Abstract: A method for cryptographic key provisioning includes, via a main authentication server (MAS), generating a first secret key and registering a client by performing a first portion of a first instance of a distributed threshold oblivious pseudo-random function. The first instance of the function results in the client obtaining a root secret key and the MAS obtaining a corresponding root public key. The method includes authenticating the client to the MAS by performing a first portion of a second instance of the distributed threshold oblivious pseudo-random function. The second instance of the function results in the client obtaining the root secret key. Information stored by the client, the first secret key, and a second secret key generated by a support authentication server are inputs to at least one of the first and second instances of the distributed threshold oblivious pseudo-random function.
Type:
Grant
Filed:
March 27, 2020
Date of Patent:
April 5, 2022
Assignees:
NEC LABORATORIES EUROPE GMBH, IMDEA SOFTWARE INSTITUTE
Inventors:
Claudio Soriente, Antonio Faonio, Maria Isabel Gonzalez Vasco, Angel Perez del Pozo