Abstract: A method for providing a warranty relating to a transaction between two parties in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each party being a client of at least one of the institutions, the method comprising: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.

Abstract: A method for providing a warranty relating to a transaction between two parties, each party being a client of at least one respective institution which provides services to the respective party, the method including: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.

Abstract: A method for providing a warranty relating to a transaction between two parties, each party being a client of at least one respective institution which provides services to the respective party, the method including: transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction; conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client; and transmitting a response to the request from the respective location to the one party.

Abstract: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.

Abstract: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.

Abstract: A method for facilitating provision of a warranty relating to a transaction between two parties in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, the method containing the steps of transmitting a request for a warranty from one party to the transaction which is a client of the respective institution to a respective location associated with the respective institution, which request includes information identifying the other party to the transaction and information about the nature of the transaction conducting an exchange of information between the respective location and a location associated with a institution of which the other party is a client and transmitting a response to the request from the respective location to the one party.

Abstract: In an infrastructure in which some of a plurality of entities provide cryptographically supported services, a method of registering a subscriber entity of a plurality of entities at a principal entity of a plurality of entities, the method comprising the subscriber entity requesting service from the principal entity by sending a request message to a registrar entity of the plurality of entities; the registrar entity verifying the subscriber entity and forwarding the request for service to the principal entity; the principal entity storing the forwarded request and transmitting an acknowledgement message to the registrar entity, the acknowledgement stating acceptance and authentication/authorization information that the subscriber entity requires for the requested service; and the registrar entity verifying the authenticity of the received acknowledgement message, and, if correct, forwarding the acknowledgement message to the subscriber entity.

Abstract: In an infrastructure in which some of a plurality of entities provide cryptographically supported services, a method of registering a subscriber entity of a plurality of entities at a principal entity of a plurality of entities, the method comprising the subscriber entity requesting service from the principal entity by sending a request message to a registrar entity of the plurality of entities; the registrar entity verifying the subscriber entity and forwarding the request for service to the principal entity; the principal entity storing the forwarded request and transmitting an acknowledgement message to the registrar entity, the acknowledgement stating acceptance and authentication/authorization information that the subscriber entity requires for the requested service; and the registrar entity verifying the authenticity of the received acknowledgement message, and, if correct, forwarding the acknowledgement message to the subscriber entity.

Abstract: An electronic transaction system includes an authority issuing electronic signals representing subscriber assurance of an attribute of a subscriber to the system; and a reliance server obtaining electronic signals representing information regarding the subscriber assurance issued by the issuing authority, the reliance server issuing electronic signals representing a signed warranty offer to a relying party, the signed warranty offer being based at least on the subscriber attribute assurance, wherein the reliance server only provides the signed warranty offer if the relying party is authorized to make a request for said warranty.

Abstract: A multi-step digital signature system and method is provided having a distributed root certifying authority 20. Messages received at the root certifying authority 20 are distributed to root certifying authority members 22-30 who attach partial signatures to the message using root key fragments. In the system and method provided, the system adapts to system events such as the addition or removal of key fragment holders, the need to modify key fragments, etc., by changing key fragments.

Abstract: A method for providing a warranty relating to a transaction between two parties, each party having a data communications device, in a system which includes an infrastructure composed of a plurality of locations each associated with a respective institution which provides services to clients, each location having a computer system, a database coupled to the computer system and storing information about each client of the institution and a data communications device coupled to the computer system for communication with the data communications device of any one party, each party being a client of at least one of the institutions, the method containing the steps of:

Abstract: A method for aiding transactions by providing warranties against various aspects of a transaction which may be hard to assure ahead of time or when high risk is involved in relying on them. The method employs an infrastructure of a computer and communication systems communication with various distributed organizations working together and providing warranties. Different parties may trust different organizations and user representatives of the infrastructure. A party in a transaction may ask for a warranty against another party. As a response, the infrastructure, through its organizations, calculates and provides a decision regarding the request. Relying on the warranty, the risk involved in conducting the electronic transaction is reduced. In the case where the transaction does not reach sound completion, the warranty can be claimed. The method also involves managing and administering the infrastructure, the entities in the transaction system and their outstanding warranties.

Abstract: The invention provides for robust efficient distributed generation of RSA keys. An efficient protocol is one which is independent of the primality test “circuit size”, while a robust protocol allows correct completion even in the presence of a minority of arbitrarily misbehaving malicious parties. The disclosed protocol is secure against any minority of malicious parties (which is optimal). The disclosed method is useful in establishing sensitive distributed cryptographic function sharing services (certification authorities, signature schemes with distributed trust, and key escrow authorities), as well as other applications besides RSA (namely: composite ElGamal, identification schemes, simultaneous bit exchange, etc.). The disclosed method can be combined with proactive function sharing techniques to establish the first efficient, optimal-resilience, robust and proactively-secure RSA-based distributed trust services where the key is never entrusted to a single entity (i.e.

Abstract: A multi-step signing system and method uses multiple signing devices to affix a single signature which can be verified using a single public verification key. Each signing device posesses a share of the signature key and affixes a partial signature in response to authorization from a plurality of authorizing agents. In a serial embodiment, after a first partial signature has been affixed, a second signing device exponentiates the first partial signature. In a parallel embodiment, each signing device affixes a partial signature, and the plurality of partial signatures are multiplied together to form the final signature. Security of the system is enhanced by distributing capability to affix signatures among a plurality of signing devices and by distributing authority to affix a partial signature among a plurality of authorizing agents.

Abstract: Proactive robust threshold schemes are presented for general "homomorphic-type" public key systems, as well as optimized systems for the RSA function. Proactive security employs dynamic memory refreshing and enables us to tolerate a "mobile adversary" that dynamically corrupts the components of the systems (perhaps all of them) as long as the number of corruptions (faults) is bounded within a time period. The systems are optimal-resilience. Namely they withstand any corruption of minority of servers at any time-period by an active (malicious) adversary (i.e., any subset less than half. Also disclosed are general optimal-resilience public key systems which are "robust threshold" schemes (against stationary adversary), and are extended to "proactive" systems (against the mobile one). The added advantage of proactivization in practical situations is the fact that, in a long-lived threshold system, an adversary has a long time (e.g., years) to break into any t out of the l servers.