Abstract: A method for authentication of a user towards a multi-node party includes at least two nodes. The user contacts the nodes of the multi-node party, via a user application, and each of the nodes of the multi-node party generates a nonce and returns the nonce to the user application. The user application requests authentication from an Identity Provider, based on the nonces received from the nodes of the multi-node party and on a unique identity of the user. The Identity Provider generates a message, based on the request for authentication, and provides the message to the user application. The user application provides the message in a secret form to each of the nodes of the multi-node party. The nodes of the multi-node party verify the message by means of a multi-party verifying operation, and the user is authenticated based on the multi-party verifying operation.

Abstract: A method for providing a digital signature to a message, M, in accordance with a digital signature algorithm (DSA) or an elliptic curve digital signature algorithm (ECDSA) is disclosed. A secret key, x, is generated as a random secret sharing [x] among at least two parties, such as among at least three parties. Random secret sharings, [a] and [k], are generated among the at least two parties and [w]=[a][k], R=gk and W=Ra are computed and their correctness verified. [w] is verified by checking whether or not gw=W. The message, M, is signed by generating a sharing, [s], among the at least two parties, using at least M, [w], R and [x].

Abstract: A method for providing a digital signature to a message, M, in accordance with a digital signature algorithm (DSA) or an elliptic curve digital signature algorithm (ECDSA) is disclosed. A secret key, x, is generated as a random secret sharing [x] among at least two parties, such as among at least three parties. Random secret sharings, [a] and [k], are generated among the at least two parties and [w]=[a][k], R=gk and W=Ra are computed and their correctness verified. [w] is verified by checking whether or not gw=W. The message, M, is signed by generating a sharing, [s], among the at least two parties, using at least M, [w], R and [x].

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.