Patents by Inventor Kai Samelin
Kai Samelin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10833873Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: GrantFiled: October 29, 2019Date of Patent: November 10, 2020Assignee: International Business Machines CorporationInventors: Jan Camenisch, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Publication number: 20200067716Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: ApplicationFiled: October 29, 2019Publication date: February 27, 2020Inventors: Jan CAMENISCH, Daniel KOVACS, Kai SAMELIN, Dieter M. SOMMER
-
Patent number: 10560274Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: GrantFiled: June 9, 2016Date of Patent: February 11, 2020Assignee: International Business Machines CorporationInventors: Jan Camenisch, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Patent number: 10447467Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.Type: GrantFiled: May 4, 2016Date of Patent: October 15, 2019Assignee: International Business Machines CorporationInventors: Marcus Brandenburger, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Patent number: 10356058Abstract: Computer-implemented methods are provided for communicating message data from a sender computer to a receiver computer via a network. The sender computer encrypts the message data in dependence on a cryptographic key to produce a ciphertext, and establishes an access password for the ciphertext with a host computer connected to the network. The sender computer sends the ciphertext via the network to the host computer, and sends an email, containing the cryptographic key in cleartext, to the receiver computer via the network. The cryptographic key comprises a random cryptographic value which is independent of the access password. The host computer receives the ciphertext from the sender computer and stores the ciphertext in association with the access password. The receiver computer receives the email from the sender computer and sends an access request for the ciphertext, and an input password, to the host computer via the network.Type: GrantFiled: October 1, 2015Date of Patent: July 16, 2019Assignee: International Business Machines CorporationInventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven, Kai Samelin
-
Patent number: 10326753Abstract: Methods, systems and computer program products are provided for authenticating a message via a revocable signature. The method includes, at a signing computer, generating first auxiliary data and second auxiliary data respectively dependent on a public key and a private key of a public-private key pair for the message. The signing computer hashes the message and the first auxiliary data via a chameleon hash algorithm, using a public hash key of a verifier computer, to produce a first hash value. The signing computer signs the first hash value, using a secret signing key of the signing computer, to produce a signature. The signing computer sends the message, the signature and the first auxiliary data to the verifier computer, and stores the second auxiliary data.Type: GrantFiled: June 23, 2016Date of Patent: June 18, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Daniel Kovacs, Kai Samelin, Dieter Sommer
-
Patent number: 10250576Abstract: A method is provided for communicating messages between sender and receiver computers, connectable via a network to a system of servers, based on authentication of receiver passwords, associated with respective receiver IDs, by the system. A method is also provided for receiving a message from a sender based on authentication of a receiver password, associated with a receiver ID, by a system of servers, in a network, wherein each server stores for the ID a ciphertext produced by encrypting the receiver password under a public key via a homomorphic threshold encryption scheme having a threshold, and a key-share of a secret key corresponding to that public key, and stores an encrypted message from the sender encrypted under the public key. Systems are provided including servers, for communicating messages between sender and receiver computers based on authentication of receiver passwords, associated with respective receiver IDs, by the system.Type: GrantFiled: February 8, 2017Date of Patent: April 2, 2019Assignee: International Business Machines CorporationInventors: Jan Leonhard Camenisch, Kai Samelin
-
Patent number: 10211981Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: November 16, 2017Date of Patent: February 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20180227278Abstract: A method is provided for communicating messages between sender and receiver computers, connectable via a network to a system of servers, based on authentication of receiver passwords, associated with respective receiver IDs, by the system. A method is also provided for receiving a message from a sender based on authentication of a receiver password, associated with a receiver ID, by a system of servers, in a network, wherein each server stores for the ID a ciphertext produced by encrypting the receiver password under a public key via a homomorphic threshold encryption scheme having a threshold, and a key-share of a secret key corresponding to that public key, and stores an encrypted message from the sender encrypted under the public key. Systems are provided including servers, for communicating messages between sender and receiver computers based on authentication of receiver passwords, associated with respective receiver IDs, by the system.Type: ApplicationFiled: February 8, 2017Publication date: August 9, 2018Inventors: Jan Leonhard Camenisch, Kai Samelin
-
Publication number: 20180076956Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: ApplicationFiled: November 16, 2017Publication date: March 15, 2018Inventors: JAN L. CAMENISCH, FRANZ-STEFAN PREISS, KAI SAMELIN, DIETER M. SOMMER
-
Patent number: 9882717Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: August 2, 2016Date of Patent: January 30, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170374033Abstract: Methods, systems and computer program products are provided for authenticating a message via a revocable signature. The method includes, at a signing computer, generating first auxiliary data and second auxiliary data respectively dependent on a public key and a private key of a public-private key pair for the message. The signing computer hashes the message and the first auxiliary data via a chameleon hash algorithm, using a public hash key of a verifier computer, to produce a first hash value. The signing computer signs the first hash value, using a secret signing key of the signing computer, to produce a signature. The signing computer sends the message, the signature and the first auxiliary data to the verifier computer, and stores the second auxiliary data.Type: ApplicationFiled: June 23, 2016Publication date: December 28, 2017Inventors: Daniel Kovacs, Kai Samelin, Dieter Sommer
-
Publication number: 20170359184Abstract: Methods and systems are provided for demonstrating authorization to access a resource to a verifier computer controlling access to the resource. The method comprises, at a user computer, storing an attribute credential certifying a set of attributes; and communicating with a revocation authority computer to obtain an auxiliary credential, bound to the attribute credential, certifying a validity status for each attribute in the attribute credential. The method further comprises, at the user computer, communicating with the verifier computer to prove possession of the attribute credential and the auxiliary credential such that the verifier computer can determine whether at least one attribute in the attribute credential, certified as valid by the auxiliary credential, satisfies an access condition for the resource.Type: ApplicationFiled: June 9, 2016Publication date: December 14, 2017Inventors: Jan CAMENISCH, Daniel Kovacs, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170324545Abstract: In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.Type: ApplicationFiled: May 4, 2016Publication date: November 9, 2017Inventors: Marcus Brandenburger, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer
-
Publication number: 20170223008Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: ApplicationFiled: August 2, 2016Publication date: August 3, 2017Inventors: JAN L. CAMENISCH, FRANZ-STEFAN PREISS, KAI SAMELIN, DIETER M. SOMMER
-
Publication number: 20170099268Abstract: Computer-implemented methods are provided for communicating message data from a sender computer to a receiver computer via a network. The sender computer encrypts the message data in dependence on a cryptographic key to produce a ciphertext, and establishes an access password for the ciphertext with a host computer connected to the network. The sender computer sends the ciphertext via the network to the host computer, and sends an email, containing the cryptographic key in cleartext, to the receiver computer via the network. The cryptographic key comprises a random cryptographic value which is independent of the access password. The host computer receives the ciphertext from the sender computer and stores the ciphertext in association with the access password. The receiver computer receives the email from the sender computer and sends an access request for the ciphertext, and an input password, to the host computer via the network.Type: ApplicationFiled: October 1, 2015Publication date: April 6, 2017Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven, Kai Samelin
-
Patent number: 9565020Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.Type: GrantFiled: February 2, 2016Date of Patent: February 7, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jan L. Camenisch, Franz-Stefan Preiss, Kai Samelin, Dieter M. Sommer