-
公开(公告)号:US11646870B2
公开(公告)日:2023-05-09
申请号:US16255346
申请日:2019-01-23
CPC分类号: H04L9/0822 , G06F21/602 , H04L9/0894 , H04L9/14 , H04L9/3073 , H04L9/3226
摘要: A computer-implemented method for protecting a mobile device against unauthorized access may be provided. The method comprises encrypting the user data stored in a volatile memory of the mobile device if the mobile device is switched to a locked status, and decrypting the user data stored in the volatile memory if the mobile device is switched from the locked status into an unlocked status.
-
公开(公告)号:US11177957B2
公开(公告)日:2021-11-16
申请号:US16438759
申请日:2019-06-12
IPC分类号: H04L9/32
摘要: Hardware security modules for executing zero-knowledge proofs are provided. Such a module includes multiple computational engines for executing respective primitive operations of zero-knowledge proofs, and memory storing multiple data-flow graphs. Each data-flow graph defines computational functionality of a respective one of the proofs, and comprises a set of nodes, each representing a said primitive operation, interconnected by edges representing input/output data of nodes. At least edges which represent security-sensitive data are indicated by edge-labels in the graphs. The module further comprises a set of registers, comprising at least a subset of secure registers, for storing data during execution of proofs, and a processor configured to control execution, using said engines, of proofs defined by the set of dataflow graphs such that data corresponding to a security-sensitive edge in a graph is stored in a secure register during execution. Corresponding methods and computer program products are also provided.
-
公开(公告)号:US10911242B2
公开(公告)日:2021-02-02
申请号:US15991574
申请日:2018-05-29
摘要: Methods are provided for authenticating a container of items to be sent by a sender to a receiver. The method includes: packing a plurality of items, each having a respective item identifier, in the container; providing a container identifier on the container; and generating a first digital signature by signing a message, comprising the container identifier and each item identifier, using a secret signing key skS of a signing-verification key pair (skS, pkS) of a digital signature scheme. The method further comprises providing the first digital signature for access by the receiver, and sending the container to the receiver. A corresponding verification method comprises accessing the first digital signature, and verifying the first digital signature for the container identifier and the item identifier for each item in the container using the verification key pkS of the sender key pair (skS, pkS).
-
公开(公告)号:US10609039B2
公开(公告)日:2020-03-31
申请号:US16051761
申请日:2018-08-01
摘要: A method, computer program product, and system for providing verification processes associated with a commitment-based authentication protocol are described. A request by a user for access to one or more resources is received, and a presentation policy is transmitted to the user indicating required credentials. A commitment to a revocation handle is received, including an indication of an associated Sigma protocol executed by the user. A challenge value selected from a challenge value set associated with the associated Sigma protocol is transmitted to the user. Based on the selected challenge value, a presentation token and a value parameter that is distinct from the presentation token are received from the user. Based on a determination as to whether the presentation token and value parameter are valid in accordance with the associated Sigma protocol, access for the user to the one or more resources is granted to the user or prevented.
-
公开(公告)号:US10554419B2
公开(公告)日:2020-02-04
申请号:US15651365
申请日:2017-07-17
发明人: Jan L. Camenisch , Stephan Krenn , Anja Lehmann , Gregory Neven
摘要: A method for a re-issuance of an attribute-based credential of an issuer of the attribute-based credential for a user may be provided. The user is holding backup values derived from a first credential previously obtained from the issuer, wherein the first credential is built using at least a first value of at least one authentication pair. The method comprises receiving by the issuer from the user a set of values derived from the backup values comprising a second value of the at least one authentication pair, validating by the issuer that the second value is a valid authentication answer with respect to the first value and whether the set of values was derived from a valid first credential, and providing by the issuer a second credential to the user based on the first set of values.
-
公开(公告)号:US20200007318A1
公开(公告)日:2020-01-02
申请号:US16022899
申请日:2018-06-29
摘要: Communicating a message via a leakage-deterring encryption scheme. A sender computer stores a public key pko of a recipient key-pair (pko, sko) of a message recipient, a commitment c, bound to the public key pko, to a secret s of the message recipient, and a public key pkt of a decryptor key-pair (pkt, skt). A receiver computer stores a secret key sko of the recipient key-pair (pko, sko), the commitment c and an opening o to the commitment. A decryptor computer stores a secret key skt of the decryptor key-pair (pkt, skt). The sender computer is adapted to encrypt a message m for the message recipient by generating ciphertexts. The sender computer sends the ciphertexts to the receiver computer. The receiver computer is adapted to send a ciphertext to the decryptor computer and provide a proof. The decryptor computer is adapted to verify the proof.
-
公开(公告)号:US10171249B2
公开(公告)日:2019-01-01
申请号:US14943144
申请日:2015-11-17
摘要: The present disclosure relates to a cryptographic method for enabling access by a user device to services provided by a server in a set of reference areas. The method comprises at the user device: obtaining a set of reference credentials of the server certifying data indicating the reference areas; obtaining a location credential certifying location data indicating the current location of the user device; generating an authentication token comprising a cryptographic proof for proving that the current location of the user device certified by the location credential matches at least one reference area certified by the set of reference credentials; sending the authentication token to the server for accessing the services by the user device in the at least one reference area.
-
公开(公告)号:US10104088B2
公开(公告)日:2018-10-16
申请号:US15278411
申请日:2016-09-28
摘要: A method, computer program product, and system for providing verification processes associated with a commitment-based authentication protocol are described. A request by a user for access to one or more resources is received, and a presentation policy is transmitted to the user indicating required credentials. A commitment to a revocation handle is received, including an indication of an associated Sigma protocol executed by the user. A challenge value selected from a challenge value set associated with the associated Sigma protocol is transmitted to the user. Based on the selected challenge value, a presentation token and a value parameter that is distinct from the presentation token are received from the user. Based on a determination as to whether the presentation token and value parameter are valid in accordance with the associated Sigma protocol, access for the user to the one or more resources is granted to the user or prevented.
-
公开(公告)号:US09763092B2
公开(公告)日:2017-09-12
申请号:US15345929
申请日:2016-11-08
CPC分类号: H04W12/06 , G06F2221/2111 , G06F2221/2151 , H04L63/083 , H04L63/0876
摘要: An approach for authenticating a user computer, connectable to a mobile network includes a computing device retrieving an attribute credential, the attribute credential certifying a set of user attributes, a device identifier for identifying the user computer to the mobile network, a location credential, the location credential certifying a device identifier and location data indicating a location of the user computer determined by the mobile network. The approach includes a computer producing an authentication token comprising the attribute credential, the location credential, the location data and a proof for proving that the device identifier in the attribute credential equals the device identifier in the location credential. The approach includes a computer producing a blinded attribute credential by randomized blinding of the attribute credential, wherein the authentication token includes the blinded attribute credential and the proof verifies possession by the user computer of the attribute credential in the blinded attribute credential.
-
公开(公告)号:US09755839B2
公开(公告)日:2017-09-05
申请号:US14742237
申请日:2015-06-17
发明人: Jan L. Camenisch , Anja Lehmann , Gregory Neven
CPC分类号: H04L9/3257 , H04L9/085 , H04L9/321 , H04L9/3226 , H04L63/083 , H04L2209/04 , H04L2209/34
摘要: A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.
-
-
-
-
-
-
-
-
-
搜索结果
98 条记录 (耗时 0.029 秒)
