Showing papers by "Nadarajah Asokan published in 2002"

Secure Vickrey auctions without threshold trust

Abstract: We argue that threshold trust is not an option in most of the real-life electronic auctions. We then propose two new cryptographic Vickrey auction schemes that involve, apart from the bidders and the seller S, an auction authority A so that unless S and A collude the outcome of auctions will be correct, and moreover, S will not get any information about the bids, while A will learn bid statistics. Further extensions make it possible to decrease damage that colluding S and A can do, and to construct (m + 1)st price auction schemes. The communication complexity between the S and A in medium-size auctions is at least one order of magnitude less than in the Naor-Pinkas-Sumner scheme.

Requesting digital certificates

Abstract: A method for requesting a certificate from a certificate issuer for a public key that is associated with a corresponding private key stored by a storing entity, the method comprising: generating by means of a generating entity a certificate request message indicative of a request for a certificate; and transmitting the certificate request message to the certificate issuer; the certificate request message including an indication of the relationship between the storing entity and the generating entity.

System and method for dynamically enforcing digital rights management rules

Abstract: A system and method for enforcing digital rights management (DRM) rules in a terminal, even when the requesting rendering application is already operating. Content, which may be encrypted, is received at the terminal and securely stored. On-demand authorization is effected for the rendering application that is requesting access to the content, using secure communications between a DRM engine within the terminal and an operating system within the terminal that is augmented with a security manager adapted to engage in such secure communications. If the rendering application is found to be authorized, the DRM rules are applied to determine whether the rendering application may access the content, and if so, the content is made available to the rendering application.

Man-in-the-Middle in Tunneled Authentication Protocols

Abstract: Recently new protocols have been proposed in the IETF for protecting remote client authentication protocols by running them within a secure tunnel. Examples of such protocols are PIC, PEAP and EAP-TTLS. One goal of these new protocols is to enable the migration from legacy client authentication protocols to more secure protocols, e.g., from plain EAP type to, say, PEAP. In these protocols, the security of the subsequent session credentials are based only on keys derived during the unilateral authentication where the network server is authenticated to the client. Client authentication is mentioned as an option in PEAP and EAP-TTLS, but is not mandated. Naturally, the PIC protocol does not even oer this option, because the goal of PIC is to obtain credentials that can be used for client authentication. In addition to running the authentication protocols within such tunnel, it should also be possible to use them in legacy mode without any tunneling so as to leverage the legacy advantages such as widespread use. In this paper we show that in practical situations, such a mixed mode usage opens up the possibility to run a man-in-the-middle attack for impersonating the legitimate client. For those well-designed client authentication protocols that already have a sucient level of security, the use of tunneling in the proposed form is a step backwards because they introduce a new vulnerability. The problem is due to the fact that the legacy client authentication protocol is not aware if it is run in protected or unprotected mode. We propose to solve the discovered problem by using a cryptographic binding between the client authentication protocol and the protection protocol.

Method for generating proxy signatures

Abstract: Method for sharing the authorization to use specific resources among multiple devices, which resources are accessible via messages on which a secret key operation was applied with a predetermined secret master key (d) available at a master device (11). In order to provide an optimized sharing of authorization, the master device (11) splits the secret master key (d) into two parts (d1,d2). A piece of information relating to the first part (d1) of the secret master key (d) is forwarded to the slave device (13) for enabling this slave device to perform a partial secret key operation on a message (m). The second part (d2) of the secret master key (d) is forwarded to a server (12) for enabling the server (12) to perform partial secret key operations on a message (m) received from the slave device (13). The slave device (13) is also enabled to act as delegator to other slave devices, by splitting the first part (d1) of the secret master key (d) into two parts (d11,d'21), and proceeding in basically the same way as the master device during the original delegation.

