Abstract: Described herein are methods and systems for creating a framework that allows the creation of Secret Interest Groups (SIGs) in Online Social Networks. SIGs are self-managed groups formed outside of the social network, around secret, sensitive, or private topics. A set of cryptographic algorithms are used for the framework implementation.

Abstract: Performing an untraceable secret matching between a first credential associated with a first property of a first user and a second credential associated with a second property of a second user includes receiving the first credential, receiving a matching reference formed so the first user can detect a matching of the first property with a remote property from a credential of another user, supplying a first nonce value to the second user, receiving a hidden version of the second credential from the second user formed by the second user on the basis of the second credential, the first nonce value supplied by the first user and a random value locally generated on a side of the second user, and performing the matching by combining the first credential and the received hidden credential with the first nonce value and comparing the combination with the matching reference.

Abstract: Performing an untraceable secret matching between a first credential associated with a first property of a first user and a second credential associated with a second property of a second user includes receiving the first credential, receiving a matching reference formed so the first user can detect a matching of the first property with a remote property from a credential of another user, supplying a first nonce value to the second user, receiving a hidden version of the second credential from the second user formed by the second user on the basis of the second credential, the first nonce value supplied by the first user and a random value locally generated on a side of the second user, and performing the matching by combining the first credential and the received hidden credential with the first nonce value and comparing the combination with the matching reference.

Abstract: A robust and secure password (or key) change method between a user and an authentication server in a distributed communication network is disclosed. The protocol requires the exchange of only two messages between the user desiring the key change and the server, the user's request including, at least partly encrypted, an identification of the sending user, old and new keys, and two nonces, at least one including a time indication. The authentication server's response includes a possibly encrypted accept/reject indication and the regularly encrypted request from the user.

Abstract: A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.

Abstract: This invention relates to a novel smartcard-based authentication technique using a smartcard that encrypts the time displayed on the card with a secret, cryptographically strong key. The (public) work station receives as input certain values defining the user, the card and a particular value derived from the encrypted time and encrypts and/or transmits these values to the server. The server, in turn, computes from received values some potential values and compares these to other received values. If the server determines a match, an accept signal is transmitted to the work station.

Abstract: An arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B transmits a first response and second challenge N2 to A. A verifies the first response. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum formf(S1, N1, . . . ),and the second response must be of the minimum formg(S2, N2, . . . ).S1 and S2 are shared secrets between A and B. f() and g() are selected such that the equationf'(s1,N1', . . . )=g(S2, N2)cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of the flow of the message containing f(), as in f(s1, N1, D1, . . . ). In such a case, f() is selected such that the equationf'(S,N1',D1', . . . )=f(S, N2, D1, .