-
1.发明授权Maintaining privacy for transactions performable by a user device having a security module 失效维护具有安全模块的用户设备执行的事务的隐私公开(公告)号:US08285647B2
公开(公告)日:2012-10-09
申请号:US12547051
申请日:2009-08-25
申请人: Jan Camenisch
发明人: Jan Camenisch
CPC分类号: G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要: The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译: 本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。 该系统包括提供发行者公钥PKI的发行者; 具有用于生成第一组认证签名值DAA1的安全模块的用户设备; 用于提供授权公钥PKPCA并发出第二认证值AV2的隐私认证机构计算机; 以及验证计算机,用于使用发行者公开密钥PKI和第二证书签名值DAA2的有效性与权限公钥PKPCA,第二证书签名集合来检查第一认证签名值DAA1的有效性 值DAA2可由用户设备20从第二认证值AV2导出,其中可证实两组认证签名值DAA1,DAA2与用户设备有关。
-
公开(公告)号:US07543139B2
公开(公告)日:2009-06-02
申请号:US10325790
申请日:2002-12-19
申请人: Jan Camenisch , Anna Lysyanskaya
发明人: Jan Camenisch , Anna Lysyanskaya
IPC分类号: H04L9/00
CPC分类号: H04L9/3255 , H04L9/3218 , H04L9/3268 , H04L2209/42
摘要: In accordance with the present invention, there is given methods, systems and apparatus for revoking a derived credential formed from an initial credential and an indication value within a network. An example method comprises the steps of: updating an accumulator value based on a plurality of user credential keys where each user credential key is associated with a user device entitled to the derived credential; providing public information that comprises a public key for verifying the initial credential and the accumulator value; an entity receiving from a user device derived-credential information comprising an initial-credential information and an indication-value information indicating that the user credential key is inherently included in the accumulator value, and request information; and, processing the request information in response to verifying by the entity that the initial-credential information and the indication-value information are valid.
摘要翻译: 根据本发明,给出了用于撤销由网络内的初始凭证和指示值形成的导出凭证的方法,系统和装置。 一个示例性方法包括以下步骤:基于多个用户证书密钥更新累加器值,其中每个用户凭证密钥与被授权获得的凭证的用户设备相关联; 提供包括用于验证初始凭证和累加器值的公开密钥的公共信息; 从用户设备接收的实体 - 包括初始凭证信息和表示用户凭证密钥固有地包括在累加器值中的指示值信息的凭证信息和请求信息; 以及响应于所述实体验证所述初始凭证信息和所述指示值信息是有效的,来处理所述请求信息。
-
公开(公告)号:US20080229097A1
公开(公告)日:2008-09-18
申请号:US12126978
申请日:2008-05-26
IPC分类号: H04L9/32
CPC分类号: H04L9/3218 , H04L9/3234 , H04L2209/80
摘要: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译: 用于隐私保护计算平台完整性认证的系统,设备和方法。 用于隐私保护计算平台(P)的完整性认证的示例方法具有可信平台模块(TPM),并且包括以下步骤。 首先,计算平台(P)接收配置值(PCR1 ... PCRn)。 然后,通过可信平台模块(TPM),确定取决于计算平台(P)的配置的配置值(PCRp)。 在进一步的步骤中,配置值(PCRp)通过可信平台模块进行签名。 最后,如果配置值(PCRp)是接收到的配置值(PCR1 ... PCRn)之一,则计算平台(P)向验证者(V)证明其知道签名(sign(PCRp ))接收配置值之一(PCR1 ... PCRn)。
-
公开(公告)号:US20070245138A1
公开(公告)日:2007-10-18
申请号:US10575158
申请日:2004-08-20
申请人: Jan Camenisch
发明人: Jan Camenisch
IPC分类号: H04L9/30
CPC分类号: G06F21/577 , G06F21/64 , G06F21/645 , H04L9/3257 , H04L2209/127 , H04L2209/42
摘要: The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device (20) having a security module (22) that provides a module public key (PKTPM) and a security module attestation value (DAA), the user device (20) providing a user public key (PKUC) that inherently comprises none, one, or more user determined attribute value (x, y) and a proof value demonstrating that the user public key (PKUC) is validly derived from the module public key (PKTPM) of the security module (22); an attester computer (30) that provides none, one, or more attester determined attribute value (w, z) and an attestation value (cert) that bases on an attester secret key (SKAC), the user public key (PKUC), and an anonymous attribute value (w, z); and a verification computer (40) for verifying whether or not (i) the user attestation-signature value (DAA′) was validly derived from the security module attestation value (DAA) provided by the security module (22) and the attestation value (cert), and (ii) the attestation value (cert) is associated with a subset (B, D) of at least one attribute, each attribute in the subset (B, D) having a revealed attribute value (x, z).
