公开(公告)号：US20170324545A1

公开(公告)日：2017-11-09

申请号：US15146707

申请日：2016-05-04

申请人： International Business Machines Corporation

发明人： Marcus Brandenburger ,  Franz-Stefan Preiss ,  Kai Samelin ,  Dieter M. Sommer

IPC分类号： H04L9/00 ,  H04L29/06 ,  H04L9/32 ,  H04L9/30 ,  H04L9/14

CPC分类号： H04L9/006 ,  H04L9/3257 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/062 ,  H04L63/0823 ,  H04L2463/121

摘要： In a computer-implemented method for signing a message by a user device of a public key infrastructure (PKI) system, the message and a user public key are sent to at least one attestation server and a server signature on the message is received from the attestation server. The server signature attests the validity of the user public key and is bound to the user public key and the message. The message and the server signature are signed with a user private key, thereby providing a user signature on the message. An attestation server and a related computer program product are also provided.

公开(公告)号：US20170272254A1

公开(公告)日：2017-09-21

申请号：US15612584

申请日：2017-06-02

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Jan L. Camenisch ,  Anja Lehmann ,  Gregory Neven

IPC分类号： H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC分类号： H04L9/3257 ,  H04L9/085 ,  H04L9/321 ,  H04L9/3226 ,  H04L63/083 ,  H04L2209/04 ,  H04L2209/34

摘要： A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

公开(公告)号：US20170207920A1

公开(公告)日：2017-07-20

申请号：US15478867

申请日：2017-04-04

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Jan L. Camenisch ,  Anja Lehmann ,  Gregory Neven

IPC分类号： H04L9/32 ,  H04L9/08 ,  H04L29/06

CPC分类号： H04L9/3257 ,  H04L9/085 ,  H04L9/321 ,  H04L9/3226 ,  H04L63/083 ,  H04L2209/04 ,  H04L2209/34

摘要： A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

公开(公告)号：US09667428B2

公开(公告)日：2017-05-30

申请号：US14669976

申请日：2015-03-26

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Jan L. Camenisch ,  Anja Lehmann ,  Gregory Neven

IPC分类号： H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3257 ,  H04L9/085 ,  H04L9/321 ,  H04L9/3226 ,  H04L63/083 ,  H04L2209/04 ,  H04L2209/34

摘要： A method and system configured to produce a cryptographic signature on a message, under a key, at a user computer wherein the key is shared between the user computer, which stores a first key-share, and an authentication computer, which stores a second key-share and a first authentication value. The user computer encodes the message to produce a blinded message, produces the first authentication value from a user password and a secret value, and produces a second authentication value by encoding the first authentication value and a nonce. The authentication computer uses the nonce to determine if the first authentication value is correct and, if so, encodes the blinded message using the second key-share to produce a partial signature. The user computer produces a signature on the message under the key by encoding the partial signature and the message using the first key-share and an unblinding function.

公开(公告)号：US20160285638A1

公开(公告)日：2016-09-29

申请号：US14668657

申请日：2015-03-25

申请人： Intel Corporation

发明人： ADRIAN R. PEARSON ,  JASON COX ,  JAMES CHU

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F12/14

CPC分类号： H04L9/3271 ,  G06F12/1408 ,  G06F21/52 ,  G06F21/6218 ,  G06F2212/1052 ,  G06F2221/2139 ,  H04L9/3234 ,  H04L9/3257 ,  H04L63/061 ,  H04L63/0823 ,  H04L63/0853

摘要： Various embodiments are directed to a system for accessing a self-encrypting drive (SED) based on a blind challenge authentication response mechanism (BCRAM). An SED may be authenticated within a system, for example, upon resuming from a sleep state, based on a challenge generated within the SED, signed using a private key by a trusted execution environment (TEE) and authenticated using a corresponding public key within the SED.

摘要翻译： 各种实施例针对基于盲挑战认证响应机制（BCRAM）访问自加密驱动器（SED）的系统。 SED可以在系统内进行身份验证，例如，在从休眠状态恢复时，基于在SED内生成的质询，由可信执行环境（TEE）使用私钥进行签名，并使用在该内部的相应公钥进行认证 SED。

公开(公告)号：US09385872B2

公开(公告)日：2016-07-05

申请号：US14439955

申请日：2013-10-10

申请人： International Business Machines Corporation

发明人： Jan Camenisch ,  Anja Lehmann ,  Gregory Neven

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  H04L9/0897 ,  H04L9/3221 ,  H04L9/3234 ,  H04L9/3257 ,  H04L63/061 ,  H04L63/0807 ,  H04L2209/42

摘要： Effecting reissue in a data processing system of a cryptographic credential certifying a set of attributes, the credential being initially bound to a first secret key stored in a first processing device. A backup token is produced using the first device and comprises a commitment to said set of attributes and first proof data permitting verification that the set of attributes in said commitment corresponds to the set of attributes certified by said credential. At a second processing device, a second secret key is stored and blinded to produce a blinded key. A credential template token produced from the backup token and the blinded key is sent to a credential issuer where said verification is performed using the first proof data and the credential template token is used to provide a reissued credential, certifying said set of attributes, to the second device, the reissued credential being bound to the second secret key.

