TU Darmstadt / ULB / TUbiblio

EP 2639997 - Method and system for secure access of a first computer to a second computer

Wiesmaier, Alexander and Braun, Johannes and Horsch, Moritz (2014):
EP 2639997 - Method and system for secure access of a first computer to a second computer.
[Standards, patents]

Abstract

A computer implemented method, computer program product and computer system for securing PIN based access from a first computer (1001) to a second computer (1002). The first computer (1001) sends (5100) identifier information (ID1, ID1a), which identifies a user (1) of the first computer (1001), to at least one trusted computer (1004, 1005). The first computer receives (5200) from the user (1) a first secret share (311) of a key (400) derived from a PIN (300) used for the PIN based access, wherein the first secret share (311) results from a secret sharing algorithm and is associated with an association identifier (390) generated by the at least one trusted computer (1004, 1005) in response to the identifier information (ID1, ID1a). The association identifier (390) is further associated with at least one corresponding secret share (341, 351) of the key (400) at the at least one trusted computer (1004, 1005). The first computer (1001) generates (5310), by using the secret sharing algorithm, for an encrypted nonce value (500) received (5300) from the second computer (1002) a set of further secret shares (501, 504, 505) for the first computer (1001) and for the at least one trusted computer (1004, 1005), wherein the encrypted nonce value (500) is a nonce value (510) encrypted with the key (400) and then sends (5400) corresponding secret shares (504, 505) of the encrypted nonce value (500) to the corresponding at least one trusted computer (1004, 1005). The first computer participates (5500) in a secure multiparty computation of the nonce value (510), wherein the secure computation is based on corresponding pairs ((311,501), (341,504), (351,505)) of the secret shares (311, 341, 351) of the key (400) and the secret shares (501, 504, 505) of the encrypted nonce value (500), and wherein the computed nonce value (510) is hidden from the first computer (1001); and receives (5600) access permission from the second computer (1002) in case the secure multiparty computation results in the nonce value (510) generated originally by the second computer (1002).

Item Type: Standards, patents
Erschienen: 2014
Creators: Wiesmaier, Alexander and Braun, Johannes and Horsch, Moritz
Title: EP 2639997 - Method and system for secure access of a first computer to a second computer
Language: English
Abstract:

A computer implemented method, computer program product and computer system for securing PIN based access from a first computer (1001) to a second computer (1002). The first computer (1001) sends (5100) identifier information (ID1, ID1a), which identifies a user (1) of the first computer (1001), to at least one trusted computer (1004, 1005). The first computer receives (5200) from the user (1) a first secret share (311) of a key (400) derived from a PIN (300) used for the PIN based access, wherein the first secret share (311) results from a secret sharing algorithm and is associated with an association identifier (390) generated by the at least one trusted computer (1004, 1005) in response to the identifier information (ID1, ID1a). The association identifier (390) is further associated with at least one corresponding secret share (341, 351) of the key (400) at the at least one trusted computer (1004, 1005). The first computer (1001) generates (5310), by using the secret sharing algorithm, for an encrypted nonce value (500) received (5300) from the second computer (1002) a set of further secret shares (501, 504, 505) for the first computer (1001) and for the at least one trusted computer (1004, 1005), wherein the encrypted nonce value (500) is a nonce value (510) encrypted with the key (400) and then sends (5400) corresponding secret shares (504, 505) of the encrypted nonce value (500) to the corresponding at least one trusted computer (1004, 1005). The first computer participates (5500) in a secure multiparty computation of the nonce value (510), wherein the secure computation is based on corresponding pairs ((311,501), (341,504), (351,505)) of the secret shares (311, 341, 351) of the key (400) and the secret shares (501, 504, 505) of the encrypted nonce value (500), and wherein the computed nonce value (510) is hidden from the first computer (1001); and receives (5600) access permission from the second computer (1002) in case the secure multiparty computation results in the nonce value (510) generated originally by the second computer (1002).

Number: EP2639997
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 04 Aug 2016 15:08
Identification Number: TUD-CS-2014-0978
Export:

Optionen (nur für Redakteure)

View Item View Item