-
公开(公告)号:US08412937B2
公开(公告)日:2013-04-02
申请号:US12097404
申请日:2006-11-27
IPC分类号: G04L9/32
CPC分类号: H04L9/3026 , H04L9/0844 , H04L2209/805
摘要: A method is presented for enabling authentication of a prover in a Radio Frequency Identification system comprising the prover and a verifier, the method comprising the steps of: the prover sending a prover identifier and a parent identifier to the verifier, the verifier sending a verifier identifier to the prover, the prover calculating a first common secret by means of a prover polynomial, where an unknown in the prover polynomial is substituted by a result calculated using a function of at least the verifier identifier, and the verifier calculating the first common secret by means of a first verifier polynomial, wherein a first unknown in the first verifier polynomial is substituted by the prover identifier and a second unknown in the first verifier polynomial is substituted by the parent identifier, the prover creating a first message by modulating a first core secret with regard to at least the first common secret, aid prover sending the first message to the verifier, and the verifier creating a first candidate for the first core secret by demodulating the first message with the first common secret, whereby the candidate for the first core secret is for use in the authentication. This allows the verifier and prover to independently create a common secret, used for modulating the core secret. Furthermore, no pre-registration of the prover with the verifier is required and calculation using polynomials requires little processing power. A corresponding system, prover and verifier are also presented.
摘要翻译: 提供了一种用于在包括证明者和验证者的射频识别系统中验证证明者的方法,所述方法包括以下步骤:证明者向验证者发送证明者标识符和父标识符,验证者发送验证者标识符 证明者通过证明者多项式计算第一公共秘密,其中证明者多项式中的未知数由使用至少验证者标识符的函数计算的结果代替,并且验证者通过以下方式计算第一公共秘密: 第一验证者多项式的手段,其中,所述第一验证者多项式中的第一未知数由所述证明者标识符代替,并且所述第一验证者多项式中的第二未知被所述父标识符代替,所述证明者通过调制第一核心秘密来创建第一消息 至少第一个共同的秘密,援助证明者发送第一个消息给验证者,和veri 通过用第一公共秘密解调第一消息来创建第一核心秘密的第一候选者,由此第一核心秘密的候选者用于认证。 这允许验证者和证明者独立地创建一个共同的秘密,用于调制核心秘密。 此外,不需要具有验证者的证明者的预注册,并且使用多项式的计算需要很少的处理能力。 还提出了相应的系统,证明者和验证者。
-
公开(公告)号:US20100026461A1
公开(公告)日:2010-02-04
申请号:US12441582
申请日:2007-09-19
申请人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
发明人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
IPC分类号: H04Q5/22
CPC分类号: G06K19/0723
摘要: It is described a RFID device (231a, 231b, 231c, 331) comprising a data memory (236) and an electronic circuit arrangement (237, 238, 239, 247) coupled thereto. The electronic circuit arrangement has a first and a second operational configuration, wherein by receiving a control command (250a) the electronic circuit arrangement can be switched irreversibly from the first to the second configuration. The RFID device further comprises a communication interface (245) being coupled to the electronic circuit arrangement. In the first configuration the RFID device is adapted to communicate with a standard RFID reader (110) via the communication interface. In the second configuration the communication with the standard RFID reader is disabled and the RFID device is adapted to communicate with a readout-RFID device (370). The RFID device may be equipped with a secondary communication interface that can be used to communicate with the RFID device in a privacy-preserving manner. After the RFID device has been disabled, the secondary interface can be used to access data in a secure manner.
