Method and system for enhancing network security using a multilateral authorization mechanism
First Claim
1. A method for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the method comprising:
- determining one or more access sets, each containing the threshold number of stakeholders;
determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key, wherein the quorum private key is split among the stakeholders of the multilateral authorization quorum, thereby forming the multilateral authorization quorum;
determining one or more secret keys of the stakeholders for each of the one or more access sets; and
generating one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof;
wherein the threshold number of stakeholders in the multilateral authorization quorum collectively generate a collective signature for a message in the computer network utilizing a Guillou-Quisquater public key security system, comprising;
computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof;
computing t=H (M, R) (mod E), wherein M represents the message being signed by the stakeholders and H(M, R) is a one-way hash function;
computing J′
such that J′
*(JSIGN)t*r′
E≡
1 (mod N), wherein r′
is a random number and 1<
r′
<
N and JSIGN is the public key for the collective signature;
sending J′ and
a selected polynomial B(x) to all stakeholders in a selected access set;
computing a partial result j′
Sk (mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder; and
computing an intermediate value T as T=r*r′
*J′
*Π
k=1 to K J′
Sk(mod N),wherein a three-tuple <
M, t, T>
constitutes the collective signature of the threshold number of stakeholders.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system is provided for implementing a multilateral authorization quorum in a computer network. The authorization quorum comprises a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization. To implement this multilateral authorization quorum, one or more access sets is first determined, each containing the threshold number of stakeholders. Since the stakeholders split a quorum private key, the shares of the quorum private key for each stakeholder in all access sets are determined. The shares of the private key held by the stakeholders in any one access set add up to a number directly related to the private key. One or more secret keys of the stakeholders are further determined for each access set. One or more polynomials for the access sets are then generated by using the shares of the private key and the secret keys thereof, wherein the private key is thus split among the stakeholders of the multilateral authorization quorum. Such a multilateral authorization quorum is ready to be used for making approvals for predetermined transactions.
-
Citations
41 Claims
-
1. A method for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the method comprising:
-
determining one or more access sets, each containing the threshold number of stakeholders; determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key, wherein the quorum private key is split among the stakeholders of the multilateral authorization quorum, thereby forming the multilateral authorization quorum; determining one or more secret keys of the stakeholders for each of the one or more access sets; and generating one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof; wherein the threshold number of stakeholders in the multilateral authorization quorum collectively generate a collective signature for a message in the computer network utilizing a Guillou-Quisquater public key security system, comprising; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing t=H (M, R) (mod E), wherein M represents the message being signed by the stakeholders and H(M, R) is a one-way hash function; computing J′
such that J′
*(JSIGN)t*r′
E≡
1 (mod N), wherein r′
is a random number and 1<
r′
<
N and JSIGN is the public key for the collective signature;sending J′ and
a selected polynomial B(x) to all stakeholders in a selected access set;computing a partial result j′
Sk (mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder; andcomputing an intermediate value T as T=r*r′
*J′
*Π
k=1 to K J′
Sk(mod N),wherein a three-tuple <
M, t, T>
constitutes the collective signature of the threshold number of stakeholders. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer program product for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the computer program product stored on a computer-readable medium and comprising instructions for:
-
determining one or more access sets, each containing the threshold number of stakeholders; determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key, wherein the quorum private key is split among the stakeholders of the multilateral authorization quorum, thereby forming the multilateral authorization quorum; determining one or more secret keys of the stakeholders for each of the one or more access sets; and generating one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof, wherein the multilateral authorization quorum is used for enrolling a new user in the computer network utilizing a Guillou-Quisquater public key security system, the enrolling requires approvals from the threshold number of stakeholders, the computer program product further comprising instructions for; generating, by the new user, a public key J based on one or more predetermined parameters; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing a value J′
such that R*J*J′
≡
1 (mod N);
wherein J denotes the public key chosen by the new user;sending J′ and
a selected broadcast polynomial B(x) to all stakeholders in an access set;computing a partial result J′
Sk(mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder;computing B′
=J′
*Π
k=1 to K J′
Sk (mod N);sending B′
to the new user; andcomputing a distinctive share B=B′
*r (mod N) as a private key for the new user corresponding to the public key J. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A system for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the system comprising:
-
a key share management center for determining one or more access sets, each containing the threshold number of stakeholders;
for determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key; and
