Abstract: A method for validating a transaction transmitted on a distributed ledger system network includes receiving, by a first node of the distributed ledger system network, verification data associated with the transaction from a second node of the distributed ledger system network. The verification data includes a digital signature generated in a secure enclave of the second node. The first node integrates the verification data into a distributed ledger of the distributed ledger system network.

Abstract: A method for integrating a Proof of Storage (PoS) into a blockchain increases security, robustness and verifiability of a blockchain network. A part of the blockchain to be stored is received at a first one of a plurality of mining nodes of the blockchain network. The part of the blockchain is stored. Mining of the new block is bound to the stored data and performed so as to enforce that the mining nodes store different parts of the blockchain. The PoS is integrated into the new block. The PoS is verified before accepting the new block into the blockchain.

Abstract: A method for storing a data file of a client on a storage entity includes generating, by a proxy entity, a master encryption key; encrypting, by the client, the data file using the master encryption key to produce an encrypted file; computing a hash-tree for the encrypted file and using a top-hash of the hash-tree as a file identification (FID); and determining, by the proxy entity, whether the FID is already known to the storage entity. If the FID is not already known to the storage entity the method further includes computing, by the proxy entity, a top-hash of the encrypted file (PFID), and when the ownership of the data file has been proven, storing the FID being equal with the PFID at the client together with the hash value.

Abstract: The invention relates to a method for storing data in a relational database, comprising a plurality of tables, wherein the data is stored in these tables, wherein each row of each table is provided with an original primary key for identification, and wherein foreign keys are provided for cross-referencing different tables of the relational database, wherein the primary keys are encrypted, wherein the foreign keys are encrypted based on the encrypted primary keys and wherein for each table where a primary key is referenced as a foreign key an encrypted pointer is stored to link the corresponding encrypted foreign key to the encrypted primary key. The present invention further relates to a relational database server.

Abstract: A method for storing data at a cloud storage, wherein data of a user is stored at the cloud storage upon a user request, includes encrypting the data of the user; directing the user request to a data manager; and before an uploading of the encrypted data to the cloud storage, performing, by the data manager, a deduplication on the encrypted data, so that uploading of the data is only performed, if the data is not yet stored within the cloud storage.

Abstract: A method for authenticating a data stream includes selecting a number of data fragments of the data stream, defining at least two granularity levels for the selected data fragments, dividing each of the selected data fragments according to the granularity levels, generating a hierarchical authentication structure including elements representing hash values of the divided selected data fragments on the different granularity levels, selecting at least a portion of the hash values of the hierarchical authentication structure for transmission to a receiver, reconstructing the granularity value on the top level of the hierarchical authentication structure based on the transmitted hash values, and performing authentication of the data fragments of the data stream based on comparing the reconstructed value on the top granularity level of the hierarchical authentication structure with the signed value on the top granularity level of the generated hierarchical authentication structure.

Abstract: A method for storing data on a storage entity (SE) includes: computing a file identifier for a file to be stored on the SE; checking if the file has already been stored using the file identifier; generating a user-specific private and public identifier; updating or computing tags of the file by the client such that the updating or computing is homomorphic in the user-specific private identifier and in parts of the file; providing the user-specific public identifier, the updated tags and a proof of possession of the secret identifier to the SE; verifying the proof-of-possession; verifying validity of the tags; upon successful checking, storing a public identifier for the file incorporating the user-specific public identifier and the updated tags by the SE; and upon a case where it is determined that the file has not already been stored, storing the file.

Abstract: A system for authenticating a user accessing a device includes an authentication server and a ticket granting server. The authentication server is configured to generate a part of an authentication ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete authentication ticket, and to generate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key. The ticket granting server is configured to authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete authentication ticket.

Abstract: A method for storing data on a storage entity (SE) includes the steps of: (a) dividing a file to be stored into a plurality of chunks by a client; (b) computing a secret key for each of the chunks of the file; (c) computing for each of the chunks a chunk identifier by the client; (d) checking, by the SE, whether one or more of the chunks have already been stored based on the computed chunk identifiers; and (e) it a case where it is determined that one or more of the chunks have not already been stored, performing the following: encoding the corresponding chunks; computing chunk tags for the chunks using the computed secret key; and storing the encoded chunks and the chunk tags.

Abstract: A method for integrating a Proof of Storage (PoS) into a blockchain increases security, robustness and verifiability of a blockchain network. A part of the blockchain to be stored is received at a first one of a plurality of mining nodes of the blockchain network. The part of the blockchain is stored. Mining of the new block is bound to the stored data and performed so as to enforce that the mining nodes store different parts of the blockchain. The PoS is integrated into the new block. The PoS is verified before accepting the new block into the blockchain.

