Direct anonymous attestation scheme with outsourcing capability
    31.
    发明申请
    Direct anonymous attestation scheme with outsourcing capability 有权
    具有外包能力的匿名认证方案

    公开(公告)号:US20100082973A1

    公开(公告)日:2010-04-01

    申请号:US12286303

    申请日:2008-09-29

    IPC分类号: H04L9/32 H04L9/00

    摘要: A Direct Anonymous Attestation (DAA) scheme using elliptic curve cryptography (ECC) and bilinear maps. A trusted platform module (TPM) may maintain privacy of a portion of a private membership key from an issuer while joining a group. Moreover, the TPM can outsource most of the computation involved in generating a signature to a host computer.

    摘要翻译: 使用椭圆曲线加密(ECC)和双线性映射的直接匿名证明(DAA)方案。 可信平台模块(TPM)可以在加入组时从发行商维护私有成员密钥的一部分的隐私。 此外,TPM可以将生成签名所涉及的大部分计算外包给主机。

    CRYPTOGRAPHIC KEY GENERATION BASED ON MULTIPLE BIOMETRICS
    32.
    发明申请
    CRYPTOGRAPHIC KEY GENERATION BASED ON MULTIPLE BIOMETRICS 有权
    基于多重生物学的克隆关键生成

    公开(公告)号:US20150095654A1

    公开(公告)日:2015-04-02

    申请号:US14126469

    申请日:2013-09-30

    IPC分类号: H04L9/32

    CPC分类号: H04L9/0866 G06F21/60

    摘要: In an embodiment, an apparatus includes a processor including a first core. The first core includes multi-biometric logic to output first biometric data wi (i=1 to n, n≧2), each wi determined based on a corresponding one of first biometric input Mi (i=1 to n, n≧2) received during a first time period. The apparatus also includes setup logic to transform a cryptographic key k via a transformation that uses the first biometric data wi, where transformation of the cryptographic key k results in output of helper data hi (i=1 to n). Other embodiments are described and claimed.

    摘要翻译: 在一个实施例中,一种装置包括包括第一核的处理器。 第一核心包括用于输出第一生物特征数据wi(i = 1至n,n≥2)的多生物统计学逻辑,每个wi基于第一生物特征输入Mi(i = 1至n,n≥2)中相应的一个确定, 在第一时期收到。 该装置还包括通过使用第一生物特征数据wi的变换来加密密钥k的设置逻辑,其中密码密钥k的变换导致帮助数据hi(i = 1至n)的输出。 描述和要求保护其他实施例。

    Method of anonymous entity authentication using group-based anonymous signatures
    33.
    发明授权
    Method of anonymous entity authentication using group-based anonymous signatures 有权
    使用基于组的匿名签名的匿名实体身份验证方法

    公开(公告)号:US08707046B2

    公开(公告)日:2014-04-22

    申请号:US13100017

    申请日:2011-05-03

    IPC分类号: H04L29/06

    摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a first entity and a second entity. The first entity remains anonymous to the second entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication between the entities, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

    摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括在第一实体和第二实体之间发起双向相互认证。 执行验证后,第一个实体对第二个实体保持匿名。 该方法还包括建立相互共享的会话密钥,用于实体之间的安全通信,其中启动和建立结合直接匿名认证(DAA)。

    Apparatus and method for a direct anonymous attestation scheme from short-group signatures
    34.
    发明授权
    Apparatus and method for a direct anonymous attestation scheme from short-group signatures 有权
    来自短组签名的直接匿名认证方案的装置和方法

    公开(公告)号:US08356181B2

    公开(公告)日:2013-01-15

    申请号:US12208989

    申请日:2008-09-11

    IPC分类号: H04L9/32

    摘要: An apparatus and method is provided for a direct anonymous attestation scheme from short-group signatures. The method may include the creation of a group public/private key pair for a trusted membership group defined by an issuer; and assigning a cryptographic pair that is combined with a unique private member value to form a private membership key. A trusted member device generates the unique private member value during a join procedure of a trusted membership group. In one embodiment, the private member value of the private membership key is unknown to the issuer. A member may sign a message with the private membership key to form a short-group digital signature that is verified using a public key of the trusted membership group to maintain anonymity of trusted member devices. A size of the private membership key may be reduced to enable storage within a trusted platform module. Other embodiments are described and claimed.

