Abstract: A method for authentication of a user towards a multi-node party includes at least two nodes. The user contacts the nodes of the multi-node party, via a user application, and each of the nodes of the multi-node party generates a nonce and returns the nonce to the user application. The user application requests authentication from an Identity Provider, based on the nonces received from the nodes of the multi-node party and on a unique identity of the user. The Identity Provider generates a message, based on the request for authentication, and provides the message to the user application. The user application provides the message in a secret form to each of the nodes of the multi-node party. The nodes of the multi-node party verify the message by means of a multi-party verifying operation, and the user is authenticated based on the multi-party verifying operation.

Abstract: A method and a system for providing a digital signature are disclosed. A private signature key is distributed among two or more nodes of a cold wallet. Each node of the cold wallet generates a pre-signature, based on its share(s) of the private signature key, and transmits the pre-signature to one of two or more pre-signature nodes. A signing application requests a signature and transmits a message to be signed to each of the pre-signature nodes. In response to receiving the request for a signature and the message to be signed, each pre-signature node generates a partial signature, based on its pre-signature and on the message to be signed. Each pre-signature node transmits its partial signature to the signing application, and the signing application computes a digital signature from the partial signatures.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.