Patents by Inventor Jan L. Camenisch

Jan L. Camenisch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12056719
    Abstract: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
    Type: Grant
    Filed: April 4, 2022
    Date of Patent: August 6, 2024
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Emmanuel Delamarche, Eduarda Freire-Stögbuchner, Onur Goekce
  • Patent number: 11728991
    Abstract: Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypted one-time-pad key and sends the ciphertext to the receiver system.
    Type: Grant
    Filed: May 28, 2019
    Date of Patent: August 15, 2023
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Patrick Towa
  • Patent number: 11646870
    Abstract: A computer-implemented method for protecting a mobile device against unauthorized access may be provided. The method comprises encrypting the user data stored in a volatile memory of the mobile device if the mobile device is switched to a locked status, and decrypting the user data stored in the volatile memory if the mobile device is switched from the locked status into an unlocked status.
    Type: Grant
    Filed: January 23, 2019
    Date of Patent: May 9, 2023
    Assignee: International Business Machines Corporation
    Inventors: Cecilia Boschini, Jan L. Camenisch, Tommaso Gagliardoni, Kai Wilhelm Samelin
  • Publication number: 20220230187
    Abstract: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
    Type: Application
    Filed: April 4, 2022
    Publication date: July 21, 2022
    Inventors: Jan L. Camenisch, Emmanuel Delamarche, Eduarda Freire-Stögbuchner, Onur Goekce
  • Patent number: 11379825
    Abstract: A method and system for enabling performance of a transaction. A first representation of a transaction policy, which depicts transaction policy options for fulfilling the transaction policy is displayed by a client computer. After a user selects a first transaction policy option, the client computer displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client computer displays evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client computer sends to a server transaction enablement information that includes evidence dictated by the selected evidence options to enable the server to perform the transaction.
    Type: Grant
    Filed: February 22, 2019
    Date of Patent: July 5, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Abhi A. Shelat, Dieter M. Sommer, Roger D. Zimmermann
  • Patent number: 11301590
    Abstract: An example operation may include one or more of connecting to a blockchain configured to store transactions executed by the participating node, executing a transaction to produce a transaction trail, assigning a transaction identifier (ID) to the transaction, generating a transaction tag based on the transaction ID, and sending to the blockchain the transaction tag and the transaction trail to be entered into the blockchain.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: April 12, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Manu Drijvers
  • Patent number: 11295317
    Abstract: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: April 5, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Emmanuel Delamarche, Eduarda Freire-Stögbuchner, Onur Goekce
  • Patent number: 11240001
    Abstract: An example operation may include one or more of connecting, by a participating node, to a blockchain configured to store user assets, receiving, by the participating node, login data from a user, receiving, by the participating node, an asset transfer request from the user identified by the login data, the asset transfer request including identification data of an asset recipient, confirming, by the participating node, that the user is an owner of the asset based on a previous asset transfer transaction associated with the user, verifying, by the participating node, integrity and validity of the asset based on blockchain records, determining, by the participating node, that the asset recipient is a registered user of the blockchain, in response to the determining, by the participating node, that the asset recipient is the registered user of the blockchain, encrypting, by the participating node, an asset transfer transaction by a public key associated with a private key of an auditor; and providing, by the par
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: February 1, 2022
    Assignee: International Business Machines Corporation
    Inventors: Kaoutar Elkhiyaoui, Elli Androulaki, Angelo De Caro, Maria Dubovitskaya, Jan L. Camenisch
  • Patent number: 11210679
    Abstract: Methods are provided for producing an authenticated packaged product. A digital signature, dependent on unique message data for the product, is generated via a digital signature scheme using a secret signing key. The message data is provided on at least one of the product and packaging. The digital signature is provided on the other of the product and packaging, and the product is packed in the packaging. The digital signature can be generated via a fuzzy-message digital signature scheme having a verification algorithm for verifying the digital signature in relation to fuzzy data within a predetermined difference measure of the message data. Methods and systems for authenticating such packaged products are also provided.
    Type: Grant
    Filed: December 30, 2017
    Date of Patent: December 28, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Emmanuel Delamarche, Eduarda Freire-Stögbuchner, Onur Goekce
  • Patent number: 11194921
    Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.
