Patents by Inventor Dieter M. Sommer
Dieter M. Sommer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11379825Abstract: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.Type: GrantFiled: February 22, 2019Date of Patent: July 5, 2022Assignee: International Business Machines CorporationInventors: Jan L. Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger D. Zimmermann
-
Patent number: 10833873Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: GrantFiled: October 29, 2019Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Jan Camenisch, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Publication number: 20200067716Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: ApplicationFiled: October 29, 2019Publication date: February 27, 2020Inventors: Jan CAMENISCH, Daniel KOVACS, Kai SAMELIN, Dieter M. SOMMER
-
Patent number: 10560274Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: GrantFiled: June 9, 2016Date of Patent: February 11, 2020Assignee: International Business Machines CorporationInventors: Jan Camenisch, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Patent number: 10447467Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.Type: GrantFiled: May 4, 2016Date of Patent: October 15, 2019Assignee: International Business Machines CorporationInventors: Marcus Brandenburger, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20190188690Abstract: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.Type: ApplicationFiled: February 22, 2019Publication date: June 20, 2019Inventors: Jan L. Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger D. Zimmermann
-
Patent number: 10296900Abstract: A method and system for enabling performance of a transaction. A client computer displays a first representation of a transaction policy depicting transaction policy options for fulfilling the transaction policy. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.Type: GrantFiled: July 22, 2014Date of Patent: May 21, 2019Assignee: International Business Machines CorporationInventors: Jan L. Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger D. Zimmermann
-
Patent number: 10211981Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: November 16, 2017Date of Patent: February 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Patent number: 9984373Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.Type: GrantFiled: August 3, 2012Date of Patent: May 29, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Samuel Muller, Dieter M. Sommer
-
Publication number: 20180076956Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: ApplicationFiled: November 16, 2017Publication date: March 15, 2018Inventors: JAN L. CAMENISCH, FRANZ-STEFAN PREISS, KAI SAMELIN, DIETER M. SOMMER
-
Patent number: 9882717Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: August 2, 2016Date of Patent: January 30, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170359184Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: ApplicationFiled: June 9, 2016Publication date: December 14, 2017Inventors: Jan CAMENISCH, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170324545Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.Type: ApplicationFiled: May 4, 2016Publication date: November 9, 2017Inventors: Marcus Brandenburger, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170223008Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: ApplicationFiled: August 2, 2016Publication date: August 3, 2017Inventors: JAN L. CAMENISCH, FRANZ-STEFAN PREISS, KAI SAMELIN, DIETER M. SOMMER
-
Patent number: 9565020Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: February 2, 2016Date of Patent: February 7, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20140337754Abstract: A method and system for enabling performance of a transaction. A client computer displays a first representation of a transaction policy depicting transaction policy options for fulfilling the transaction policy. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.Type: ApplicationFiled: July 22, 2014Publication date: November 13, 2014Inventors: Jan L. Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger D. Zimmermann
-
Patent number: 8825554Abstract: A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.Type: GrantFiled: June 8, 2007Date of Patent: September 2, 2014Assignee: International Business Machines CorporationInventors: Jan Leonhard Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger Daniel Zimmermann
-
Patent number: 8473551Abstract: Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.Type: GrantFiled: May 25, 2012Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventors: Anthony Bussani, Jan L. Camenisch, Thomas R. Gross, Dirk Husemann, Dieter M. Sommer
-
Patent number: 8341416Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of: —creating an assertion (A) comprising one or more statements, —creating an assertion proof (p A), —creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A), —creating a key proof (PK) for the temporary public key (K), —creating an assertion message signature (S) by means of the temporary private key, —creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).Type: GrantFiled: April 26, 2007Date of Patent: December 25, 2012Assignee: International Business Machines CorporationInventors: Jan Leonhard Camenisch, Thomas R. Gross, Dieter M. Sommer
-
Publication number: 20120297003Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.Type: ApplicationFiled: August 3, 2012Publication date: November 22, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Samuel Muller, Dieter M. Sommer