Abstract: The invention relates to substituted S-alaninate derivatives and to processes for their preparation, and also to their use for preparing medicaments for the treatment and/or prophylaxis of diseases, in particular vascular disorders, preferably thrombotic or thromboembolic disorders and/or thrombotic or thromboembolic complications.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

Abstract: The present disclosure relates to a method for using a secret key for cryptographically processing a data item in an enclave enabled system. The method comprises: computing a first set of shares of the secret key and storing them in an encrypted format. Each encrypted share may be sent to respective component in a first set of components. In response to sending the encrypted shares, a modified encryption of the respective share may be received from each of the first set of components. Each of the received modified encryptions may be encrypted and the resulting modified share is sent to the respective first set of components. In response to sending the decrypted modified shares, a data item cryptographically processed using the respective share may be received from each of the first set of components. The received data items may be combined to obtain a cryptographically processed data item.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: A data-source computer provides message data, having associated id data, to be sent to a data-collection computer; produces a blinded id by blinding the id data using a nonce; sends the blinded id to a tokenization computer; and sends the nonce and the message data via a network for receipt by the data-collection computer. In response, the tokenization computer produces a blinded token comprising a function, blinded with the nonce, of the id data and a secret key of the tokenization computer, and sends the blinded token to the data-collection computer. The data-collection computer, in response, uses the nonce to unblind the blinded token to obtain an id token which comprises a deterministic function of the id data and the secret key. The data-collection computer then stores the id token and the message data in storage operatively coupled to the data-collection computer.

Abstract: A method, computer program product, and system for providing verification processes associated with a commitment-based authentication protocol are described. A request by a user for access to one or more resources is received, and a presentation policy is transmitted to the user indicating required credentials. A commitment to a revocation handle is received, including an indication of an associated Sigma protocol executed by the user. A challenge value selected from a challenge value set associated with the associated Sigma protocol is transmitted to the user. Based on the selected challenge value, a presentation token and a value parameter that is distinct from the presentation token are received from the user. Based on a determination as to whether the presentation token and value parameter are valid in accordance with the associated Sigma protocol, access for the user to the one or more resources is granted to the user or prevented.

Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.

Abstract: A method for a re-issuance of an attribute-based credential of an issuer of the attribute-based credential for a user may be provided. The user is holding backup values derived from a first credential previously obtained from the issuer, wherein the first credential is built using at least a first value of at least one authentication pair. The method comprises receiving by the issuer from the user a set of values derived from the backup values comprising a second value of the at least one authentication pair, validating by the issuer that the second value is a valid authentication answer with respect to the first value and whether the set of values was derived from a valid first credential, and providing by the issuer a second credential to the user based on the first set of values.

Abstract: The present disclosure relates to a method for using a secret key for cryptographically processing a data item in an enclave enabled system. The method comprises: computing a first set of shares of the secret key and storing them in an encrypted format. Each encrypted share may be sent to respective component in a first set of components. In response to sending the encrypted shares, a modified encryption of the respective share may be received from each of the first set of components. Each of the received modified encryptions may be encrypted and the resulting modified share is sent to the respective first set of components. In response to sending the decrypted modified shares, a data item cryptographically processed using the respective share may be received from each of the first set of components. The received data items may be combined to obtain a cryptographically processed data item.

Abstract: A method for cryptographic signing. The disclosure provides for a signature scheme to secure digital communication using homomorphic message encoding functions. The signature may be applied to hidden messages, and the knowledge of a signature can be proved without the value of the signature being revealed. Applications of the present invention may include anonymous credentials, electronic voting, and group signatures.

Abstract: This invention relates to cryptographic signing. The disclosure provides for a signature scheme to secure digital communication using homomorphic message encoding functions. The signature may be applied to hidden messages, and the knowledge of a signature can be proved without the value of the signature being revealed. Applications of the present invention may include anonymous credentials, electronic voting, and group signatures.

Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

Abstract: Computer-implemented methods are provided for communicating message data from a sender computer to a receiver computer via a network. The sender computer encrypts the message data in dependence on a cryptographic key to produce a ciphertext, and establishes an access password for the ciphertext with a host computer connected to the network. The sender computer sends the ciphertext via the network to the host computer, and sends an email, containing the cryptographic key in cleartext, to the receiver computer via the network. The cryptographic key comprises a random cryptographic value which is independent of the access password. The host computer receives the ciphertext from the sender computer and stores the ciphertext in association with the access password. The receiver computer receives the email from the sender computer and sends an access request for the ciphertext, and an input password, to the host computer via the network.

Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

Abstract: A system has ??2 servers. At least each of a set of authentication servers stores a key-share ski of secret key sk, shared between q of the ? servers, of a key-pair (pk, sk). An access control server sends an authentication value to a subset of the authentication servers. The authentication value was formed using a predetermined function of a first ciphertext for a user ID and a second ciphertext produced by encrypting a password attempt under public key pk using a homomorphic encryption algorithm. The authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID. Each authentication server in the subset produces a decryption share dependent on the authentication value using the key-share ski. The access control server uses decryption shares to determine if the authentication value decrypts to the predetermined value, if so permitting access to a resource.

Abstract: The invention performs anonymous read/write accesses of a set of user devices to a server. Write accesses of the user devices of the set comprise generating an encrypted file by an anonymous encryption scheme; computing a pseudorandom tag; indexing the encrypted file with the tag as user set index of the user set and writing the encrypted file and the associated tag to the a storage system of the server. Read accesses of the user devices of the set comprise downloading tag data corresponding to a plurality of tags from the server, the tag data enabling the user devices of a respective set to recognize so-called “own” tags computed by one of the user devices of the respective set of user devices; determining the own tags among the plurality of tags; reading one or more encrypted files associated to the own tags; and decrypting the encrypted files.

Abstract: One of n?2 servers, connectable via a network, implements a cryptographic protocol using a secret key K which is shared between the n servers, and includes first and second server compartments. The first is connectable to the network, adapted to implement the cryptographic protocol, and stores a current key share of the secret key K. The second is inaccessible from the network in the operation of the server, stores a set of master keys, and is adapted, for each of successive time periods, to unilaterally generate a new key share of the secret key K and to supply it to the first as the current key share for that time period. The new key share includes a random share of a predetermined value p which is shared between the n servers, and the random share includes a function of the set of master keys.