A METHOD FOR PROVIDING SECURITY USING SECURE COMPUTATION

US 20150349958A1
Filed: 01/08/2014
Published: 12/03/2015
Est. Priority Date: 01/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method of securing data, the method comprising:

dividing a secret key into a plurality of secret key shares;

storing each of the plurality of secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key and to the secret key share stored in another of the servers;

using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the secret key and to the secret key share stored in another of the servers; and

using the calculated value of the function to secure the data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing data, the method comprising: dividing a secret key into a plurality of secret key shares; storing each of the plurality of secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key and to the secret key share stored in another of the servers; using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the secret key and to the secret key share stored in another of the servers; and using the calculated value of the function to secure the data.

Citations

15 Claims

1. A method of securing data, the method comprising:
- dividing a secret key into a plurality of secret key shares;
  
  storing each of the plurality of secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key and to the secret key share stored in another of the servers;
  
  using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the secret key and to the secret key share stored in another of the servers; and
  
  using the calculated value of the function to secure the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of securing data according to claim 1 wherein the calculated value comprises an encryption of the data.
  - 3. The method of securing data according to claim 1 wherein using the calculated value to secure the data comprises using the calculated value to determine whether or not a password received from a sender by at least one of the servers was generated using the secret key and enabling access by the sender to the data if and only if it was determined that the password was generated using the secret key.
  - 4. The method of securing data according to claim 3 wherein the password comprises a onetime password (OTP) generated using the secret key.
  - 5. The method of securing data according to claim 3 wherein the secret key comprises a static password generated using the secret key.
  - 6. The method of securing data according to claim 1 wherein the secret key comprises a key used in a Kerberos protocol and the calculated value comprises an encryption of a ticket granting ticket (TGT) used by the protocol.
  - 7. The method of securing data according to claim 1 wherein the secret key comprises a key used in a Kerberos protocol and the calculated value comprises an encryption of a service ticket (ST) used by the protocol.
  - 8. The method of securing data according to claim 1 wherein the secret key comprises a feature vector representing a biometric feature.
  - 9. The method of securing data according to claim 1 wherein the data comprises a feature vector representing a biometric feature.

10. A method of authenticating a party for participation in an activity, the method comprising:
- dividing a first secret key into a plurality of secret key shares;
  
  storing each of the plurality of secret key shares in a different server so that none of the servers has access to the secret key share stored in another of the servers;
  
  transmitting a challenge to the party and requesting that the party encrypt the challenge using a second key;
  
  receiving the encryption;
  
  using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the first secret key and to the secret key share stored in another of the servers;
  
  using the calculated value and the encryption to determine whether the second key is equal to the first key; and
  
  enabling the party to participate in the activity if and only if it was determined that the first and second keys are equal.
- View Dependent Claims (11, 12)
- - 11. The method according to claim 10 wherein the activity comprises establishing a virtual private network communication channel.
  - 12. The method according to claim 10 wherein the party comprises a communication device.

13. Apparatus for authenticating access to data, the apparatus comprising:
- a plurality of servers each having a different share of a same secret key;
  
  a password generated responsive to the secret key which if presented to a server of the plurality of servers allows access to the data; and
  
  an instruction set executable by a server of the plurality of servers to execute a secure computation protocol to determine responsive to all of the shares if a password received by a server was generated responsive to the secret key.
- View Dependent Claims (14, 15)
- - 14. Apparatus according to claim 13 wherein the password comprises a onetime password.
  - 15. Apparatus according to claim 13 wherein the password comprises a static password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coinbase IL RD Limited
Original Assignee
BAR ILAN University
Inventors
LINDELL, Yehuda

Granted Patent

US 9,960,919 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/62   Protecting access to data v...

G06F 2221/2103   Challenge-response

H04L 2209/46   Secure multiparty computati...

H04L 63/06   for supporting key manageme...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

A METHOD FOR PROVIDING SECURITY USING SECURE COMPUTATION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

A METHOD FOR PROVIDING SECURITY USING SECURE COMPUTATION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links