A method, system and computer program product for secure ticketing in a communications device

Abstract: Method, system and computer product for secure ticketing in a personal device (100). In particular, the method, system and computer program product utilizes cryptography and an external, read write security element (212 and 104) to secure transmit and store critical data utilized by users of a personal trusted device (100). Using the present invention, third parties can prevent the fraudulent use to third-party services without detection.

Linked authentication protocols

Abstract: A method for authenticating a terminal in a communication system, the terminal comprising identification means for applying authentication functions to input data to form response data, and the communication system being arranged to utilise a first authentication protocol for authentication of the terminal, wherein an authentication functionality and the terminal share challenge data, the terminal forms response data and a first key by applying the authentication functions to the challenge data by means of the identification means, and returns the response data to the authentication functionality, and the authentication functionality authenticates the terminal by means of the response data and can apply an authentication function to the challenge data to duplicate the first key; the method comprising; executing a second authentication protocol wherein the terminal authenticates the identity of a network entity and the terminal and the network entity share a second key for use in securing subsequent communications between the terminal and the network entity; and subsequently executing a third authentication protocol by the steps of: sharing challenge data between the network entity and the terminal; forming at the terminal test data by at least applying one of the authentication functions to the challenge data by means of the identification means; transmitting a message comprising authentication data, from the terminal to the network entity; and determining based on the authentication data whether to provide the terminal with access to a service; wherein in the determining step the terminal is provided with access to the service only if the authentication data equals a predetermined function of at least the test data and the second key.

Method, system and devices for transferring accounting information

Abstract: A method in a system for transferring accounting information, a system for transferring accounting information, a method in a terminal, a terminal, a method in an Extensible Authentication Protocol (EAP) service authorization server, an EAP service authorization server, a computer program, a computer program, an Extensible Authentication Protocol response (EAP-response) packet. The method in a system comprises: metering data related to a service used by at least one terminal, providing the metered data as accounting information to at least one Extensible authentication Protocol (EAP) service authorization server, sending, by means of an Extensible Authentication Protocol request (EAP-request), a service authorization request from said at least one EAP service authorization server to said at least one terminal, digitally signing accounting information, in said at leas one terminal, including, at said at least one terminal, the digitally signed accounting information in an Extensible Authentication Protocol response (EAP-response), and sending the digitally signed accounting information to an AAA-server.

Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device

Abstract: Method, system and computer program product for implementing a trusted counter in a personal communication device. In particular, the method, system and computer program product utilizes cryptography and an external, read-write storage device that stores important state information that cannot be modified without detection. Using the present invention, the counter can be implemented in a personal even if state information is stored in an insecure storage device.

Efficient electronic auction schemes with privacy protection

Abstract: The present invention is for use in an electronic auction and in an electronic second price sealed bid auction. The present invention is an efficient and secure privacy protection method and system that protects the opening of sealed bids during a sealed bid auction and preventing fraudulent attempts. The system includes are bidders, an auctioneer, and a semi-trusted third party, each of which is provided with a terminal or a computer system capable of sending and receiving information. The terminals of the bidders communicate with a computer system of the auctioneer over a first network and the computer system of the auctioneer communicates with a computer system of the semi-trusted party over a second network. The first and second networks are either radio or fixed networks.

A method, system and computer program product for integrity-protected storage in a personal communication device

Abstract: Method, system and computer program product for achieving integrity-protected storage in a personal communication device (100) by implementing DRM in a personal communication device (100). In particular, the method, system and computer program product utilizes cryptography and an external, read-write storage device (103) that stores important state information that need not be secret, but should be unmodifable or replayable without detection. Using the present invention, the integrity of data storage in a personal communication can be assured even if data is stored in an insecure storage device (105).

Method and apparatus for reducing the use of signalling plane in certificate provisioning procedures

Abstract: Method and apparatus for dealing with digital certificate requests in a mobile telecommunications network. A request for a digital certificate is sent from a subscriber to a network element via the network, the request including a first part and a second part. The first part is sent via an authenticated communication channel of the network and the second part is sent via an unprotected communication channel of the network.