摘要翻译： 在验证一组属性的加密凭证的数据处理系统中重新发行，该证书最初被绑定到存储在第一处理设备中的第一秘密密钥。 使用第一设备产生备份令牌，并且包括对所述一组属性的承诺和允许验证所述承诺中的一组属性对应于由所述凭证认证的属性集合的第一证明数据。 在第二处理装置中，第二秘密密钥被存储和蒙蔽以产生盲密钥。 从备份令牌和盲密钥产生的凭证模板令牌被发送到证书颁发者，其中使用第一证明数据执行所述验证，并且使用凭证模板令牌来提供重新签发的证书，证明所述一组属性， 第二设备，重新颁发的凭证被绑定到第二密钥。

公开(公告)号：US20120297196A1

公开(公告)日：2012-11-22

申请号：US13562932

申请日：2012-07-31

申请人： Jan Camenisch

发明人： Jan Camenisch

IPC分类号： H04L9/28

CPC分类号： G06F21/602 ,  G06F21/33 ,  G06F21/57 ,  G06Q20/382 ,  G06Q20/3829 ,  G06Q20/401 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3257

摘要： A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.

摘要翻译： 公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备可执行的交易的私密性的方法和系统。 该系统包括提供发行者公钥的发行者; 具有用于生成第一组认证签名值的安全模块的用户设备; 一个用于提供授权公共密钥和发出第二认证价值的隐私认证机构计算机; 以及验证计算机，用于利用所述授权公钥用所述颁发者公开密钥和所述认证签名值的有效性来检查所述第一认证签名值集合的有效性，所述第二认证签名值集合可由所述认证签名值导出 来自第二证明的用户设备值，其中可证实两组认证签名值与用户设备相关。

公开(公告)号：US20120297185A1

公开(公告)日：2012-11-22

申请号：US13562940

申请日：2012-07-31

申请人： Jan Camenisch

发明人： Jan Camenisch

IPC分类号： H04L9/32

CPC分类号： G06F21/602 ,  G06F21/33 ,  G06F21/57 ,  G06Q20/382 ,  G06Q20/3829 ,  G06Q20/401 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3257

摘要： A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.

公开(公告)号：US20110099113A1

公开(公告)日：2011-04-28

申请号：US12960822

申请日：2010-12-06

申请人： Ahmed Ibrahim Al-Herz ,  Mohammad K. Ibrahim

发明人： Ahmed Ibrahim Al-Herz ,  Mohammad K. Ibrahim

IPC分类号： G06Q20/00

CPC分类号： H04L9/006 ,  G06Q20/02 ,  G06Q20/06 ,  G06Q20/0658 ,  G06Q20/363 ,  G06Q20/3678 ,  G06Q20/38215 ,  G06Q20/3825 ,  H04L9/3257 ,  H04L2209/42 ,  H04L2209/56

摘要： Virtual account based digital cash protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting virtual account based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into virtual account based digital cash by a digital cash issuer. All pseudonyms can be used for spending the virtual account based digital cash. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending virtual cash based digital cash under a pseudonym.

摘要翻译： 基于虚拟账户的数字现金协议使用盲目数字签名和假名认证与至少两对公钥和私钥的组合。 为用户提供一对专用和公共密钥以及根据需要的私钥和公钥的多个假名对。 所产生的基于虚拟帐户的混合协议结合了盲数字签名和假名认证的优点。 基于主对密钥的盲人数字签名用于根据用户的真实身份从用户的银行帐户提取数字现金。 一对假键对用于通过数字现金发行商将数字现金转换成基于虚拟账户的数字现金。 所有假名可用于支付基于虚拟帐户的数字现金。 这些协议确保在用户真实身份下从用户帐户中提取数字现金时匿名，除了以假名虚拟现金为基础的数字现金提供假名认证。

公开(公告)号：US07877331B2

公开(公告)日：2011-01-25

申请号：US11851265

申请日：2007-09-06

申请人： Ahned Ibrahim Al-Herz ,  Mohammad K. Ibrahim

发明人： Ahned Ibrahim Al-Herz ,  Mohammad K. Ibrahim

IPC分类号： G06Q20/00

CPC分类号： H04L9/3234 ,  G06Q20/108 ,  G06Q20/3672 ,  G06Q20/3674 ,  G06Q20/3678 ,  G06Q20/382 ,  G06Q20/401 ,  G06Q30/0222 ,  G06Q40/00 ,  H04L9/006 ,  H04L9/3257 ,  H04L2209/42 ,  H04L2209/56

摘要： Digital cash token protocols use a combination of blind digital signatures and pseudonym authentication with at least two pairs of public and private keys. A user is provided with one master pair of private and public keys and as many pseudonym pairs of private and public keys as desired. The resulting digital cash token based hybrid protocols combine the advantages of blind digital signature and pseudonym authentication. Blind digital signatures based on the master pair of keys are used to withdraw digital cash from the user's bank account under the user's real identity. A pseudonym pair of keys is used for converting digital cash into digital cash tokens by a digital cash issuer. All pseudonyms can be used for spending the digital cash tokens. These protocols ensure anonymity when withdrawing digital cash from the user's account under the user's real identity in addition to providing pseudonym authentication when spending digital cash tokens under a pseudonym.

摘要翻译： 数字现金令牌协议使用盲目数字签名和假名认证与至少两对公钥和私钥的组合。 为用户提供一对专用和公共密钥以及根据需要的私钥和公钥的多个假名对。 所得到的基于数字现金令牌的混合协议结合了盲数字签名和假名认证的优点。 基于主对密钥的盲人数字签名用于根据用户的真实身份从用户的银行帐户提取数字现金。 一对假键对用于通过数字现金发行商将数字现金转换为数字现金令牌。 所有的假名可用于支付数字现金令牌。 这些协议确保在用户真实身份下从用户帐户中提取数字现金时匿名，除了在以假名号码使用数字现金令牌的情况下提供假名认证。