Claims
- 1. A method for use in a device associated with a first party, performed in association with a device associated with a second party, for delegating authorization to perform a function from the second party device to a device associated with a third party, the method comprising the steps of:
generating in the first party device a request for the partial assistance of the second party device in delegating authorization of the function to the third party device; transmitting the request from the first party device to the second party device; receiving results in the first party device generated by the second party device based on the partial assistance provided by the second party device; and using at least a portion of the received results in the first party device to delegate authorization.
- 2. The method of claim 1, wherein the second party is the same as the third party.
- 3. The method of claim 1, wherein the first party device is a client device and the second and third party devices are servers.
- 4. The method of claim 1, wherein the data stored on the first party device has a piece of secret information associated therewith which is included in the request, and further wherein the partial assistance is provided by the second party device when a verification is made by the second party device, based on the piece of secret information, that the first party sent the request.
- 5. The method of claim 1, wherein the function being delegated is a password-checking operation.
- 6. The method of claim 1, wherein at least a portion of data stored on the first party device was constructed by generating a first share, a second share and a third share of a value associated with the first party device.
- 7. The method of claim 6, wherein the first share is constructed so that the share can be generated from a piece of secret information associated with the first party and information stored on the first party device.
- 8. The method of claim 7, wherein the data stored on the first party device comprises an encryption of at least a portion of the third share of the value in accordance with a public key associated with the second party device so as to generate cryptographic information.
- 9. The method of claim 8, wherein the request generated in the first party device comprises the cryptographic information.
- 10. The method of claim 9, wherein the share in the request is split at the second party device such that a portion of a third party share is generated at the second party device.
- 11. The method of claim 10, wherein the step of using at least a portion of the received results in the first party device to delegate authorization comprises generating at least one value, using at least the portion of the third party share generated by the second party device, for subsequent use between the first party device and the third party device in performing the function.
- 12. The method of claim 6, wherein the value associated with the first party device is a private key.
- 13. The method of claim 12, wherein the private key is used to perform a private key operation between the first party device and the a third party device.
- 14. The method of claim 13, wherein the private key operation comprises a decryption operation.
- 15. The method of claim 14, wherein the decryption operation comprises an ElGamal protocol.
- 16. The method of claim 13, wherein the private key operation comprises a signature operation.
- 17. The method of claim 16, wherein the signature operation comprises an RSA protocol.
- 18. The method of claim 1, wherein the third party device is a token in the possession of the first party.
- 19. A method for use in a device associated with a first party, performed in association with a device associated with a second party, for assisting in delegating authorization to perform a function from the first party device to a device associated with a third party, the method comprising the steps of:
receiving a request generating in and transmitted by the second party device for the partial assistance of the first party device in delegating authorization of the function to the third party device; and generating results in the first party device based on the partial assistance provided thereby for use in the second party device to delegate authorization.
- 20. The method of claim 19, wherein the first party is the same as the third party.
- 21. The method of claim 19, wherein the first and third party devices are servers and the second party device is a client device.
- 22. The method of claim 19, wherein at least a portion of data stored on the second party device was constructed by generating a first share, a second share and a third share of a value associated with the second party device.
- 23. The method of claim 22, wherein the first share is constructed so that the share can be generated from apiece of secret information associated with the second party and information stored on the second party device.
- 24. The method of claim 23, wherein the data stored on the second party device comprises an encryption of at least a portion of the third share of the value in accordance with a public key associated with the first party device so as to generate cryptographic information.
- 25. The method of claim 24, wherein the request generated in the second party device comprises the cryptographic information.
- 26. The method of claim 25, wherein the share in the request is split at the first party device such that a portion of a third party share is generated at the first party device.
- 27. The method of claim 26, wherein the use of at least a portion of the generated results in the second party device to delegate authorization comprises generating at least one value, using at least the portion of the third party share generated by the first party device, for subsequent use between the second party device and the third party device in performing the function.
- 28. Apparatus for use in a device associated with a first party, in association with a device associated with a second party, for delegating authorization to perform a function from the second party device to a device associated with a third party, the apparatus comprising:
at least one processor operable to: (i) generate in the first party device a request for the partial assistance of the second party device in delegating authorization of the function to the third party device; (ii) transmit the request from the first party device to the second party device; (iii) receiving results in the first party device generated by the second party device based on the partial assistance provided by the second party device; and (iv) using at least a portion of the received results in the first party device to delegate authorization; and memory, coupled to the at least one processor, for storing at least a portion of results associated with one or more operations performed by the processor.
- 29. Apparatus for use in a device associated with a first party, in association with a device associated with a second party, for assisting in delegating authorization to perform a function from the first party device to a device associated with a third party, the apparatus comprising:
at least one processor operable to: (i) receive a request generating in and transmitted by the second party device for the partial assistance of the first party device in delegating authorization of the function to the third party device; and (ii) generate results in the first party device based on the partial assistance provided thereby for use in the second party device to delegate authorization; and memory, coupled to the at least one processor, for storing at least a portion of results associated with one or more operations performed by the processor.
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority to the U.S. provisional patent application identified as Serial No. 60/300,993 filed on Jun. 26,2001, and entitled “Delegation of Cryptographic Servers for Capture-Resilient Devices,” the disclosure of which is incorporated by reference herein.
[0002] This application is related to the commonly-assigned U.S. patent application identified as Ser. No. 10/072,331 filed on Feb. 7, 2002, and entitled “Methods and Apparatus for Providing Networked Cryptographic Devices Resilient to Capture,” the disclosure of which is incorporated by reference herein.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60300993 |
Jun 2001 |
US |