Abstract: According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, corresponding methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: According to various embodiments, a method for code-based generation of a key pair for asymmetric cryptography is described including generating a private key defining a linear code, determining a parity check or generator matrix for the linear code, blinding a sub-matrix of the parity check or generator matrix, generating a blinded inverse matrix by inverting the blinded sub-matrix or by inverting a quadratic matrix contained in the blinded sub-matrix, de-blinding the blinded inverse matrix to generate an inverse matrix and generating a public key for the private key using the inverse matrix.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, corresponding methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: A method is described for checking a Generalized Discrete Fourier Transform (GDFT) operation on a secured domain, the method comprising (i) calculating a first checksum based on an input, (ii) determining a result of an GDFT-based operation based on the input, (iii) calculating a second checksum based on the result, (iv) comparing the first checksum and the second checksum and (v) proceeding if the first checksum correspond to the second checksum and otherwise triggering a predefined action if the first checksum does not correspond to the second checksum. Also, an according security device is provided.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device.

Abstract: A pseudonymous Diffie-Hellman protocol is provided by means of a combination of the CA protocol with the RI protocol. According to the invention the determining of the pseudonym from the RI protocol and the forming of the secure communication channel from the CA protocol occur substantially in parallel. According to the invention there is likewise employed a group key for the CA part of the protocol according to the invention. Due to the configuration of the protocol according to the invention it is not possible, in contrast to the known protocols, for an attacker who should succeed in establishing the group key of a portable data carrier according to the invention, to generate the pseudonym of another user.

Abstract: A pseudonymous Diffie-Hellman protocol is provided by means of a combination of the CA protocol with the RI protocol. According to the invention the determining of the pseudonym from the RI protocol and the forming of the secure communication channel from the CA protocol occur substantially in parallel. According to the invention there is likewise employed a group key for the CA part of the protocol according to the invention. Due to the configuration of the protocol according to the invention it is not possible, in contrast to the known protocols, for an attacker who should succeed in establishing the group key of a portable data carrier according to the invention, to generate the pseudonym of another user.

Abstract: A method for securely storing data on a terminal by means of a portable data carrier, wherein an attribute vector and a master key are deposited on the portable data carrier. The method comprises deriving a key from a predicate and the master key by means of a key derivation function, wherein the predicate is a Boolean function of the attribute vector; encrypting the data with the key; and storing the encrypted data together with the predicate on the terminal. Another method comprises: extracting the predicate from the encrypted data and the predicate; applying the predicate to the attribute vector; and if the attribute vector satisfies the predicate, deriving the key from the predicate and the master key by means of the key derivation function and decrypting the encrypted data.