公开(公告)号：US08799656B2

公开(公告)日：2014-08-05

申请号：US12913708

申请日：2010-10-27

申请人： Ernest F. Brickell ,  Jiangtao Li ,  Jesse Walker

发明人： Ernest F. Brickell ,  Jiangtao Li ,  Jesse Walker

IPC分类号： H04L9/32 ,  H04L12/06

CPC分类号： H04L9/0844 ,  H04L9/0891 ,  H04L9/3255 ,  H04L9/3273 ,  H04L2209/42

摘要： Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

摘要翻译： 提出匿名认证和密钥交换的方法。 在一个实施例中，一种方法包括启动设备和远程实体之间的双向相互认证。 执行身份验证后，设备对远程实体保持匿名。 该方法还包括建立用于安全通信的相互共享的会话密钥，其中启动和建立与直接匿名认证（DAA）结合。

公开(公告)号：US20120023334A1

公开(公告)日：2012-01-26

申请号：US12913708

申请日：2010-10-27

申请人： Ernest F. Brickell ,  Jiangtao Li ,  Jesse Walker

发明人： Ernest F. Brickell ,  Jiangtao Li ,  Jesse Walker

IPC分类号： H04L9/32

CPC分类号： H04L9/0844 ,  H04L9/0891 ,  H04L9/3255 ,  H04L9/3273 ,  H04L2209/42

摘要： Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

摘要翻译： 提出匿名认证和密钥交换的方法。 在一个实施例中，一种方法包括启动设备和远程实体之间的双向相互认证。 执行身份验证后，设备对远程实体保持匿名。 该方法还包括建立用于安全通信的相互共享的会话密钥，其中启动和建立与直接匿名认证（DAA）结合。

公开(公告)号：US07844614B2

公开(公告)日：2010-11-30

申请号：US11948861

申请日：2007-11-30

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： G06F17/30

CPC分类号： H04L9/3234 ,  G06F21/57 ,  H04L9/3013 ,  H04L9/3221 ,  H04L9/3247 ,  H04L2209/42 ,  H04L2209/56

摘要： In some embodiments, a method and apparatus for enhanced revocation of direct proof and direct anonymous attestation are described. In one embodiment a trusted hardware device verifies that membership of the device within a trusted membership group is not revoked according to a revocation list received with a challenge request from a verifier. Once such verification is performed, the device convinces the verifier of possessing cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. In one embodiment, the trusted hardware device computes a digital signature on a message received with the challenge request to the verifier if membership of the anonymous hardware device within a trusted membership group is verified. In one embodiment, the verifier authenticates the digital signature according to a public key of the trusted membership group to enable a trusted member device to remain anonymous to the verifier. Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，描述了用于增强直接证明和直接匿名证明的撤销的方法和装置。 在一个实施例中，可信硬件设备根据从验证者接收到的询问请求的撤销列表来验证受信任的成员资格组内的设备的成员资格是否被撤销。 一旦执行了这种验证，该设备就说服验证者拥有加密信息，而不会泄露可信硬件设备或加密信息的唯一设备识别信息。 在一个实施例中，如果验证了可信任的成员资格组内的匿名硬件设备的成员资格，那么可信硬件设备将向接收到的询问请求的消息中的数字签名计算给验证者。 在一个实施例中，验证者根据受信任的成员资格群组的公开密钥对数字签名进行认证，以使受信任的成员设备对验证者保持匿名。 描述和要求保护其他实施例。

公开(公告)号：US20100169650A1

公开(公告)日：2010-07-01

申请号：US12347581

申请日：2008-12-31

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L9/0894 ,  H04L9/3066 ,  H04L2209/42

摘要： A storage minimization technique for direct anonymous attestation (DAA) keys is presented. In one embodiment, the method includes deriving a random portion of a (DAA) private key from a device's fuse key, computing a point on an elliptical curve from the derived random portion and a master private key, and storing only one coordinate of the point in fuses within the device. Other embodiments are described and claimed.

摘要翻译： 提出了一种用于直接匿名认证（DAA）密钥的存储最小化技术。 在一个实施例中，该方法包括从设备的熔丝键导出（DAA）私钥的随机部分，从导出的随机部分计算椭圆曲线上的点和主私钥，并且仅存储该点的一个坐标 在设备内的保险丝。 描述和要求保护其他实施例。

公开(公告)号：US20080270786A1

公开(公告)日：2008-10-30

申请号：US11778804

申请日：2007-07-17

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： H04L9/00

CPC分类号： H04L9/3073 ,  H04L9/3255 ,  H04L2209/42

摘要： A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.

摘要翻译： 一种从双线性地图直接匿名认证的方法和装置。 在一个实施例中，该方法包括为由发行者定义的可信会员组创建公钥/私钥对; 以及将唯一的秘密签名密钥分配给由所述发行者定义的所述可信会员组的至少一个成员设备。 在一个实施例中，使用分配的签名密钥，成员可以分配作为认证请求接收的消息以证明可信任的成员资格组内的会员资格。 在一个实施例中，使用可信会员组的公钥来验证会员的组数字签名。 因此，数字签名的验证者能够认证成员是受信任的成员资格组的实际成员，而不需要披露成员或私人成员密钥的唯一标识信息来维护可信任成员设备的匿名性。 描述和要求保护其他实施例。

公开(公告)号：US20140089659A1

公开(公告)日：2014-03-27

申请号：US13987807

申请日：2013-09-05

申请人： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

发明人： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

IPC分类号： H04L9/08

CPC分类号： H04L9/0816 ,  G06F21/572 ,  G06F21/73

摘要： Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.

