公开(公告)号：WO2012055425A1

公开(公告)日：2012-05-03

申请号：PCT/EP2010/006529

申请日：2010-10-26

Applicant: NEC EUROPE LTD. ,  BOHLI, Jens-Matthias ,  UGUS, Osman

Inventor： BOHLI, Jens-Matthias ,  UGUS, Osman

IPC: H04L29/06

CPC classification number: H04W12/06 ,  H04L63/061 ,  H04L63/0853 ,  H04L63/18

Abstract: A method for secure pairing of wireless devices, wherein a master device (A) is deployed in a network environment (2), and wherein a new device (B) to be securely integrated into said network environment (2) executes an unauthenticated key exchange with said master device (A), is characterized in that said master device (A) has a security association (3) with a camera system (1) that monitors an operational area where said new wireless device (B) is placed, based on the exchanged key, said master device (A) and said new device (B) each compute a key confirmation code, wherein said camera system (1) learns said key confirmation code from said master device (A), said camera system (1) watches for devices transmitting said key confirmation code via a visual out-of-band channel (7) and provides images of such identified devices to said master device (A), based on an analysis of an image of a device identified by said camera system (1), an authorization decision is made with respect to accepting said identified device as new device (B) of said network environment (2). Furthermore, a corresponding system is disclosed.

Abstract translation: 一种用于无线设备的安全配对的方法，其中在网络环境（2）中部署主设备（A），并且其中将被安全地集成到所述网络环境（2）中的新设备（B）执行未经认证的密钥交换 与所述主设备（A）的特征在于，所述主设备（A）具有安全关联（3），其具有监视所述新无线设备（B）的放置的操作区域的照相机系统（1），基于 所述主设备（A）和所述新设备（B）各自计算密钥确认码，其中所述相机系统（1）从所述主设备（A）学习所述密钥确认码，所述相机系统（1） 手表用于经由视觉带外频道（7）发送所述密钥确认码的设备，并且基于对由所述相机系统识别的设备的图像的分析，将所识别的设备的图像提供给所述主设备（A） （1）作出授权决定 将所述识别的设备称为所述网络环境（2）的新设备（B）。 此外，公开了相应的系统。

公开(公告)号：WO2015173434A1

公开(公告)日：2015-11-19

申请号：PCT/EP2015/060917

申请日：2015-05-18

Applicant: NEC EUROPE LTD. ,  UNIVERSITÄT MANNHEIM

Inventor： ARMKNECHT, Frederik ,  BOHLI, Jens-Matthias ,  KARAME, Ghassan ,  REUTER, Christian

IPC: G06F21/64 ,  H04L29/06 ,  G06F3/06

CPC classification number: H04L63/10 ,  G06F3/067 ,  G06F21/645 ,  G06F2221/2101 ,  G06F2221/2115 ,  H04L63/123

Abstract: The present invention relates to a method for proving retrievability, 'POR', of information, said method being performed in a memory available to one or more computation devices, wherein credentials between a user device, a storing device and an auditing device between each pair of said devices are exchanged and used for communication between them, comprising the steps of a) Encoding the information to be stored on said storing device by said user device or said auditing device, b) Storing the encoded information on said storing device, c) Verifying the correctness of said stored information by the auditing device and using unpredictable random information d) Transmitting correctness information to the user device, said correctness information being secure and which are generated based on the result of said verification by the auditing device and e) Validating said correctness information by the user device for proving retrievability of said stored information and said unpredictable random information.

Abstract translation: 本发明涉及一种用于证明信息的可检索性“POR”的方法，所述方法在可用于一个或多个计算设备的存储器中执行，其中用户设备，存储设备和每对之间的审核设备之间的凭证 所述设备被交换并用于它们之间的通信，包括以下步骤：a）由所述用户设备或所述审核设备对要存储在所述存储设备上的信息进行编码; b）将编码信息存储在所述存储设备上; c） 验证所述存储的信息由审核设备的正确性和使用不可预测的随机信息d）向用户设备发送正确性信息，所述正确性信息是安全的，并且基于审核设备的所述验证的结果生成，以及e）验证 所述用户设备的所述正确性信息用于证明所述存储的信息和所述不可预测的ra的可检索性 ndom信息。