摘要翻译: 描述了包括数据存储器(236)和与其耦合的电子电路装置(237,238,239,247)的RFID装置(231a,231b,231c,331)。 电子电路装置具有第一和第二操作配置,其中通过接收控制命令(250a),电子电路装置可以从第一配置到第二配置不可逆地切换。 RFID设备还包括耦合到电子电路装置的通信接口(245)。 在第一配置中,RFID设备适于经由通信接口与标准RFID读取器(110)进行通信。 在第二配置中,禁止与标准RFID读取器的通信,并且RFID设备适于与读出RFID设备(370)通信。 RFID设备可以配备有可以以隐私保护的方式与RFID设备通信的辅助通信接口。 在RFID设备被禁用之后,辅助接口可以用于以安全的方式访问数据。
-
公开(公告)号:US20080052772A1
公开(公告)日:2008-02-28
申请号:US10596668
申请日:2004-12-13
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , G06F21/6254 , H04L9/3218 , H04L9/3263 , H04L63/0407 , H04L63/102 , H04L2209/42 , H04L2209/56 , H04L2209/60
摘要: The invention proposes a method to provide privacy for users or a user from a group of users with respect to authorizations they are granted, where such authorizations are expressed using digital authorization certificates, and with respect to domain certificates in case of groups of users. The idea is to conceal the user identity in the certificates, while the certificate itself remains in the clear. In this way, certificates can be widely and openly available, e.g. in a public network, without a random observer being able to link a user to an authorization or to identify a user within a domain. Privacy is also provided towards the certificate verifier by means of zero-knowledge protocols, which are carried out between the user and the verifier in order for the verifier to check a user's entitlement to a certificate. Privacy is further provided towards the certificate issuer as well, by means of a mechanism that allows the anonymous (buying or) issuing of certificates from the issuer.
摘要翻译: 本发明提出了一种方法,用于为用户或用户提供关于其授权的授权的用户或用户的隐私,其中使用数字授权证书表示授权,以及在用户组的情况下关于域证书。 这个想法是在证书中隐藏用户身份,而证书本身保持清晰。 以这种方式,证书可以广泛和公开地获得,例如。 在公共网络中,没有随机观察者能够将用户链接到授权或识别域内的用户。 还通过在用户和验证者之间执行的零知识协议向证书验证者提供隐私,以便验证者检查用户对证书的授权。 通过允许发行人匿名(购买或发行)证书的机制,还向证书颁发者提供隐私。
-
公开(公告)号:US08502669B2
公开(公告)日:2013-08-06
申请号:US12441582
申请日:2007-09-19
申请人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
发明人: Jorge Guajardo Merchan , Geert Jan Schrijen , Claudine Viegas Conrado , Antoon Marie Henrie Tombeur , Pim Theo Tuyls
IPC分类号: G08B13/14
CPC分类号: G06K19/0723
摘要: It is described a RFID device (231a, 231b, 231c, 331) comprising a data memory (236) and an electronic circuit arrangement (237, 238, 239, 247) coupled thereto. The electronic circuit arrangement has a first and a second operational configuration, wherein by receiving a control command (250a) the electronic circuit arrangement can be switched irreversibly from the first to the second configuration. The RFID device further comprises a communication interface (245) being coupled to the electronic circuit arrangement. In the first configuration the RFID device is adapted to communicate with a standard RFID reader (110) via the communication interface. In the second configuration the communication with the standard RFID reader is disabled and the RFID device is adapted to communicate with a readout-RFID device (370). The RFID device may be equipped with a secondary communication interface that can be used to communicate with the RFID device in a privacy-preserving manner. After the RFID device has been disabled, the secondary interface can be used to access data in a secure manner.
摘要翻译: 描述了包括数据存储器(236)和与其耦合的电子电路装置(237,238,239,247)的RFID装置(231a,231b,231c,331)。 电子电路装置具有第一和第二操作配置,其中通过接收控制命令(250a),电子电路装置可以从第一配置到第二配置不可逆地切换。 RFID设备还包括耦合到电子电路装置的通信接口(245)。 在第一配置中,RFID设备适于经由通信接口与标准RFID读取器(110)进行通信。 在第二配置中,禁止与标准RFID读取器的通信,并且RFID设备适于与读出RFID设备(370)通信。 RFID设备可以配备有可以以隐私保护的方式与RFID设备通信的辅助通信接口。 在RFID设备被禁用之后,辅助接口可以用于以安全的方式访问数据。
-
公开(公告)号:US08046589B2
公开(公告)日:2011-10-25
申请号:US11570599
申请日:2005-06-22
申请人: Antonius Hermanus Maria Akkermans , Claudine Viegas Conrado , Theodorus Jacobus Johannes Denteneer
发明人: Antonius Hermanus Maria Akkermans , Claudine Viegas Conrado , Theodorus Jacobus Johannes Denteneer
CPC分类号: G07C9/00158 , G06K9/00885
摘要: The present invention relates to a method of authenticating an individual (321) at an authenticating device (311) and an authenticating system for authenticating an individual. A basic idea of the present invention is to store, at a device or a system with which an individual wishes to authenticate herself, one or more data structures each comprising a value based on an identifier pertaining to the individual and an encrypted copy of the identifier. When the individual wants to authenticate herself, she contacts the authenticating device whereby a request is made to attain the encrypted identifier included in a specific data structure stored at the authenticating device. The individual subsequently provides proof to the authenticating device that she actually knows the identifier.
