Abstract: A computer-based system and method for performing an offline login to a local device, including: generating a pair of an auxiliary (AUX) public key and an AUX private key; receiving a password at the local device; reconstructing a symmetric key from a first value stored on the local device and a second value stored on an authenticator; encrypting the password with the AUX public key to obtain a locally encrypted password; encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key; and deleting the symmetric key, and when performing the offline login: reconstructing the symmetric key; decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key; decrypting the locally encrypted password with the AUX private key to obtain the password; and using the password to perform the offline login.

Abstract: A computer-based system and method for securing passwords, including: obtaining, by an authentication service, a plurality of public keys, each associated with one of a plurality of devices associated with a user; generating, by the authentication service, a password for the user; sending, by the authentication service, the password to a password management entity; encrypting, by the authentication service, the password with each of the public keys, thus generating a plurality of encrypted passwords, each encrypted with one of the public keys and associated with a device of the plurality of devices; and deleting the password by the authentication service.

Abstract: A method for establishing a fully private, information secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n, k) secret sharing. Further, defining for at least one node vi a directed edge (Vi1, Vi2) that has a k?1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

Abstract: A computer-based system and method for securing passwords, including: obtaining, by an authentication service, a plurality of public keys, each associated with one of a plurality of devices associated with a user; generating, by the authentication service, a password for the user; sending, by the authentication service, the password to a password management entity; encrypting, by the authentication service, the password with each of the public keys, thus generating a plurality of encrypted passwords, each encrypted with one of the public keys and associated with a device of the plurality of devices; and deleting the password by the authentication service.

Abstract: A system and method for validating an entity may include obtaining by at least a first system, a set of entity details related to the entity; associating with the entity, by the first system, a first trust level based on at least some of the entity details; and validating the entity based on the first trust level. A system and method for validating an entity may include providing at least one of first and second values to a respective at least one of first and second devices; providing the entity, by at least one of the first and second devices, with the at least one of first and second values; and using the at least one of first and second values, by the entity, to identify the entity to an identifying entity.

Abstract: A computer-based system and method for performing an offline login to a local device, including: generating a pair of an auxiliary (AUX) public key and an AUX private key; receiving a password at the local device; reconstructing a symmetric key from a first value stored on the local device and a second value stored on an authenticator; encrypting the password with the AUX public key to obtain a locally encrypted password; encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key; and deleting the symmetric key, and when performing the offline login: reconstructing the symmetric key; decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key; decrypting the locally encrypted password with the AUX private key to obtain the password; and using the password to perform the offline login.

Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.

Abstract: A system and method for validating an entity and sending secret shared public key for securely communicating data that may include providing first and second entities with an identical sequence of bits; encrypting data, by the first entity, using bits in a first portion of the identical sequence as an encryption key, to produce encrypted data; XORing the encrypted data based on bits in a second portion of the sequence to produce encrypted and XORed data; sending the encrypted and XORed data to the second entity; and using the sequence of bits, by the second entity, to un-XOR and decrypt the encrypted and XORed data.

Abstract: A system and method for securing a communication channel may include obtaining a first value by first and second devices. A second value may be randomly selected by the first device and may be provided to the second device. The first and second devices may independently from one another apply a function to the first and second values and may use a result of the function to secure and authenticate a communication channel between the first and second devices.

Abstract: A system and method for encrypting metadata in a communication system, including defining paths from a source node to a destination node through intermediate nodes and anchor nodes; dividing messages and sending a portion in each path by: dividing the path into sub-paths, where each two contiguous sub-paths are connected by an anchor node; calculating a secret value including a list of nodes of a first sub-path and an encrypted form of a remaining portion of the path; calculating a first random point on a linear line connecting a first metadata share of a symmetric key of the source node and a first intermediate node, and a metadata share including a second x-value of the symmetric key of the source node and the first intermediate node in the path and the secret value; and sending the portion together with the first random point to the first intermediate node.

Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.

Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.

