each first entity to a computation entity; (c) adding by the or each first entity, information concerning the originator request; (d) sending at least part of the first modified request to at least the computation entity; (e) deriving a computation-entity result from the at least part of the first-modified request; (f) sending at least part of the computation-entity result to the or each first entity; (g) deriving therefrom a first-entity result and forwarding it at least in part; and (h) deriving therefrom a customer result.