公开(公告)号：WO2013174447A1

公开(公告)日：2013-11-28

申请号：PCT/EP2012/059878

申请日：2012-05-25

Applicant: NEC EUROPE LTD. ,  BOHLI, Jens-Matthias ,  BIANCHI, Giuseppe

Inventor： BOHLI, Jens-Matthias ,  BIANCHI, Giuseppe

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  H04L9/085 ,  H04L9/3013 ,  H04L9/3066 ,  H04L63/0209 ,  H04L63/0227 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/065 ,  H04L63/1408 ,  H04L63/1458 ,  H04L2463/144

Abstract: For allowing a very effective and privacy friendly identification of potentially malicious network elements within a network a method for identifying potentially malicious network elements within a network, wherein the network comprises multiple domains administrated by different operators, is claimed. The method is characterized in that at least some of said operators transmit qualifying information regarding at least one network element, said at least one network element being qualified as being potentially malicious, to a functional entity, and wherein the functional entity provides an alarm information and/or alarm activity, if a predefined number of operators has transmitted such qualifying information regarding the same potentially malicious network element to the functional entity. Further, an according network is claimed, preferably for carrying out the above mentioned method.

Abstract translation: 为了允许在网络内非常有效和隐私地识别潜在的恶意网络元件，用于识别网络内的潜在恶意网络元件的方法，其中所述网络包括由不同运营商管理的多个域。 该方法的特征在于，至少一些所述运营商向功能实体发送关于至少一个网络元件（所述至少一个网络元件被认定为潜在恶意的）的资格信息，并且其中所述功能实体提供报警信息和 /或报警活动，如果预定义数量的操作者向功能实体发送了关于相同潜在的恶意网元的这种限定信息。 此外，要求保护网络，优选地用于执行上述方法。

公开(公告)号：WO2016131473A1

公开(公告)日：2016-08-25

申请号：PCT/EP2015/053242

申请日：2015-02-16

Applicant: NEC EUROPE LTD. ,  UNIVERSITÄT MANNHEIM

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan ,  ARMKNECHT, Frederik

IPC: G06F17/30 ,  G06F21/30 ,  G06F21/60 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L9/3239 ,  G06F17/30097 ,  G06F17/30156 ,  G06F17/30194 ,  G06F21/30 ,  G06F21/602 ,  G06F21/6218 ,  G06F21/64 ,  H04L29/06755 ,  H04L63/0281 ,  H04L63/0457 ,  H04L63/061 ,  H04L63/12 ,  H04L67/1097

Abstract: The present invention relates to a method for verifying information of a data item (DI) in a plurality of different data items (DI), preferably stored on a server (SP) like a cloud or the like, wherein: a) a hash tree is generated from the plurality of data items (DI), such that the data items (DI) forming the leaves (LO) of the hash tree (HT) and such that the non-leaf nodes (L1, L2, L3,...) are computed by hashing the data items (DI) of their respective child nodes (L0, L1, L2,...) and when computing the root-hash (R) at least the distance between the root node (R) and the leaf-nodes (L0) is included into the hashing; b) an authentication path for said data item (DI) is computed based on a recomputation of the hash tree (HT), wherein an authentication path comprises all siblings of tree nodes from the data item (DI) to the root (R) of the hash tree (HT); c) the root-hash (R) is recomputed based on said data item (DI) and the computed authentication path of said data item (DI) and the recomputed root-hash (R) is compared with the root-hash (R) of the hash-tree (HT) of step a); d) the side element (RME) in the leaves (L0) or a tree level (L1) above of the hash tree (HT) and its authentication path is determined; e) the authentication path of said side element (RME) is verified, wherein based on the result of step e) the number of data items (DI) of said plurality is determined and wherein a membership of said data item (DI) to the plurality of data items is determined based on the result of step c).