-
5.发明申请Maintaining Privacy for Transactions Performable by a User Device Having a Security Module 有权维护具有安全模块的用户设备可执行的事务的隐私公开(公告)号:US20070244833A1
公开(公告)日:2007-10-18
申请号:US10575045
申请日:2004-08-20
申请人: Jan Camenisch
发明人: Jan Camenisch
IPC分类号: G06Q20/00
CPC分类号: G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要: The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译: 本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。 该系统包括提供发行者公钥PKI的发行者; 用户设备具有用于生成第一组认证签名值DAA 1的安全模块; 用于提供授权公钥PKPCA并发出第二证明值AV 2的隐私认证机构计算机; 以及验证计算机,用于使用发行者公开密钥PKI和第二组认证签名值DAA 2的有效性公钥PKPCA来检查第一认证签名值DAA 1的有效性,第二组认证 由用户设备20从第二证明值AV 2导出的签名值DAA 2,其中可证实两组认证签名值DAA 1,DAA 2与用户设备有关。
-
公开(公告)号:US20130007461A1
公开(公告)日:2013-01-03
申请号:US13612263
申请日:2012-09-12
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , G06Q20/0453 , H04L2209/42 , H04L2209/56
摘要: A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.
摘要翻译: 一种用于验证提供公共密钥基础设施的通信系统中的电子收据的所有权的系统和方法,所述验证是由在第一方和验证方之间发送和接收的一系列消息产生的,所述方法包括以下步骤:接收 来自第一方的证明消息,证明消息基于由第一方所拥有的秘密从至少第一公钥导出,并且其中该秘密至少与第一方的另一个公钥的秘密相关联;以及 通过用第二公开密钥电子地签署请求消息而发出的电子收据,确定证明消息是否从第二公开密钥导出。
-
公开(公告)号:US20120296829A1
公开(公告)日:2012-11-22
申请号:US13574086
申请日:2010-11-12
申请人: Jan Camenisch , Maria Dubovitskaya , Gregory Neven
发明人: Jan Camenisch , Maria Dubovitskaya , Gregory Neven
CPC分类号: G06Q20/401 , G06Q20/367 , G06Q20/38 , G06Q30/0603 , G06Q2220/00
摘要: A protocol that allows customers to buy database records while remaining fully anonymous, i.e. the database server does not learn who purchases a record, and cannot link purchases by the same customer; the database server does not learn which record is being purchased, nor the price of the record that is being purchased; the customer can only obtain a single record per purchase, and cannot spend more than his account balance; the database server does not learn the customer's remaining balance. In the protocol customers keep track of their own balances, rather than leaving this to the database server. The protocol allows customers to anonymously recharge their balances.
摘要翻译: 一种协议,允许客户在完全匿名的情况下购买数据库记录,即数据库服务器不会了解谁购买记录,并且无法链接同一客户的购买; 数据库服务器不了解正在购买哪个记录,也不知道正在购买的记录的价格; 客户只能获得每次购买的单个记录,不能超过其账户余额; 数据库服务器不会了解客户的余额。 在协议中,客户跟踪自己的余额,而不是将其留给数据库服务器。 该协议允许客户匿名补充余额。
-
公开(公告)号:US08122245B2
公开(公告)日:2012-02-21
申请号:US12167488
申请日:2008-07-03
申请人: Jan Camenisch
发明人: Jan Camenisch
IPC分类号: H04L29/06
CPC分类号: G06Q30/04 , H04L9/3234 , H04L9/3247 , H04L2209/42 , H04L2209/56
摘要: Methods and systems for anonymity revocation, enabling a trusted entity to identify a user computer within an anonymous system. A system comprises an attester computer providing attestation value cert from a security module public key and an identifying value. The user computer having a module providing the module public key and a security module attestation value, the user computer providing a user public key, a user attestation-signature value derived from the attestation value cert, and an encryption computable under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; a verification computer verifying validity of received user attestation-signature value and the encryption; and a trusted entity having a trusted entity secret key, wherein the trusted entity is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.
