Method For Authenticated Communication In Dynamic Federated Environments
First Claim
1. A method comprising:
- distributing shares of a private signature key to a group of users;
producing a plurality of sub-shares from each of said distributed shares, with each sub-share being accompanied by a corresponding validity proof; and
combining said sub-shares from multiple existing users at each one of a set of new users to generate a set of new shares, each said new share being derived from sub-shares from multiple users.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users.
69 Citations
20 Claims
-
1. A method comprising:
-
distributing shares of a private signature key to a group of users; producing a plurality of sub-shares from each of said distributed shares, with each sub-share being accompanied by a corresponding validity proof; and combining said sub-shares from multiple existing users at each one of a set of new users to generate a set of new shares, each said new share being derived from sub-shares from multiple users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
distributing shares of a private key to a group of computer systems; allowing members of said group to authenticate to at least one client that knows a public key for said group; and redistributing shares from said group to another set of computer systems. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a plurality of computer systems, each having a share of a private signature key; said plurality of computer systems each having a means for producing a plurality of sub-shares from each of said shares, with each sub-share being accompanied by a corresponding validity proof; a client computer receiving said sub-shares and said corresponding validity proofs, and generating a set of new shares, each said new share being derived from sub-shares from multiple ones of said computer systems; and said client computer redistributing said new set of shares to a new group of users. - View Dependent Claims (18)
-
-
19. A computer program product for authenticating communications, said computer program product comprising:
-
a computer usable medium having computer usable program code embodied therewith, said computer usable program code comprising; computer usable program code configured to; distribute shares of a private signature key to a group of users; produce a plurality of sub-shares from each of said distributed shares, with each sub-share being accompanied by a corresponding validity proof; and combine said sub-shares from multiple existing users at each one of a set of new users to generate a set of new shares, each said new share being derived from sub-shares from multiple users. - View Dependent Claims (20)
-
Specification