Abstract translation: 本发明涉及一种用于验证多个不同数据项（DI）中数据项（DI）的信息的方法，优选地存储在诸如云等的服务器（SP）上，其中：a）散列树 （DI）生成，使得形成散列树（HT）的叶子（LO）的数据项（DI），使得非叶节点（L1，L2，L3，...） 通过对其各自的子节点（L0，L1，L2，...）的数据项（DI）进行散列来计算，并且当根节点（R）至少计算根节点（R）和 叶节点（L0）被包含在哈希中; b）基于散列树（HT）的重新计算来计算所述数据项（DI）的认证路径，其中认证路径包括从数据项（DI）到根（R）的树节点的所有兄弟节点 散列树（HT）; c）基于所述数据项（DI）重新计算根散列（R），并且将所计算的所述数据项（DI）的认证路径和重新计算的根散列（R）与根散列（R）进行比较， 的步骤a）的散列树（HT）; d）确定树叶（L0）中的边元素（RME）或散列树（HT）上方的树级（L1）及其认证路径; e）验证所述侧元件（RME）的认证路径，其中基于步骤e）的结果，确定所述多个数据项的数量（DI），并且其中所述数据项（DI）的隶属于 基于步骤c）的结果确定多个数据项。

公开(公告)号：WO2017140381A1

公开(公告)日：2017-08-24

申请号：PCT/EP2016/053578

申请日：2016-02-19

Applicant: NEC EUROPE LTD.

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan

IPC: H04L29/06 ,  G06F21/62

CPC classification number: G06F21/6209 ,  H04L63/0428

Abstract: The present invention relates to a method for storing data on a storage entity (SE), comprising the steps of: a) Dividing a file to be stored into a number of chunks by a client, b) Computing a secret key for each chunk of said file, c) Computing for each chunk a chunk identifier by said client, d) Checking, by said SE, if one or more of said chunks have already been stored based on said computed chunk identifiers, e) In case one or more of said chunks have not already been stored: - Encoding the corresponding chunks; - Computing chunk tags for said chunks using said computed secret key; - Storing said encoded chunks and said chunk tags.

Abstract translation: 本发明涉及一种用于在存储实体（SE）上存储数据的方法，该方法包括以下步骤：a）由客户将要存储的文件划分为多个块，b） 为所述文件的每个块计算秘密密钥，c）由所述客户端为每个块计算块标识符，d）由所述SE，基于所述计算的块标识符来检查是否已经存储了一个或多个所述块， e）如果一个或多个所述组块尚未被存储： - 编码相应的组块; - 使用所述计算的秘密密钥来计算所述组块的块标签; - 存储所述编码的块和所述块标签。

公开(公告)号：WO2016026537A1

公开(公告)日：2016-02-25

申请号：PCT/EP2014/067927

申请日：2014-08-22

Applicant: NEC EUROPE LTD.

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan

IPC: G06F3/06 ,  G06F21/62

CPC classification number: H04L63/0428 ,  G06F3/0608 ,  G06F3/0623 ,  G06F3/0641 ,  G06F3/067 ,  G06F21/62 ,  H04L67/1097 ,  H04L2463/061 ,  H04L2463/062

Abstract: For providing an alternative secure cloud storing of data, additionally allowing fair billing of storing data within a cloud storage, a method for storing of data within a cloud storage is claimed, wherein data of a user is stored within the cloud storage upon a request by the user. The method is characterized in that the data is encrypted, the request is directed to a managing means and - before an uploading of the encrypted data to the cloud storage - the managing means performs a deduplication on the encrypted data, so that uploading of the data is only performed, if the data is not yet stored within the cloud storage. Further, an according cloud storage system is claimed, preferably for carrying out the above mentioned method.

Abstract translation: 为了提供数据的备选安全云存储，另外允许在云存储中存储数据的公平计费，要求保护在云存储中的数据的方法，其中用户的数据根据​​请求被存储在云存储器内 用户。 该方法的特征在于数据被加密，该请求被指向管理装置，并且 - 在将加密数据上传到云存储之前 - 管理装置对加密的数据执行重复数据删除，从而上传数据 只有当数据尚未存储在云存储中时才执行。 此外，要求保护云存储系统，优选地用于执行上述方法。

公开(公告)号：WO2013001021A1

公开(公告)日：2013-01-03

申请号：PCT/EP2012/062601

申请日：2012-06-28

Applicant: NEC EUROPE LTD. ,  BOHLI, Jens-Matthias ,  SEEDORF, Jan ,  LI, Wenting