摘要翻译: 用于匿名撤销的方法和系统,使可信实体能够识别匿名系统内的用户计算机。 系统包括从安全模块公开密钥和识别值提供认证价值证书的服务器计算机。 具有提供模块公钥的模块和安全模块认证值的用户计算机,提供用户公开密钥的用户计算机,从认证值证书导出的用户认证签名值,以及可信任的使用中可计算的加密, 实体公钥和模块生成标识符值,与识别值相关的模块生成标识符值; 验证接收到的用户认证签名值和加密的有效性的验证计算机; 以及具有可信实体秘密密钥的可信实体,其中所述可信实体能够从所述加密中导出所述模块生成的标识符值,所述模块生成的标识符值可用于使用所述安全模块来标识所述用户计算机。
-
9.发明授权Maintaining privacy for transactions performable by a user device having a security module 有权维护具有安全模块的用户设备执行的事务的隐私公开(公告)号:US07822689B2
公开(公告)日:2010-10-26
申请号:US10575045
申请日:2004-08-20
申请人: Jan Camenisch
发明人: Jan Camenisch
CPC分类号: G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要: The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation-signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译: 本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。 该系统包括提供发行者公钥PKI的发行者; 具有用于生成第一组认证签名值DAA1的安全模块的用户设备; 用于提供授权公钥PKPCA并发出第二认证值AV2的隐私认证机构计算机; 以及验证计算机,用于使用发行者公开密钥PKI和权威公钥PKPCA来检查第一认证签名值DAA1的有效性和第二认证签名值DAA2的有效性,第二认证 - 签名值DAA2可由用户设备20从第二认证值AV2导出,其中可验证两组认证签名值DAA1,DAA2与用户设备有关。
-
公开(公告)号:US07490069B2
公开(公告)日:2009-02-10
申请号:US10448098
申请日:2003-05-29
申请人: Jan Camenisch
发明人: Jan Camenisch
CPC分类号: G06Q20/02 , G06Q20/027 , G06Q20/06 , G06Q20/12 , G06Q20/3823 , G06Q20/3829 , G06Q20/383 , G06Q20/401 , G06Q20/42 , G07F7/1016 , H04L9/3263 , H04L2209/42 , H04L2209/56
摘要: The present invention relates to a method for verifying an anonymous payment by a defined party in a communication system providing a public key infrastructure. The method comprising the steps of (a) receiving a validation message from a merchant party, the validation message comprising a proof signature produced by a customer party and an encrypted payment message, the proof signature being derived from a customer secret key, a customer certificate, at least one customer attribute, and the encrypted payment message; (b) verifying the validity of the proof signature based on an issuing public key, a verification public key, and the encrypted payment message; (c) decrypting at least part of the encrypted payment message based on a verification secret key corresponding to the verification public key, thereby obtaining a customer information related to the at least one customer attribute. In the event of the validity of the proof signature (d) the obtained customer information is used for initializing the authorization of the payment.
摘要翻译: 本发明涉及一种用于在提供公钥基础设施的通信系统中验证由定义方进行的匿名支付的方法。 该方法包括以下步骤:(a)从商家接收验证消息,所述验证消息包括由客户方产生的证明签名和加密的支付消息,所述证明签名是从客户秘密密钥导出的,客户证书 ,至少一个客户属性和加密的支付消息; (b)基于发行公钥,验证公钥和加密的支付消息来验证证明签名的有效性; (c)基于与所述验证公开密钥对应的验证密钥对所述加密支付消息的至少一部分进行解密,从而获得与所述至少一个客户属性相关的客户信息。 如果证明签名有效(d),则获得的客户信息用于初始化付款授权。
-
-
-
-
-
-
-
-
-
搜索结果
49 条记录 (耗时 0.021 秒)