for determining one or more secret keys of the stakeholders for each of the one or more access sets; andwherein the key share management center contains at least one memory, wherein the key share management center generates one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof, wherein the threshold number of stakeholders in the multilateral authorization quorum collectively generate a collective signature for a message in the computer network utilizing a Guillou-Quisquater public key security system, the system further comprising means for; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing t=H(M, R)(mod E), wherein M represents the message being signed by the stakeholders and H(M, R) is a one-way hash function; computing J′
such that J′
*(JSIGN)t*r′
E≡
1 (mod N), wherein r′
is a random number and 1<
r′
<
N and JSIGN is the public key for the collective signature;sending J′ and
a selected polynomial B(x) to all stakeholders in a selected access set;computing a partial result J′
Sk(mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder; andcomputing an intermediate value T as T=r*r′
*J′
*Π
k=1 to K J′
Sk(mod N),wherein a three-tuple <
M, t, T>
constitutes the collective signature of the threshold number of stakeholders. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. A method for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the method comprising:
-
determining one or more access sets, each containing the threshold number of stakeholders; determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key, wherein the quorum private key is split among the stakeholders of the multilateral authorization quorum, thereby forming the multilateral authorization quorum; determining one or more secret keys of the stakeholders for each of the one or more access sets; and generating one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof, wherein the multilateral authorization quorum is used for enrolling a new user in the computer network utilizing a Guillou-Quisquater public key security system, the enrolling requires approvals from the threshold number of stakeholders, the method further comprising; generating, by the new user, a public key J based on one or more predetermined parameters; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing a value J′
such that R*J*J′
≡
1 (mod N);
wherein J denotes the public key chosen by the new user;sending J′ and
a selected broadcast polynomial B(x) to all stakeholders in an access set;computing a partial result J′
Sk(mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder;computing B′
=J′
*Π
k=1 to K J′
Sk(mod N);sending B′
to the new user; andcomputing a distinctive share B=B′
*r (mod N) as a quorum private key for the new user corresponding to the public key J.
-
-
40. A computer program product for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the computer program product stored on a computer-readable medium and comprising instructions for:
-
determining one or more access sets, each containing the threshold number of stakeholders; determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key, wherein the quorum private key is split among the stakeholders of the multilateral authorization quorum, thereby forming the multilateral authorization quorum; determining one or more secret keys of the stakeholders for each of the one or more access sets; and generating one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof, wherein the threshold number of stakeholders in the multilateral authorization quorum collectively generate a collective signature for a message in the computer network utilizing a Guillou-Quisquater public key security system, the computer program product further comprising instructions for; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing t=H (M, R) (mod E), wherein M represents the message being signed by the stakeholders and H(M, R) is a one-way hash function; computing J′
such that J′
*(JSIGN)t*r′
E≡
1 (mod N), wherein r′
is a random number and 1<
r′
<
N and JSIGN is the public key for the collective signature;sending J′ and
a selected polynomial B(x) to all stakeholders in a selected access set;computing a partial result J′
Sk(mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder; andcomputing an intermediate value T as T=r*r′
*J′
*Π
k=1 to K J′
Sk(mod N),wherein a three-tuple <
M, t, T>
constitutes the collective signature of the threshold number of stakeholders.
-
-
41. A system for implementing a multilateral authorization quorum in a computer network, the multilateral authorization quorum comprising a total number of stakeholders out of which a threshold number of stakeholders can provide a multilateral authorization, the stakeholders sharing a quorum private key, the system comprising:
-
a key share management center for determining one or more access sets, each containing the threshold number of stakeholders;
for determining a share of the quorum private key held by each stakeholder in all of the one or more access sets, wherein the shares of the quorum private key held by the stakeholders in any one of the one or more access sets add up to a number directly related to the quorum private key; and
for determining one or more secret keys of the stakeholders for each of the one or more access sets; andwherein the key share management center contains at least one memory, wherein the key share management center generates one or more broadcast polynomials for each of the one or more access sets using the shares of the quorum private key and the one or more secret keys thereof, wherein the multilateral authorization quorum is used for enrolling a new user in the computer network utilizing a Guillou-Quisquater public key security system, the enrolling requires approvals from the threshold number of stakeholders, the system further comprising means for; generating, by the new user, a public key J based on one or more predetermined parameters; computing a value R=rE(mod N) wherein r is a random number between 1 and integer N, and E denotes a public exponent thereof; computing a value J′
such that R*J*J′
≡
1 (mod N);
wherein J denotes the public key chosen by the new user;sending J′ and
a selected broadcast polynomial B(x) to all stakeholders in an access set;computing a partial result J′
Sk(mod N) by each stakeholder, wherein Sk=B(Z′
k)(0≦
k<
K), Z′
k denotes the secret key held by each stakeholder;computing B′
=J′
*Π
k=1 to K J′
Sk(mod N);sending B′
to the new user; andcomputing a distinctive share B=B′
*r (mod N) as a private key for the new user corresponding to the public key J.
-
Specification