Inventor： BOHLI, Jens-Matthias ,  SEEDORF, Jan ,  LI, Wenting

IPC: H04L9/08

CPC classification number: H04L9/085 ,  H04L2209/46

Abstract: The invention relates to a method for obtaining a result of a joint public function for a plurality of parties in a secure multi-party computation environment, comprising the steps of a) Providing input data of the parties, b) Generating shares from the provided input data, c) Sharing the generated shares among the parties according to a secret sharing scheme, d) Performing the joint public function with the shared shares, e) Generating function shares from the performed public function and sharing the function shares among the parties according to a secret sharing scheme, and f) Obtaining the result from the shared generated shares, g) Recovering an intermediate information of the shared shares, and h) Using the recovered intermediate information for performing step d). The invention relates also to use of a method and a secure multi-party computation system.

Abstract translation: 本发明涉及一种用于在安全的多方计算环境中获得多方的联合公共功能的结果的方法，包括以下步骤：a）提供双方的输入数据，b）从提供的输入生成股份 数据，c）根据秘密共享方案分享各方之间的已发行股份; d）共同共享股进行联合公共职能; e）根据履行的公共职能发起职能股份，并按照 秘密共享方案，以及f）从共享生成的共享获取结果，g）恢复共享共享的中间信息，以及h）使用恢复的中间信息来执行步骤d）。 本发明还涉及使用方法和安全的多方计算系统。

公开(公告)号：WO2017140358A1

公开(公告)日：2017-08-24

申请号：PCT/EP2016/053384

申请日：2016-02-17

Applicant: NEC EUROPE LTD. ,  UNIVERSITAET MANNHEIM

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan ,  ARMKNECHT, Frederik

IPC: G09C1/00 ,  G06F3/06 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L9/008 ,  G06F3/0608 ,  G06F3/0623 ,  G06F3/067 ,  G06F21/6218 ,  G06F21/64 ,  G09C1/00 ,  H04L63/0428

Abstract: The present invention relates to a method for storing data on a storage entity (SE), comprising the steps of: a) computing a file identifier for a file to be stored on said SE; b) checking, by said SE, if the file has already been stored using said file identifier; c) generating a user-specific private and a user-specific public identifier; d) updating or computing tags of said file by said client such that said updating or computing is homomorphic in the user-specific private identifier and in parts of said file; e) providing said user-specific public identifier said updated tags and a proof of possession of said secret identifier to said SE by said client; f) verifying by said SE, said proof-of-possession; g) verifying validity of said tags; h) upon successful checking storing a public identifier for said file incorporating said user-specific public identifier and said updated tags by said SE; i) if the file has not already been stored, storing said file by said SE.

Abstract translation: 本发明涉及一种用于在存储实体（SE）上存储数据的方法，该方法包括以下步骤：a）计算要存储在所述SE上的文件的文件标识符; b）由所述SE检查文件是否已经使用所述文件标识符被存储; c）生成用户特定的私人和用户特定的公共标识符; d）由所述客户端更新或计算所述文件的标签，使得所述更新或计算在所述用户专用专用标识符和所述文件的部分中是同态的; e）由所述客户向所述SE提供所述用户特定的公共标识符，所述更新的标签和所述秘密标识符的拥有证明; f）由所述SE核实所述占有证据; g）验证所述标签的有效性; h）在成功检查时，由所述SE存储结合所述用户特定公共标识符和所述更新标签的所述文件的公共标识符; i）如果文件尚未被存储，则由所述SE存储所述文件。