    Type: Grant
    Filed: November 25, 2019
    Date of Patent: December 7, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christian Cachin, Jan L. Camenisch, Eduarda Freire Stögbuchner, Anja Lehmann
  • Patent number: 11177957
    Abstract: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: November 16, 2021
    Assignee: International Business Machines Corporation
    Inventors: Tamas Visegrady, Jan L. Camenisch, Manu Drijvers, Silvio Dragone
  • Patent number: 11032068
    Abstract: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: June 8, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Maria Dubovitskaya, Patrick Towa
  • Patent number: 11012243
    Abstract: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
    Type: Grant
    Filed: April 3, 2019
    Date of Patent: May 18, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Anja Lehmann, Gregory Neven
  • Patent number: 10915552
    Abstract: An example operation may include one or more of receiving a signed transaction from a blockchain member device, responsive to receiving the signed transaction, identifying a credential assigned to the blockchain member device, and the credential certifies a public key is assigned to the blockchain member device and was used to sign the signed transaction, determining whether to commit the signed transaction to a blockchain based on the credential, and responsive to determining to commit the signed transaction based on the credential, storing the signed transaction anonymously in the blockchain.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: February 9, 2021
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Manu Drijvers, Maria Dubovitskaya
  • Patent number: 10911242
    Abstract: Methods are provided for authenticating a container of items to be sent by a sender to a receiver. The method includes: packing a plurality of items, each having a respective item identifier, in the container; providing a container identifier on the container; and generating a first digital signature by signing a message, comprising the container identifier and each item identifier, using a secret signing key skS of a signing-verification key pair (skS, pkS) of a digital signature scheme. The method further comprises providing the first digital signature for access by the receiver, and sending the container to the receiver. A corresponding verification method comprises accessing the first digital signature, and verifying the first digital signature for the container identifier and the item identifier for each item in the container using the verification key pkS of the sender key pair (skS, pkS).
    Type: Grant
    Filed: May 29, 2018
    Date of Patent: February 2, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jan L. Camenisch, Emmanuel Delamarche, Eduarda Freire Stögbuchner, Onur Gökçe
  • Publication number: 20200396075
    Abstract: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution.
    Type: Application
    Filed: June 12, 2019
    Publication date: December 17, 2020
    Inventors: Tamas Visegrady, Jan L. Camenisch, Manu Drijvers, Silvio Dragone
  • Publication number: 20200382287
    Abstract: Privacy-preserving leakage-deterring public-key encryption techniques are provided. A sender system sends to an authority system a commitment to leakage-deterring-data, and proves in zero-knowledge that the sender system has access to an opening to the commitment. The sender system receives a signature corresponding to a signed commitment to the leakage-deterring-data and an identifier of the sender system. The sender system encrypts a message to a receiver system by applying a one-time pad to the message using a one-time-pad key, and encrypts the result of the application with the public key of the receiver system. The sender system encrypts the one-time-pad key with an attribute-based encryption scheme, the attributes including predefined time period data and a receiver system identifier, with a public key of an oblivious decryptor system. The sender system forms a ciphertext from a combination of the encrypted message and the encrypting one-time-pad key and sends to the receiver system.
    Type: Application
    Filed: May 28, 2019
    Publication date: December 3, 2020
    Inventors: Jan L. CAMENISCH, Maria Dubovitskaya, Patrick Towa
  • Patent number: 10826694
    Abstract: The present disclosure relates to a method for using a secret key for cryptographically processing a data item in an enclave enabled system. The method comprises: computing a first set of shares of the secret key and storing them in an encrypted format. Each encrypted share may be sent to respective component in a first set of components. In response to sending the encrypted shares, a modified encryption of the respective share may be received from each of the first set of components. Each of the received modified encryptions may be encrypted and the resulting modified share is sent to the respective first set of components. In response to sending the decrypted modified shares, a data item cryptographically processed using the respective share may be received from each of the first set of components. The received data items may be combined to obtain a cryptographically processed data item.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: November 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Jan L. Camenisch, Manu Drijvers, Anja Lehmann, Kai Wilhelm Samelin
  • Patent number: 10754970
    Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.
    Type: Grant
    Filed: January 27, 2017
    Date of Patent: August 25, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christian Cachin, Jan L. Camenisch, Eduarda Freire Stögbuchner, Anja Lehmann
  • Patent number: 10740484
    Abstract: Data masking is provided by, for at least one predetermined data item in data to be sent, applying a one-way function to that data item to produce a first value, producing a masked data item by encrypting the first value via a deterministic encryption scheme using a current encryption key for a current epoch, and replacing that data item by the masked data item. A data-provider computer sends the masked data to the data-user computer. On expiry of the current epoch, the data-provider computer generates a new encryption key for the encryption scheme in a new epoch, produces mask-update data, dependent on the current and new encryption keys, and sends the mask-update data to the data-user computer. The mask-update data permits updating, at the data-user computer, of masked data items produced with the current encryption key into masked data items produced with the new encryption key.
    Type: Grant
    Filed: November 1, 2017
    Date of Patent: August 11, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Christian Cachin, Jan L. Camenisch, Eduarda Freire Stögbuchner, Anja Lehmann