Abstract: A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute.

Abstract: The present disclosure relates to a cryptographic method for enabling access by a user device to services provided by a server in a set of reference areas. The method comprises at the user device: obtaining a set of reference credentials of the server certifying data indicating the reference areas; obtaining a location credential certifying location data indicating the current location of the user device; generating an authentication token comprising a cryptographic proof for proving that the current location of the user device certified by the location credential matches at least one reference area certified by the set of reference credentials; sending the authentication token to the server for accessing the services by the user device in the at least one reference area.

Abstract: A server system for implementing a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol, whereby the new virtual machine receives the new set of keys and state information sent by the refresh server; and the new virtual machine assumes operation as the current virtual machine for the new time period and stores state information for that time period in the memory.

Abstract: A server system for implementing a distributed cryptographic protocol includes a machine management server which comprises a current virtual machine configured to implement the protocol using a set of communication keys and state information for the protocol. The system further includes a memory and a refresh server. The system is configured, for each of successive new time periods in operation of the protocol, to perform a refresh operation wherein: the refresh server retrieves the state information from the memory, generates a new set of communication keys, and sends the state information and new set of keys to the machine management server; the machine management server configures a new virtual machine for implementing the protocol, whereby the new virtual machine receives the new set of keys and state information sent by the refresh server; and the new virtual machine assumes operation as the current virtual machine for the new time period and stores state information for that time period in the memory.

Abstract: A method for deriving a verification token from a credential may be provided. The credential may be a set of attributes certified by an issuer to a user using a public key of the issuer. The method may comprise generating the verification token out of the credential and binding the verification token to a context string, wherein the verification token may comprise at least one commitment. A commitment may be a blinded version of an attribute. The method may also comprise generating an opening key for the verification token enabling a generation of a confirmation for a validity of the attribute.

Abstract: A method for managing unlinkable database user identifiers includes distributing to a first database a first encrypted user identifier, a first database identifier, and a first database user identifier; distributing to a second database a second encrypted user identifier, a second database identifier, and a second database user identifier; receiving from the first database a third encryption and a fourth encryption, the third encryption being formed from the first encrypted user identifier, the second database identifier, and a message comprised in the fourth encryption; decrypting the third encryption thereby obtaining a decrypted value; deriving a blinded user identifier from the decrypted value; and sending the encrypted blinded user identifier and the fourth encrypted value to the second server thereby enabling the second server to compute the second database user identifier from the encrypted blinded database user identifier and the decrypted fourth encrypted value.

Abstract: One of n?2 servers, connectable via a network, implements a cryptographic protocol using a secret key K which is shared between the n servers, and includes first and second server compartments. The first is connectable to the network, adapted to implement the cryptographic protocol, and stores a current key share of the secret key K. The second is inaccessible from the network in the operation of the server, stores a set of master keys, and is adapted, for each of successive time periods, to unilaterally generate a new key share of the secret key K and to supply it to the first as the current key share for that time period. The new key share includes a random share of a predetermined value p which is shared between the n servers, and the random share includes a function of the set of master keys.

Abstract: Computer-implemented methods are provided for communicating message data from a sender computer to a receiver computer via a network. The sender computer encrypts the message data in dependence on a cryptographic key to produce a ciphertext, and establishes an access password for the ciphertext with a host computer connected to the network. The sender computer sends the ciphertext via the network to the host computer, and sends an email, containing the cryptographic key in cleartext, to the receiver computer via the network. The cryptographic key comprises a random cryptographic value which is independent of the access password. The host computer receives the ciphertext from the sender computer and stores the ciphertext in association with the access password. The receiver computer receives the email from the sender computer and sends an access request for the ciphertext, and an input password, to the host computer via the network.

Abstract: Methods and computerized units grant network access to any one of multiple devices of the same owner. Each of the multiple devices has been previously associated with an owner at an authentication server, whereby device keys for authenticating said multiple devices are stored on the authentication server. Also, said owner has previously been authorized to access the network, such that an owner ID for this owner is stored on the authentication server. In embodiments, present methods comprise, at the authentication server: receiving a network access request for a device to connect to a network, said device being one of the multiple devices; and upon authenticating said device based on a device key associated with this device at the authentication server, confirming that network access can be granted for the device if said owner ID is confirmed to be associated with said device at the authentication server.