    摘要翻译: 为短组签名提供直接匿名认证方案的设备和方法。 该方法可以包括为由发行者定义的可信会员组创建组公/私钥对; 以及分配与唯一私有成员值组合的密码对以形成私有成员密钥。 受信任的成员设备在受信任的成员资格组的连接过程中生成唯一的私有成员值。 在一个实施例中,私人会员密钥的私人会员值对于发行者来说是未知的。 成员可以使用私有成员密钥签名消息,形成一个短组数字签名,该数字签名使用受信任的成员资格组的公钥进行验证,以维护受信任的成员设备的匿名性。 可以减小私有成员密钥的大小以使得能够在可信平台模块内存储。 描述和要求保护其他实施例。

    METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT
    36.
    发明申请
    METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT 有权
    非正式认证和关键协议的方法

    公开(公告)号:US20120023334A1

    公开(公告)日:2012-01-26

    申请号:US12913708

    申请日:2010-10-27

    IPC分类号: H04L9/32

    摘要: Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

    摘要翻译: 提出匿名认证和密钥交换的方法。 在一个实施例中,一种方法包括启动设备和远程实体之间的双向相互认证。 执行身份验证后,设备对远程实体保持匿名。 该方法还包括建立用于安全通信的相互共享的会话密钥,其中启动和建立与直接匿名认证(DAA)结合。

    Apparatus and method for direct anonymous attestation from bilinear maps
    37.
    发明授权
    Apparatus and method for direct anonymous attestation from bilinear maps 有权
    从双线性地图直接匿名认证的装置和方法

    公开(公告)号:US08078876B2

    公开(公告)日:2011-12-13

    申请号:US11778804

    申请日:2007-07-17

    IPC分类号: H04L9/32 G06F7/00 G06F7/04

    摘要: A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.

    摘要翻译: 一种从双线性地图直接匿名认证的方法和装置。 在一个实施例中,该方法包括为由发行者定义的可信会员组创建公钥/私钥对; 以及将唯一的秘密签名密钥分配给由所述发行者定义的所述可信会员组的至少一个成员设备。 在一个实施例中,使用分配的签名密钥,成员可以分配作为认证请求接收的消息以证明可信任的成员资格组内的会员资格。 在一个实施例中,使用可信会员组的公钥来验证会员的组数字签名。 因此,数字签名的验证者能够认证成员是受信任的成员资格组的实际成员,而不需要披露成员或私人成员密钥的唯一标识信息来维护可信任成员设备的匿名性。 描述和要求保护其他实施例。

    APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION
    38.
    发明申请
    APPARATUS AND METHOD FOR ISSUER BASED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION 审中-公开
    直接证明和直接匿名登记的基于发布者的装置和方法

    公开(公告)号:US20080307223A1

    公开(公告)日:2008-12-11

    申请号:US11948862

    申请日:2007-11-30

    IPC分类号: H04L9/32

    摘要: In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value BI and a plurality of revoked pseudonyms (K1, . . . , Kn) used for a plurality of suspect member keys during join procedures with an issuer. In response, the trusted hardware device issues a group denial revocation to prove that a private member key F does not match any one of a plurality of unknown, suspect keys F1 . . . Fn formed from the revoked pseudonyms, where n is an integer greater than 1 and i is and integer from 1 to n. Other embodiments are described and claimed.

    摘要翻译: 在一些实施例中,描述了用于基于颁发者的撤销直接证明和直接匿名认证的方法和装置。 在一个实施例中,可信硬件设备说服验证者信任的硬件设备拥有加密信息,而不会泄露可信硬件设备或加密信息的唯一的设备识别信息。 一旦验证者确信硬件设备具有加密信息,验证者可以向可信硬件设备发出拒绝撤销请求,包括使用基本值BI和多个撤销的假名(K1,...,Kn) 对于与发行者的连接过程中的多个可疑成员密钥。 作为响应,可信硬件设备发出组拒绝撤销,以证明私有成员密钥F不匹配多个未知的可疑密钥F1中的任何一个。 。 。 Fn由撤销的假名形成,其中n是大于1的整数,i和从1到n的整数。 描述和要求保护其他实施例。

    APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION
    39.
    发明申请
    APPARATUS AND METHOD FOR ENHANCED REVOCATION OF DIRECT PROOF AND DIRECT ANONYMOUS ATTESTATION 有权
    用于直接证明和直接匿名登录的增强的撤销的装置和方法

    公开(公告)号:US20080270790A1

    公开(公告)日:2008-10-30

    申请号:US11948861

    申请日:2007-11-30

    IPC分类号: H04L9/32 H04L9/30

    摘要: In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed.

    摘要翻译: 在一些实施例中,描述了用于增强直接证明和直接匿名证明的撤销的方法和装置。 在一个实施例中,可信硬件设备根据从验证者接收到的询问请求的撤销列表来验证受信任的成员资格组内的设备的成员资格是否被撤销。 一旦执行了此类验证,该设备就可以说服验证者拥有加密信息,而不会泄露可信硬件设备或加密信息的唯一设备识别信息。 在一个实施例中,如果验证了可信任的成员资格组内的匿名硬件设备的成员资格,那么可信硬件设备将向接收到的询问请求的消息中的数字签名计算给验证者。 在一个实施例中,验证者根据受信任的成员资格群组的公开密钥对数字签名进行认证,以使受信任的成员设备对验证者保持匿名。 描述和要求保护其他实施例。