Method for providing security using secure computation

US 9,960,919 B2
Filed: 01/08/2014
Issued: 05/01/2018
Est. Priority Date: 01/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a party for participation in an activity, the method comprising:

dividing a first secret key into a plurality of secret key shares;

storing each of the plurality of the first secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key share stored in another of the servers;

transmitting a challenge to the party and requesting that the party encrypt the challenge using a second key;

after the party encrypts the challenge using the second key, receiving the encrypted challenge from the party;

executing at the plurality of servers a secure computation protocol to generate encryption of the challenge using the plurality of secret key shares without providing any of the plurality of servers with access to the first secret key and to the secret key share stored in another of the servers;

comparing the encrypted challenge received from the party and the encrypted challenge generated by the plurality of servers to determine whether the second key is equal to the first key; and

enabling the party to participate in the activity if and only if it was determined that the first and second keys are equal.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing data, the method comprising: dividing a secret key into a plurality of secret key shares; storing each of the plurality of secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key and to the secret key share stored in another of the servers; using a server of the plurality of servers to execute a secure computation protocol to determine a value of a function responsive to all of the plurality of secret key shares without providing any of the plurality of servers with access to the secret key and to the secret key share stored in another of the servers; and using the calculated value of the function to secure the data.

15 Citations

View as Search Results

6 Claims

1. A method of authenticating a party for participation in an activity, the method comprising:
- dividing a first secret key into a plurality of secret key shares;
  
  storing each of the plurality of the first secret key shares in a different server of a plurality of servers so that none of the servers has access to the secret key share stored in another of the servers;
  
  transmitting a challenge to the party and requesting that the party encrypt the challenge using a second key;
  
  after the party encrypts the challenge using the second key, receiving the encrypted challenge from the party;
  
  executing at the plurality of servers a secure computation protocol to generate encryption of the challenge using the plurality of secret key shares without providing any of the plurality of servers with access to the first secret key and to the secret key share stored in another of the servers;
  
  comparing the encrypted challenge received from the party and the encrypted challenge generated by the plurality of servers to determine whether the second key is equal to the first key; and
  
  enabling the party to participate in the activity if and only if it was determined that the first and second keys are equal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1 wherein the activity comprises establishing a virtual private network communication channel.
  - 3. The method according to claim 1 wherein the party comprises a communication device.
  - 4. The method of securing data according to claim 1 wherein the first secret key comprises a key used in a Kerberos protocol and the challenge comprises an encryption of a ticket granting ticket (TGT) used by the secure computation protocol.
  - 5. The method of securing data according to claim 1 wherein the first secret key comprises a key used in a Kerberos protocol and the challenge comprises an encryption of a service ticket (ST) used by the secure computation protocol.
  - 6. The method of securing data according to claim 1 wherein the first secret key comprises a feature vector representing a biometric feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Coinbase IL RD Limited
Original Assignee
BAR ILAN University
Inventors
Lindell, Yehuda
Primary Examiner(s)
Herzog, Madhuri

Application Number

US14/652,454
Publication Number

US 20150349958A1
Time in Patent Office

1,574 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/62   Protecting access to data v...

G06F 2221/2103   Challenge-response

H04L 2209/46   Secure multiparty computati...

H04L 63/06   for supporting key manageme...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 9/085   Secret sharing or secret sp...

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3271   using challenge-response

Method for providing security using secure computation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing security using secure computation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links