Abstract: A method for providing a proof-of-work includes computing, by a verification computing device (VCD), a first linear feedback shift register sequence (LFSR-S) using a first polynomial having a first degree and computing, by the VCD, a second LFSR-S based on a second polynomial. A challenge, generated by the VCD and using elements of the second LFSR-S, is transmitted to the PCD. The PCD recursively computes all elements of the first LFSR-S by using the elements and coefficients of the second LFSR-S. A solution for the received challenge is computed based on the computed elements of the first LFSR-S. A proof-of-work is provided by verifying, by the VCD, the transmitted solution by: recomputing a solution to the challenge using initial state parameters and coefficients of the first LFSR-S, and comparing the computed solution of the PCD with the recomputed solution of the VCD.

Abstract: A method for storing data in a cloud includes providing at least one data file to be stored together with a predefined number t of replicas of the at least one data file within the cloud, at least one authentication tag corresponding to the at least one data file and t functions that are configurable to take at least a predefined time to compute. The at least one data file, the at least one authentication tag and the t functions are transmitted to the cloud. The at least one data file is stored within the cloud and t solutions of the t functions are computed within the cloud. The t replicas of the at least one data file are generated based on the t solutions of the t functions and the at least one data file within the cloud. The t replicas are stored within the cloud.

Abstract: A method for preserving privacy within a communication system, wherein a location-based service concerning an area of interest is provided for at least one user by a database server and wherein location information represented by coordinates of objects and/or users and/or areas and/or queries, made to the location-based service, is concealed, includes concealing the location information by transforming coordinates by first splitting the area of interest up in tiles for providing at least one tiling of the area of interest, and then permuting the tiles by a pseudo-random permutation process.

Abstract: A system for authenticating a user accessing a device includes an authentication server and a ticket granting server. The authentication server is configured to generate a part of an authentication ticket which is combinable with at least one other part generated by at least one other authentication server to produce a complete authentication ticket, and to generate a part of a user session key which is combinable with at least one other part generated by the at least one other authentication server to produce a combined user session key. The ticket granting server is configured to authenticate the user by collaboratively, with at least one other ticket granting server, decrypting user request information using the combined user session key and comparing content of the decrypted user request information with the complete authentication ticket.

Abstract: A method for verifying information of a first data item in a plurality of different data items stored on a server includes a) generating a hash tree, b) computing an authentication path for the first data item based on a recomputation of the hash tree, wherein an authentication path comprises all siblings of tree nodes from the first data item to a root of the hash tree, e) recomputing the root-latish based on the first data item and a computed authentication path of the first data item and comparing the recomputed root-hash with the root-hash of the hash-tree of step a), d) determining a side element in leaves or a tree level above of the hash tree and its authentication path, and e) verifying the authentication path of the side dement.

Abstract: A method for storing a data file of a client on a storage entity includes generating, by a proxy entity, a master encryption key; encrypting, by the client, the data file using the master encryption key to produce an encrypted file; computing a hash-tree for the encrypted file and using a top-hash of the hash-tree as a file identification (FID); and determining, by the proxy entity, whether the HD is already known to the storage entity. If the FID is not already known to the storage entity the method further includes computing, by the proxy entity, a top-hash of the encrypted file (PFID), and when the ownership of the data file has been proven, storing the FID being equal with the PFID at the client together with the hash value.

Abstract: A method for managing data of devices using one or more computing entities includes encrypting, by one or more encrypting entities, the data based on encryption policies using encryption keys; storing the encrypted data as ciphertext at a storing entity; requesting decryption keys to decrypt the stored ciphertext by one or more clients; computing restricted decryption keys based on access right policies for the requesting clients by a security management entity; and providing the generated decryption keys to the requesting clients for decrypting the stored ciphertext.

Abstract: A method for accessing a device by a user connected to the device and to at least two servers in different networks includes collaboratively generating parts of an authentication ticket on the at least two servers, collaboratively generating parts of a user session key and encrypting a combined user session key, authenticating with the authentication ticket at a distributed ticket granting server by collaboratively decrypting user request information using the combined user session key and comparing its content with the authentication ticket, collaboratively generating an encrypted user-to-device ticket and an encrypted user-to-device session key, and accessing the device by the user using the encrypted user-to-device ticket and the user-to-device session key.

Abstract: A method for storing data at a cloud storage, wherein data of a user is stored at the cloud storage upon a user request, includes encrypting the data of the user; directing the user request to a data manager; and before an uploading of the encrypted data to the cloud storage, performing, by the data manager, a deduplication on the encrypted data, so that uploading of the data is only performed, if the data is not yet stored within the cloud storage.

Abstract: A method for proving retrievability (POR) of information is performed in a memory available to one or more computation devices, wherein credentials between a user device, a storing device and an auditing device between each pair of said devices are exchanged and used for communication between them. The method includes encoding information to be stored on the storing device by the user device or the auditing device, storing the encoded information on the storing device, verifying the correctness of the stored information by the auditing device using unpredictable random information, transmitting correctness information to the user device, the correctness information being secure and being generated based on the result of the verification by the auditing device, and validating the correctness information by the user device for proving retrievability of the stored information and the unpredictable random information.