摘要翻译: 本发明涉及一种在认证装置(311)上认证个人(321)的方法和用于认证个人的认证系统。 本发明的基本思想是在个人希望自己认证的设备或系统上存储一个或多个数据结构,每个数据结构包括基于与个人有关的标识符的值和标识符的加密副本 。 当个人想要自己认证时,她联系认证设备,由此进行请求以获得包含在存储在认证设备中的特定数据结构中的加密标识符。 个人随后向认证设备提供她实际知道标识符的证明。
-
公开(公告)号:US07978859B2
公开(公告)日:2011-07-12
申请号:US11814575
申请日:2006-01-19
CPC分类号: H04L63/126 , G06F21/10 , G06F21/645 , G06F2221/0737 , G06Q20/383 , H04L63/0421 , H04L63/0428 , H04L63/123 , H04L69/03 , H04L2463/101
摘要: The present invention relates to a method, a device and a system for preventing unauthorized introduction of content items in a network containing compliant devices and enabling users in the network to be anonymous. A basic idea of the present invention is to provide a CA (206) with a fingerprint of a content item to be introduced in a network at which the CA is arranged. Further, the CA is provided with an identifier of a content introducer (201), which introduces the particular content item in the network. The CA compares the fingerprint to a predetermined set of fingerprints, and content item intro duction is allowed if the content item fingerprint cannot be found among the fingerprints comprised in the set. On introduction of the content item, the CA generates a pseudonym for the content introducer and creates a signed content ID certificate comprising at least said fingerprint and a unique content identifier for the content item and the pseudonym of the content introducer.
摘要翻译: 本发明涉及一种用于防止在含有兼容设备的网络中未经授权的引入内容的方法,设备和系统,并使网络中的用户能够匿名。 本发明的基本思想是向CA(206)提供要在CA布置的网络中引入的内容项目的指纹。 此外,CA被提供有内容引入器(201)的标识符,其将特定内容项目引入网络。 CA将指纹与指定的一组指纹进行比较,如果在集合中包含的指纹中找不到内容项目指纹,则允许内容项目介绍。 在引入内容项目时,CA为内容引导器生成假名,并创建包括至少所述指纹的签名内容ID证书和用于内容项目和内容引导器的假名的唯一内容标识符。
-
公开(公告)号:US20100073147A1
公开(公告)日:2010-03-25
申请号:US12517276
申请日:2007-05-09
IPC分类号: H04Q5/22
CPC分类号: G06K19/07309 , H04L9/3278 , H04L2209/805
摘要: It is described a method for controlling data access to and from an RFID device (230). Thereby, an RFID reading device (210b) authenticates himself to the RFID device (230) before the RFID device (230) communicates with the RFID reading device (210b). The RFID device (230) is equipped with a physically uncloneable function (237), which is adapted to produce a unique but unpredictable response signal (R1, R2) upon receiving a predefined challenging signal (C1, C2). During an enrolment of the RFID device a first response signal (R1) being uniquely associated with a first challenging signal (C1) is stored in a memory (238) of the RFID device (230). The first challenging signal (C1) represents a password for opening further data communication with the RFID device (230). When a RFID reading device queries the RFID device (230) with a second challenging signal (C2), the RFID device (230) compares the corresponding response signal (R2) with the response (R1) being stored during enrollment and only if there is a match, responds with its identifier (ID).
