Abstract: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.

Abstract: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.

Abstract: A method and system for enabling performance of a transaction. A client computer displays a first representation of a transaction policy depicting transaction policy options for fulfilling the transaction policy. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.

Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: A method and system for enabling performance of a transaction. A client computer displays a first representation of a transaction policy depicting transaction policy options for fulfilling the transaction policy. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.

Abstract: A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.

Abstract: Methods and apparatus for forming and presenting confidential presentations within a computing environment associated with a virtual application are presented. For example, a method for forming a confidential presentation includes obtaining a correspondence indicator from an asset server, obtaining a first texture from the asset server, and overlaying the first texture onto a first object. The correspondence indicator indicates the first texture corresponds to the first object. The first object is within the computing environment associated with the virtual application. The first texture and the asset server are inaccessible by the computing environment associated with the virtual application. The confidential presentation comprises the first texture.

Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of: —creating an assertion (A) comprising one or more statements, —creating an assertion proof (p A), —creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A), —creating a key proof (PK) for the temporary public key (K), —creating an assertion message signature (S) by means of the temporary private key, —creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).

Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.