Abstract: A method for authentication of a user towards a multi-node party includes at least two nodes. The user contacts the nodes of the multi-node party, via a user application, and each of the nodes of the multi-node party generates a nonce and returns the nonce to the user application. The user application requests authentication from an Identity Provider, based on the nonces received from the nodes of the multi-node party and on a unique identity of the user. The Identity Provider generates a message, based on the request for authentication, and provides the message to the user application. The user application provides the message in a secret form to each of the nodes of the multi-node party. The nodes of the multi-node party verify the message by means of a multi-party verifying operation, and the user is authenticated based on the multi-party verifying operation.

Abstract: A method for providing a digital signature to a message, M, in accordance with a digital signature algorithm (DSA) or an elliptic curve digital signature algorithm (ECDSA) is disclosed. A secret key, x, is generated as a random secret sharing [x] among at least two parties, such as among at least three parties. Random secret sharings, [a] and [k], are generated among the at least two parties and [w]=[a][k], R=gk and W=Ra are computed and their correctness verified. [w] is verified by checking whether or not gw=W. The message, M, is signed by generating a sharing, [s], among the at least two parties, using at least M, [w], R and [x].

Abstract: A method for restoring a distributed secret key from a backup storage such that an original secret key is generated and distributed among two or more servers. A first server creates a backup containing at least the share of the original secret key which is held by the first server. The servers refresh the original secret key at least once. During each refresh the servers generate a refreshed distributed secret key and a distributed difference between the previous secret key and the refreshed secret key. The first server restores its share of the original secret key from the backup and requests the accumulated secret version of its share of the difference from the other servers and restores its share of the latest refreshed secret key from the received accumulated secret version and the restored share of the original secret key.

Abstract: A method and a system for providing a digital signature are disclosed. A private signature key is distributed among two or more nodes of a cold wallet. Each node of the cold wallet generates a pre-signature, based on its share(s) of the private signature key, and transmits the pre-signature to one of two or more pre-signature nodes. A signing application requests a signature and transmits a message to be signed to each of the pre-signature nodes. In response to receiving the request for a signature and the message to be signed, each pre-signature node generates a partial signature, based on its pre-signature and on the message to be signed. Each pre-signature node transmits its partial signature to the signing application, and the signing application computes a digital signature from the partial signatures.

Abstract: A method for providing a digital signature to a message, M, in accordance with a digital signature algorithm (DSA) or an elliptic curve digital signature algorithm (ECDSA) is disclosed. A secret key, x, is generated as a random secret sharing [x] among at least two parties, such as among at least three parties. Random secret sharings, [a] and [k], are generated among the at least two parties and [w]=[a][k], R=gk and W=Ra are computed and their correctness verified. [w] is verified by checking whether or not gw=W. The message, M, is signed by generating a sharing, [s], among the at least two parties, using at least M, [w], R and [x].

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.

Abstract: A system and a method for managing confidential data in a cloud service is provided. The system comprises a cryptographic key service comprising two or more cryptographic key servers, Si, each being arranged to compute file encryption keys, kj, on the basis of information regarding data and using one or more cryptographic keys, Kj. The cryptographic keys, Kj, are secretly shared among the cryptographic key servers, Si, and none of the cryptographic key servers, Si, possesses knowledge of all of the cryptographic keys, Kj. A single point of trust at the cryptographic key service is avoided.