-
公开(公告)号:GB2543726B
公开(公告)日:2019-11-20
申请号:GB201703301
申请日:2015-08-25
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , STEPHAN KRENN , ROBERT R ENDERLEIN , ANJA LEHMANN , GREGORY NEVEN
IPC: H04L9/08
-
公开(公告)号:GB2562825A
公开(公告)日:2018-11-28
申请号:GB201803470
申请日:2017-02-24
Applicant: IBM
Inventor: JAN CAMENISCH , MARIA DUBOVITSKAYA , ANJA LEHMANN , GREGORY NEVEN
Abstract: A method performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme (510); computing a pseudorandom tag (520); indexing the encrypted file with the tag as user set index of the user set (530) and writing the encrypted file and the associated tag to the storage system of the server (540). Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server (610), the tag data enabling the user devices of a respective set to recognize so-called "own" tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags (620); reading one or more encrypted files associated to the own tags (630); and decrypting the encrypted files (640).
-
公开(公告)号:GB2543726A
公开(公告)日:2017-04-26
申请号:GB201703301
申请日:2015-08-25
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , STEPHAN KRENN , ROBERT R ENDERLEIN , ANJA LEHMANN , GREGORY NEVEN
IPC: H04L9/08
Abstract: Methods and apparatus are provided for generating a secret cryptographic key of a user computer (3) which is connectable to a server (2) via a network (4). A secret user value is provided at the user computer (3). A secret server value is provided at the server (2) with a check value which encodes the secret user value and a user password. In response to input of an input password at the user computer (3), the user computer encodes the secret user value and the input password to produce a first value corresponding to said check va1ue, and communicates the first value to the server (2) via the network (4). In response, the server (2) compares the first value and the check value to check whether the input password equals the user password. If so, the server (2) encodes the first value and said secret server value to produce a second value and communicates the second value to the user computer (3) via the network (4). In response, the user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value.
-
公开(公告)号:GB2541586B
公开(公告)日:2017-04-05
申请号:GB201619635
申请日:2015-05-19
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , ANJA LEHMANN , GREGORY NEVEN
Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.
-
Patent Agency Ranking
公开(公告)号:GB2562825B
公开(公告)日:2022-03-30
申请号:GB201803470
申请日:2017-02-24
Applicant: IBM
Inventor: JAN CAMENISCH , MARIA DUBOVITSKAYA , ANJA LEHMANN , GREGORY NEVEN
Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.
-
公开(公告)号:GB2546612A
公开(公告)日:2017-07-26
申请号:GB201621278
申请日:2016-12-14
Applicant: IBM
Inventor: GREGORY NEVEN , JAN LEONHARD CAMENISCH , ANJA LEHMANN
Abstract: In the invention a first user processing system 210 creates a public/private asymmetric key pair. An authentication function operates on the public key pk1 and a pre-shared password p, or hash thereof, and returns a new authenticated password value apk1. apk1 is transferred to a second user processing system 220, which recovers pk1 from apk1 using the pre-shared password. pk1 is then used to encrypt a message m to create ciphertext C. The ciphertext is returned to the first user processing system which decrypts it using the secret/private key paired with the public key. Use of the private key may be protected by the password. Messages may pass via a host which cannot decrypt the messages, for example a cloud storage provider. The invention may use the ElGamal encryption system and the password may be hashed into public key space.
-
公开(公告)号:GB2541586A
公开(公告)日:2017-02-22
申请号:GB201619635
申请日:2015-05-19
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , ANJA LEHMANN , GREGORY NEVEN
Abstract: Apparatus and methods are provided for use in multi-server authentication of user passwords. A password authentication system 1 includes an access control server 2 for communication with user computers 3 via a network 4. The access control server 2 controls access by the user computers 3 to a resource 5 in dependence on authentication of user passwords associated with respective user IDs. The system 1 further includes a plurality n of authentication servers 6, storing respective secret values, for communication with the access control server 2 via the network 4. For each user ID, the access control server 2 stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values of the authentication servers 6. The access control server 2 and authentication servers 6 are adapted such that, in response to receipt from a user computer 3 of a user ID and an input password, the access control server 2 communicates with a plurality k≤ n of the authentication servers 6 implement a password authentication protocol, requiring use by the k authentication servers of their respective secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm and the access control server 2 uses the first and second ciphertexts to determine whether the input password equals the user password for the received user ID. If so, the access control server 2 permits the user computer 3 access to the resource 5.
-
公开(公告)号:GB2530726B
公开(公告)日:2016-11-02
申请号:GB201416888
申请日:2014-09-25
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , YOSSI GILAD , ANJA LEHMANN , ZOLTAN ARNOLD NAGY , GREGORY NEVEN
Abstract: Respective cryptographic shares of password data, dependent on a user password, are provided at n authentication servers. A number t1≤n of the password data shares determine if the user password matches a password attempt. Respective cryptographic shares of secret data, enabling determination of a username for each verifier server, are provided at n authentication servers. A number t2≤t1 of the shares reconstruct the secret data. For a password attempt, the user computer communicates with at least t1 authentication servers to determine if the user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers. The user computer uses the secret data to generate, with T≤t1 of said t1 servers, a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username.
-
公开(公告)号:GB2527603B
公开(公告)日:2016-08-10
申请号:GB201411510
申请日:2014-06-27
Applicant: IBM
Inventor: JAN LEONHARD CAMENISCH , ANJA LEHMANN , GREGORY NEVEN , STEPHAN KRENN
IPC: H04L9/32
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.018 seconds)
