-
公开(公告)号:GB2575609B
公开(公告)日:2020-06-17
申请号:GB201916247
申请日:2018-04-10
Applicant: IBM
Inventor: ANJA LEHMANN , MICHAEL CHARLES OSBORNE , MARCUS OESTREICHER
IPC: G06F21/00
Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.
-
公开(公告)号:GB2575609A
公开(公告)日:2020-01-15
申请号:GB201916247
申请日:2018-04-10
Applicant: IBM
Inventor: ANJA LEHMANN , MICHAEL CHARLES OSBORNE , MARCUS OESTREICHER
IPC: G06F21/00
Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.
-
公开(公告)号:GB2574141A
公开(公告)日:2019-11-27
申请号:GB201911905
申请日:2018-01-02
Applicant: IBM
Inventor: ANJA LEHMANN , CHRISTIAN CACHIN , JAN CAMENISCH , EDUARDA FREIRE STOGBUCHNER
Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.
-
公开(公告)号:GB2543726B
公开(公告)日:2019-11-20
申请号:GB201703301
申请日:2015-08-25
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , STEPHAN KRENN , ROBERT R ENDERLEIN , ANJA LEHMANN , GREGORY NEVEN
IPC: H04L9/08
-
公开(公告)号:GB2562825A
公开(公告)日:2018-11-28
申请号:GB201803470
申请日:2017-02-24
Applicant: IBM
Inventor: JAN CAMENISCH , MARIA DUBOVITSKAYA , ANJA LEHMANN , GREGORY NEVEN
Abstract: A method performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme (510); computing a pseudorandom tag (520); indexing the encrypted file with the tag as user set index of the user set (530) and writing the encrypted file and the associated tag to the storage system of the server (540). Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server (610), the tag data enabling the user devices of a respective set to recognize so-called "own" tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags (620); reading one or more encrypted files associated to the own tags (630); and decrypting the encrypted files (640).
-
Patent Agency Ranking
公开(公告)号:GB2543726A
公开(公告)日:2017-04-26
申请号:GB201703301
申请日:2015-08-25
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , STEPHAN KRENN , ROBERT R ENDERLEIN , ANJA LEHMANN , GREGORY NEVEN
IPC: H04L9/08
Abstract: Methods and apparatus are provided for generating a secret cryptographic key of a user computer (3) which is connectable to a server (2) via a network (4). A secret user value is provided at the user computer (3). A secret server value is provided at the server (2) with a check value which encodes the secret user value and a user password. In response to input of an input password at the user computer (3), the user computer encodes the secret user value and the input password to produce a first value corresponding to said check va1ue, and communicates the first value to the server (2) via the network (4). In response, the server (2) compares the first value and the check value to check whether the input password equals the user password. If so, the server (2) encodes the first value and said secret server value to produce a second value and communicates the second value to the user computer (3) via the network (4). In response, the user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
公开(公告)号:GB2541586B
公开(公告)日:2017-04-05
申请号:GB201619635
申请日:2015-05-19
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , ANJA LEHMANN , GREGORY NEVEN
Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.
-
公开(公告)号:GB2562825B
公开(公告)日:2022-03-30
申请号:GB201803470
申请日:2017-02-24
Applicant: IBM
Inventor: JAN CAMENISCH , MARIA DUBOVITSKAYA , ANJA LEHMANN , GREGORY NEVEN
Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.
-
公开(公告)号:GB2574141B
公开(公告)日:2020-05-20
申请号:GB201911905
申请日:2018-01-02
Applicant: IBM
Inventor: ANJA LEHMANN , CHRISTIAN CACHIN , JAN CAMENISCH , EDUARDA FREIRE STOGBUCHNER
Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.
-
公开(公告)号:GB2546612A
公开(公告)日:2017-07-26
申请号:GB201621278
申请日:2016-12-14
Applicant: IBM
Inventor: GREGORY NEVEN , JAN LEONHARD CAMENISCH , ANJA LEHMANN
Abstract: In the invention a first user processing system 210 creates a public/private asymmetric key pair. An authentication function operates on the public key pk1 and a pre-shared password p, or hash thereof, and returns a new authenticated password value apk1. apk1 is transferred to a second user processing system 220, which recovers pk1 from apk1 using the pre-shared password. pk1 is then used to encrypt a message m to create ciphertext C. The ciphertext is returned to the first user processing system which decrypts it using the secret/private key paired with the public key. Use of the private key may be protected by the password. Messages may pass via a host which cannot decrypt the messages, for example a cloud storage provider. The invention may use the ElGamal encryption system and the password may be hashed into public key space.
-
-
-
-
-
-
-
-
-
Search Results
13
records
(took 0.018 seconds)