公开(公告)号：WO2017020953A1

公开(公告)日：2017-02-09

申请号：PCT/EP2015/068111

申请日：2015-08-05

Applicant: NEC EUROPE LTD. ,  UNIVERSITAET MANNHEIM

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan ,  ARMKNECHT, Frederik

IPC: H04L9/00 ,  H04L9/32 ,  G09C1/00 ,  H04L29/06

CPC classification number: H04L9/3271 ,  H04L63/08 ,  H04L63/1458 ,  H04L2209/56

Abstract: The present invention relates to a method for providing a proof-of-work, comprising the steps of a) Computing, by a verification computing device, 'VCD', a first linear feedback shift register sequence, 'LFSR-S', using a first polynomial having a first degree and computing, by said VCD, a second LFSR-S based on a second polynomial, wherein said polynomials are computed such that the first polynomial divides the second polynomial, b) Transmitting elements generated by a function on input of a number of initial state parameters of said second LFSR-S to a proving computing device, 'PCD', c) Transmitting a challenge, generated by said VCD and using said elements of said second LFSR-S, to said PCD, d) Recursively computing, by said PCD, all elements of said first LFSR-S by using said transmitted elements of said second LFSR-S, e) Computing a solution for said received challenge based on said computed elements of said first LFSR-S and transmitting said solution to said VCD f) Providing a proof-of-work by verifying, by said VCD, said transmitted solution by recomputing a solution to said challenge using initial state parameters and coefficients of said first LFSR-S comparing the computed solution of said PCD with said recomputed solution of said VCD.

Abstract translation: 本发明涉及一种用于提供工作证明的方法，包括以下步骤：a）通过验证计算设备计算第一线性反馈移位寄存器序列“LFSR-S”，使用“ 第一多项式具​​有第一度，并且由所述VCD计算基于第二多项式的第二LFSR-S，其中所述多项式被计算为使得所述第一多项式除以所述第二多项式，b）由功能生成的发送元素 将所述第二LFSR-S的初始状态参数发送到验证计算设备“PCD”，c）将由所述VCD产生的挑战和使用所述第二LFSR-S的所述元素发送给所述PCD的d）递归地 由所述PCD通过使用所述第二LFSR-S的所述发送的元素来计算所述第一LFSR-S的所有元素，e）基于所述计算的所述第一LFSR-S的元素计算所述接收到的挑战的解，并且传送所述解 说VCD，f）提供专业的 通过使用初始状态参数和所述第一LFSR-S的系数重新计算解决所述挑战的所述VCD，通过所述VCD验证所述传输的解决方案，所述第一LFSR-S将计算出的所述PCD的解决方案与所述VCD的所述重新计算的解决方案进行比较。

公开(公告)号：WO2016180495A1

公开(公告)日：2016-11-17

申请号：PCT/EP2015/060641

申请日：2015-05-13

Applicant: NEC EUROPE LTD. ,  UNIVERSITÄT MANNHEIM

Inventor： BOHLI, Jens-Matthias ,  KARAME, Ghassan ,  ARMKNECHT, Frederik

IPC: H04L9/32 ,  H04L29/08 ,  H04L9/00

CPC classification number: H04L67/1097 ,  H04L9/008 ,  H04L9/3271 ,  H04L63/123 ,  H04L67/06 ,  H04L67/1095

Abstract: For providing an easy and secure use of cloud services a method for storing data in a cloud is claimed, comprising the following steps: providing at least one data file to be stored together with a predefined number t of replicas of the at least one data file within the cloud, at least one authentication tag corresponding to the at least one data file and t functions that can be configured to take at least a predefined time to compute; transmitting the at least one data file, the at least one authentication tag and the t functions to the cloud; storing the at least one data file within the cloud; computing t solutions of the t functions within the cloud; generating the t replicas of the at least one data file based on the t solutions of the t functions and the at least one data file within the cloud, wherein each function is used for at least one replica of the at least one data file; and storing the t replicas within the cloud. Further, an according network for carrying out the method is claimed.

Abstract translation: 为了提供对云服务的简单和安全的使用，声称在云中存储数据的方法包括以下步骤：提供要与所述至少一个数据文件的预定数量的副本t一起存储的至少一个数据文件 在云内，至少一个对应于该至少一个数据文件的认证标签和t个功能，其可配置为至少采取预定时间进行计算; 将所述至少一个数据文件，所述至少一个认证标签和所述t功能发送到所述云; 将所述至少一个数据文件存储在所述云内; 计算云中t函数的解; 基于所述t函数和所述云中的所述至少一个数据文件的t解，生成所述至少一个数据文件的t个副本，其中每个功能用于所述至少一个数据文件的至少一个副本; 并将t个副本存储在云中。 此外，要求保护用于执行该方法的相关网络。