摘要翻译: 描述了一种用于控制来自RFID设备(230)的数据访问的方法。 因此,RFID读取装置(210b)在RFID装置(230)与RFID读取装置(210b)通信之前,向RFID装置(230)认证自己。 RFID设备(230)配备有物理上不可克隆的功能(237),其适于在接收到预定义的挑战性信号(C1,C2)时产生唯一但不可预测的响应信号(R1,R2)。 在RFID装置的登记期间,与第一挑战性信号(C1)唯一相关联的第一响应信号(R1)被存储在RFID装置(230)的存储器(238)中。 第一有挑战性信号(C1)表示用于打开与RFID装置(230)的进一步数据通信的密码。 当RFID读取装置用第二具有挑战性的信号(C2)查询RFID装置(230)时,RFID装置(230)将对应的响应信号(R2)与登记期间存储的响应(R1)进行比较,并且仅当存在 一个匹配,用它的标识符(ID)进行响应。
-
公开(公告)号:US20080271115A1
公开(公告)日:2008-10-30
申请号:US12097404
申请日:2006-11-27
CPC分类号: H04L9/3026 , H04L9/0844 , H04L2209/805
摘要: A method is presented for enabling authentication of a prover in a Radio Frequency Identification system comprising the prover and a verifier, the method comprising the steps of: the prover sending a prover identifier and a parent identifier to the verifier, the verifier sending a verifier identifier to the prover, the prover calculating a first common secret by means of a prover polynomial, where an unknown in the prover polynomial is substituted by a result calculated using a function of at least the verifier identifier, and the verifier calculating the first common secret by means of a first verifier polynomial, wherein a first unknown in the first verifier polynomial is substituted by the prover identifier and a second unknown in the first verifier polynomial is substituted by the parent identifier, the prover creating a first message by modulating a first core secret with regard to at least the first common secret, aid prover sending the first message to the verifier, and the verifier creating a first candidate for the first core secret by demodulating the first message with the first common secret, whereby the candidate for the first core secret is for use in the authentication. This allows the verifier and prover to independently create a common secret, used for modulating the core secret. Furthermore, no pre-registration of the prover with the verifier is required and calculation using polynomials requires little processing power. A corresponding system, prover and verifier are also presented.
摘要翻译: 提供了一种用于在包括证明者和验证者的射频识别系统中验证证明者的方法,所述方法包括以下步骤:证明者向验证者发送证明者标识符和父标识符,验证者发送验证者标识符 证明者通过证明者多项式计算第一公共秘密,其中证明者多项式中的未知数由使用至少验证者标识符的函数计算的结果代替,并且验证者通过以下方式计算第一公共秘密: 第一验证者多项式的手段,其中,所述第一验证者多项式中的第一未知数由所述证明者标识符代替,并且所述第一验证者多项式中的第二未知被所述父标识符代替,所述证明者通过调制第一核心秘密来创建第一消息 至少第一个共同的秘密,援助证明者发送第一个消息给验证者,和veri 通过用第一公共秘密解调第一消息来创建第一核心秘密的第一候选者,由此第一核心秘密的候选者用于认证。 这允许验证者和证明者独立地创建一个共同的秘密,用于调制核心秘密。 此外,不需要具有验证者的证明者的预注册,并且使用多项式的计算需要很少的处理能力。 还提出了相应的系统,证明者和验证者。
-
公开(公告)号:US08448240B2
公开(公告)日:2013-05-21
申请号:US12162844
申请日:2007-01-30
IPC分类号: G06F12/00
CPC分类号: G06F21/6245
摘要: A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.
摘要翻译: 耦合到用户接口的用户界面和处理器,其中处理器通过用户界面接收访问请求,并授权通过用户界面进行访问。 处理器将权限请求与基于角色的策略相关联以确定访问权限,根据与特定用户和记录相关的异常列表来修改确定的访问权限,并且基于修改的确定的访问权限授权访问记录。
-
10.发明申请公开(公告)号:US20080209575A1
公开(公告)日:2008-08-28
申请号:US11569691
申请日:2005-05-24
IPC分类号: G06F1/00
CPC分类号: G06F21/10 , G06F21/6254
摘要: A system and method for transferring licenses from a first user to one or several other users in an information distribution system, while providing privacy for said users. The level of privacy is enhanced by the license format and the use of a master license, an anonymous license and by the inclusion of a revocation lists in the certificate corresponding to a license.
摘要翻译: 一种用于在向所述用户提供隐私的情况下,将许可证从第一用户转移到信息分发系统中的一个或多个其他用户的系统和方法。 通过许可证格式和使用主许可证,匿名许可证以及在与许可证相对应的证书中包含撤销列表来增强隐私级别。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.015 秒)