Abstract: Aspects relate to a computer implemented anonymous credential method for credential abuse prevention and efficient revocation. The method includes acquiring a credential from an issuer at a user, registering the user and credential with an oblivious monitor, generating a user presentation token at the user using the credential, requesting presentation with the oblivious monitor by the user, wherein the user presentation token is transmitted to the oblivious monitor, verifying the user presentation token, wherein presentation is aborted if verification fails, transmitting, from the oblivious monitor, an oblivious monitor presentation token portion to the user in response to the verification passing, transmitting a combined presentation token to a verifier, wherein the combined presentation token includes the user presentation token and the oblivious monitor presentation token portion, and verifying the combined presentation token at the verifier.

Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.

Abstract: An approach for authenticating a user computer, connectable to a mobile network includes a computing device retrieving an attribute credential, the attribute credential certifying a set of user attributes, a device identifier for identifying the user computer to the mobile network, a location credential, the location credential certifying a device identifier and location data indicating a location of the user computer determined by the mobile network. The approach includes a computer producing an authentication token comprising the attribute credential, the location credential, the location data and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential.

Abstract: In an approach for authenticating a user computer, connectable to a mobile network, a computer retrieves an attribute credential, the attribute credential certifying a set of user attributes and a device identifier for identifying the user computer to the mobile network. The computer requests a location credential, the location credential certifying a device identifier and location data indicating a current location of the user computer determined by the mobile network. Additionally, the computer produces an authentication token comprising the attribute credential, the location credential, the location data, and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential. Furthermore, the computer sends the authentication token for authentication.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: The invention relates to a computer-implemented method for handling revocation statuses of credentials, the method including: an issuing computer transmitting a public key to user and verifying computers, a revocation computer sending revocation parameters to user and verifying computer devices, issuing credentials to a user computer by an issuing computer, verifying issued credentials by the user computer, transmitting updated revocation information to the revocation computer by the verifying computer, updating provisional revocation status information by the revocation computer, updating revocation status information by the revocation computer, transmitting updated revocation information to a revocation computer by a verifying computer, updating provisional revocation status information by the revocation computer, transmitting updated revocation status information to the user and verifying computers by the revocation computer, creating a presentation token by the user computer, transmitting the presentation

Abstract: The invention relates to an obfuscated program logic of machine executable instructions and a hardcoded cryptographic signing key. The obfuscated program logic further comprising a hardcoded first attribute value wherein execution of the machine executable instructions by the processor causes the obfuscated program logic to receive a request and in response to receiving the request evaluate whether the request is related to the hardcoded first attribute value. In case the request is related to the hardcoded first attribute value, then computing with the hardcoded first attribute value a response to the request and computing with the cryptographic signing key a signature, wherein the signature certifies the request for which the response was computed and certifies the authenticity of the response. Then generating and returning a presentation token comprising the response and the signature, and providing the presentation token to a receiver computer system.

Abstract: A method for managing unlinkable database user identifiers includes distributing to a first database a first encrypted user identifier, a first database identifier, and a first database user identifier; distributing to a second database a second encrypted user identifier, a second database identifier, and a second database user identifier; receiving from the first database a third encryption and a fourth encryption, the third encryption being formed from the first encrypted user identifier, the second database identifier, and a message comprised in the fourth encryption; decrypting the third encryption thereby obtaining a decrypted value; deriving a blinded user identifier from the decrypted value; and sending the encrypted blinded user identifier and the fourth encrypted value to the second server thereby enabling the second server to compute the second database user identifier from the encrypted blinded database user identifier and the decrypted fourth encrypted value.

Abstract: Public key encryption methods and apparatus are provided for encrypting secret data under a public key in a data processing system (1). The secret data is provided as a message (m) comprising at least one element of a pair of base groups G1, G2 satisfying a bilinear map ê: G1×G2?GT where GT is a target group. The message (m) is encrypted using the public key to produce an encrypted message (c). A consistency component (v) is generated using the encrypted message (c) and the bilinear map whereby the consistency component (v) permits validation of the encrypted message without revealing the encrypted message. The output ciphertext (ct) comprises the encrypted message (c) and the consistency component (v).

Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.

Abstract: In an approach for authenticating a user computer, connectable to a mobile network, a computer retrieves an attribute credential, the attribute credential certifying a set of user attributes and a device identifier for identifying the user computer to the mobile network. The computer requests a location credential, the location credential certifying a device identifier and location data indicating a current location of the user computer determined by the mobile network. Additionally, the computer produces an authentication token comprising the attribute credential, the location credential, the location data, and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential. Furthermore, the computer sends the authentication token for authentication.