Abstract: A system and method for encrypting metadata in a communication system, including defining paths from a source node to a destination node through intermediate nodes and anchor nodes; dividing messages and sending a portion in each path by: dividing the path into sub-paths, where each two contiguous sub-paths are connected by an anchor node; calculating a secret value including a list of nodes of a first sub-path and an encrypted form of a remaining portion of the path; calculating a first random point on a linear line connecting a first metadata share of a symmetric key of the source node and a first intermediate node, and a metadata share including a second x-value of the symmetric key of the source node and the first intermediate node in the path and the secret value; and sending the portion together with the first random point to the first intermediate node.

Abstract: A system and method for validating an entity and sending secret shared public key for securely communicating data that may include providing first and second entities with an identical sequence of bits; encrypting data, by the first entity, using bits in a first portion of the identical sequence as an encryption key, to produce encrypted data; XORing the encrypted data based on bits in a second portion of the sequence to produce encrypted and XORed data; sending the encrypted and XORed data to the second entity; and using the sequence of bits, by the second entity, to un-XOR and decrypt the encrypted and XORed data.

Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.

Abstract: A system and method for providing secure communication between a source and a destination that is secured by secret sharing, during a vulnerability window in which all secret shares are collected in one or more points along the communication paths. Accordingly, during the regular operation of the communication protocol, a common random secret OTP is created by sending random bits from the sender to the receiver and the source is allowed to perform bitwise XOR operation between the information to be sent and the common random secret OTP, prior to using secret sharing. The results of the bitwise XOR operation are sent to the destination using secret sharing and the destination reconstructs the random secret and decrypts the received data, using the common established random secret. The common random secret is based on polynomial randomization being transferred from the source to the destination using secret sharing.

Abstract: A method for establishing a fully private, information theoretically secure interconnection between a source and a destination over a data network with at least a portion of a public infrastructure. The method comprising at the source creating n shares of a source data according to a predetermined secret sharing scheme, and encrypting the n shares using (n,k) secret sharing. Further, defining for at least one node vi a directed edge (vi1, vi2) that has a k?1 capacity. All outgoing links of vi are connected to vi2. Additionally, using a maximum flow algorithm to define the maximum number of shares outgoing from vi2, and therefore from vi, on each outgoing link. The number of shares forwarded by node vi does not exceed the number of maximum shares that were defined by the maximum flow algorithm.

Abstract: A method for establishing a fully private, information theoretically secure interconnection between a source and a destination, over an unmanaged data network with at least a portion of a public infrastructure. Accordingly, n shares of the source data are created at the source according to a predetermined secret sharing scheme and the shares are sent to the data network, while encrypting the sent data using (n,k) secret sharing. A plurality of intermediating nodes are deployed in different locations over the network, to create a plurality of fully and/or partially independent paths in different directions on the path from the source to the destination, and with sufficient data separation. Then, the shares are sent over the plurality of fully and/or partially independent paths while forcing shares' carrying packets to pass through selected intermediate nodes, such that no router at any intermediating nodes intercepts k or more shares.

Abstract: A system and method for signing a message and establishing a symmetric key between two entities. A plurality of leaves are generated, each including public and private values of a Lamport signature; a plurality of trees are generated each including a subgroup of leaves; leaves of a first nested tree are used for signing messages sent to a second entity. If a first nested tree is exhausted, then a leaf of a following tree is used for signing and a root of the following tree together with an auxiliary value are published, the auxiliary value enabling the second entity to verify that the root of the following tree was generated by the first entity. The symmetric key is generated using a modified Merkel puzzle including a plurality of rows, each including a plurality of hashed values. The modified Merkel puzzle may be signed using a leave of a nested tree.

Abstract: A system and method for validating an entity may include obtaining by at least a first system, a set of entity details related to the entity; associating with the entity, by the first system, a first trust level based on at least some of the entity details; and validating the entity based on the first trust level. A system and method for validating an entity may include providing at least one of first and second values to a respective at least one of first and second devices; providing the entity, by at least one of the first and second devices, with the at least one of first and second values; and using the at least one of first and second values, by the entity, to identify the entity to an identifying entity.