发明名称 |
Method for authenticated communication in dynamic federated environments |
摘要 |
According to one embodiment of the present invention, a method for protecting authenticated communication in dynamic federated environments is provided. The method includes distributing shares of a private signature key to a group of users. When switching from an existing to a new group of users, the method includes producing a plurality of sub-shares from each of the distributed shares of existing users, with each sub-share being accompanied by a corresponding validity proof. The sub-shares from multiple existing users are combined to generate a set of shares for new users, with each new share being derived from sub-shares from multiple existing users. |
申请公布号 |
US9130757(B2) |
申请公布日期 |
2015.09.08 |
申请号 |
US200812189494 |
申请日期 |
2008.08.11 |
申请人 |
International Business Machines Corporation |
发明人 |
Fazio Nelly;Golding Richard Andrew;Wong Theodore Ming-Tao |
分类号 |
H04L9/32;H04L9/08 |
主分类号 |
H04L9/32 |
代理机构 |
Cantor Colburn LLP |
代理人 |
Cantor Colburn LLP ;Toub Libby |
主权项 |
1. A method comprising:
distributing shares of a private signature key to a group of users with a first processor; producing a plurality of sub-shares from each of said distributed shares with a processor associated with at least one user of the group of users, with each sub-share being accompanied by a corresponding validity proof; distributing the plurality of sub-shares among a set of new users, wherein each of the group of users receives sub-shares from a multiple users; verifying whether each sub-share in that is received by the each user of the set of new users is valid; and combining said valid sub-shares from multiple existing users at each one of the set of new users to generate a set of new shares, each said new share being derived from valid sub-shares from multiple users, wherein, based on said verifying determining that a received sub-share is invalid, said invalid sub-share is not used in said generating. |
地址 |
Armonk NY US |