A method for deriving a partial signature for a subset of a set of messages. The method is implemented by a partial signature derivation entity and includes: receiving the set of messages and a signature of the set of messages, the signature including signature elements of the set of messages; deriving a first verification element calculated from the messages of the set other than those of the subset; deriving a second verification element to prove that the first verification element is formed correctly; and sending to a verification entity a partial signature specific to the subset, the partial signature including a constant number of elements having at least the elements of the signature of the set of messages, the first verification element and the second verification element, the partial signature being verifiable with only messages of the subset.

A method for data exchange on a communication network, operating according to a protocol, and including a transmission bus, a first node and a second node. The first node carries out the steps of: constructing a first and a second data frame which transport first and second information data; calculating a first message authentication code as a function of the first and the second information data; constructing a third data frame which transports the first message authentication code; transmitting all of the data frames thus constructed. The second node carries out the steps of: receiving the first, the second and the third data frames; extracting the first and the second information data and the first message authentication code; calculating a second message authentication code as a function of the first and the second information data extracted; comparing the message authentication code extracted with the message authentication code calculated in order to verify the identity thereof.

Embodiments of the disclosure provide blockchain-implemented methods and systems for secure data transfer and/or storage via the use of data hiding (e.g. steganography algorithms, watermarking etc). In accordance with one aspect, a data hiding algorithm is applied multiple times to a portion of secret data to embed it in a cover file. This constructs layers of hidden data, e.g. secret data hidden in an image that is then used as secret data in a further cover file and so on. Each layer can incorporate encryption and authentication techniques to further enhance security. The final layer or a compressed version is provided within a blockchain transaction. Additionally or alternatively, the secret data can be split into a plurality of shares. This can be achieved using a splitting scheme such as, for example Shamir's Secret Sharing Scheme. Different shares of the secret data can then be encrypted before being hidden within a cover file. Different cover files can hide different shares, preferably each share being provided on the blockchain in a different transaction. To access the secret data, all of the cover files need to be identified and accessed from the blockchain, the relevant steganography, compression and encryption technique(s) applied to each, and then the secret data is reconstructed.

A device and a method implemented by computer for authorizing, to a user having access rights granted by a first operator, a completely anonymous and secure access, with no trusted third-party, to a collaborative anonymization platform and/or to a service requiring privacy properties based on such a platform operated by various operators.

A method for key generation is arranged in a client processor device, by means of which a second public client key P.sub.c′ of the client is generated. The public key P.sub.c′ is formed by a calculation, or sequence of calculations, which does not contain any operation whose result depends exclusively on the nonce s and at least one public value, or the public key P.sub.c′ being formed by a calculation, or sequence of calculations, where into each operation in which the nonce s enters, at least one non-public value enters the first private client key k.sub.c or the second private client key k.sub.c′, for example as a result of the calculation P.sub.c′=(k.sub.c′.Math.s).Math.G+(k.sub.c′.Math.k.sub.c).Math.P.sub.t.

The present invention realizes an electronic signature system with high security level in which abuse of a signature key by a system administrator is prevented. A user sets an authentication information conceived by the user himself to his/her own signature key stored in the tamper resistant device (5) via the terminal device (2). When digitally signing an electronic document, the user transmits his/her own encrypted authentication information to the tamper resistant device (5) through the terminal device (2) and asks for permission to use his/her signature key. The tamper resistant device (5) decodes the inputted authentication information, verifies the decoded authentication information, and allows the digital signing only if the correct authentication information is entered. As a result, the electronic signature system in which only a user having valid use authority for the signature key can digitally sign is built.

A server determines an array [[addr]] indicating a storage destination of each piece of data, generates an array of concealed values, and connects the generated array to the array [[addr]] to determine an array [[addr′]]. The server generates a sort permutation [[σ.sub.1]] for the array, applies the sort permutation [[σ.sub.1]] to the array [[addr′]], and converts the array [[addr′]] into an array with a sequence composed of first Z elements set to [[i]] followed by α.sub.i elements set to [[B]]. The server generates a sort permutation [[σ.sub.2]] for the converted array [[addr′]], generates dummy data, imparts the generated dummy data to the concealed data sequence, applies the sort permutations [[σ.sub.1]] and [[σ.sub.2]] to the data array imparted with the dummy data, and generates, as a secret hash table, a data sequence obtained by deleting the last N pieces of data from the sorted data array.

A terminal device verification method and an apparatus are provided. The method includes: A first network device receives a first message from a first terminal device. Then, the first network device verifies a pairing relationship between the first terminal device and a second terminal device. After the verification on the pairing relationship between the first terminal device and the second terminal device succeeds, the first network device sends a second message to the first terminal device, where the second message include first indication information, and the first indication information is used to indicate a pairing result of the first terminal device and the second terminal device. The pairing relationship between the first terminal device and the second terminal device is verified, so that the first terminal device and the second terminal device can be securely paired, to improve use security of the first terminal device and the second terminal device.

A communication apparatus establishes, in a case where a second radio link is established with a partner apparatus in communication in addition to an already established first radio link, the second radio link using information obtained by authentication processing executed at the time of establishing the first radio link.

A communication apparatus establishes, in a case where a second radio link is established with a partner apparatus in communication in addition to an already established first radio link, the second radio link using information obtained by authentication processing executed at the time of establishing the first radio link.