摘要翻译： 用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。 密钥材料的安全配置基于安装在平台中的固件的修订版本。

公开(公告)号：US08595505B2

公开(公告)日：2013-11-26

申请号：US13247921

申请日：2011-09-28

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： H04L9/32 ,  H04L9/08 ,  G06F7/04

CPC分类号： H04L9/3073 ,  H04L9/0833 ,  H04L9/0877 ,  H04L9/3234 ,  H04L2209/42

摘要： A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.

摘要翻译： 一种从双线性地图直接匿名认证的方法和装置。 在一个实施例中，该方法包括为由发行者定义的可信会员组创建公钥/私钥对; 以及将唯一的秘密签名密钥分配给由所述发行者定义的所述可信会员组的至少一个成员设备。 在一个实施例中，使用分配的签名密钥，成员可以分配作为认证请求接收的消息以证明可信任的成员资格组内的会员资格。 在一个实施例中，使用可信会员组的公钥来验证会员的组数字签名。 因此，数字签名的验证者能够认证成员是受信任的成员资格组的实际成员，而不需要披露成员或私人成员密钥的唯一标识信息来维护可信任成员设备的匿名性。 描述和要求保护其他实施例。

公开(公告)号：US20120137137A1

公开(公告)日：2012-05-31

申请号：US12956793

申请日：2010-11-30

申请人： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

发明人： Ernest F. Brickell ,  Shay Gueron ,  Jiangtao Li ,  Carlos V. Rozas ,  Daniel Nemiroff ,  Vincent R. Scarlata ,  Uday R. Savagaonkar ,  Simon P. Johnson

IPC分类号： G06F21/00

CPC分类号： H04L9/0816 ,  G06F21/572 ,  G06F21/73

摘要： Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.

摘要翻译： 用于在平台中提供安全性的键控材料可以安全地在线和离线地配置到远程平台中的设备。 密钥材料的安全配置基于安装在平台中的固件的修订版本。

公开(公告)号：US08078876B2

公开(公告)日：2011-12-13

申请号：US11778804

申请日：2007-07-17

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： H04L9/32 ,  G06F7/00 ,  G06F7/04

CPC分类号： H04L9/3073 ,  H04L9/3255 ,  H04L2209/42

摘要： A method and apparatus for direct anonymous attestation from bilinear maps. In one embodiment, the method includes the creation of a public/private key pair for a trusted membership group defined by an issuer; and assigning a unique secret signature key to at least one member device of the trusted membership group defined by the issuer. In one embodiment, using the assigned signature key, a member may assign a message received as an authentication request to prove membership within a trusted membership group. In one embodiment, a group digital signature of the member is verified using a public key of the trusted membership group. Accordingly, a verifier of the digital signature is able to authenticate that the member is an actual member of the trusted membership group without requiring of the disclosure of a unique identification information of the member or a private member key to maintain anonymity of trusted member devices. Other embodiments are described and claimed.

摘要翻译： 一种从双线性地图直接匿名认证的方法和装置。 在一个实施例中，该方法包括为由发行者定义的可信会员组创建公钥/私钥对; 以及将唯一的秘密签名密钥分配给由所述发行者定义的所述可信会员组的至少一个成员设备。 在一个实施例中，使用分配的签名密钥，成员可以分配作为认证请求接收的消息以证明可信任的成员资格组内的会员资格。 在一个实施例中，使用可信会员组的公钥来验证会员的组数字签名。 因此，数字签名的验证者能够认证成员是受信任的成员资格组的实际成员，而不需要披露成员或私人成员密钥的唯一标识信息来维护可信任成员设备的匿名性。 描述和要求保护其他实施例。

公开(公告)号：US20080307223A1

公开(公告)日：2008-12-11

申请号：US11948862

申请日：2007-11-30

申请人： Ernest F. Brickell ,  Jiangtao Li

发明人： Ernest F. Brickell ,  Jiangtao Li

IPC分类号： H04L9/32

CPC分类号： H04L9/3221 ,  H04L9/3234 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/0823 ,  H04L63/126 ,  H04L2209/42

摘要： In some embodiments, a method and apparatus for issuer based revocation of direct proof and direct anonymous attestation are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of revocation request to the trusted hardware device, including a base value BI and a plurality of revoked pseudonyms (K1, . . . , Kn) used for a plurality of suspect member keys during join procedures with an issuer. In response, the trusted hardware device issues a group denial revocation to prove that a private member key F does not match any one of a plurality of unknown, suspect keys F1 . . . Fn formed from the revoked pseudonyms, where n is an integer greater than 1 and i is and integer from 1 to n. Other embodiments are described and claimed.

摘要翻译： 在一些实施例中，描述了用于基于颁发者的撤销直接证明和直接匿名认证的方法和装置。 在一个实施例中，可信硬件设备说服验证者信任的硬件设备拥有加密信息，而不会泄露可信硬件设备或加密信息的唯一的设备识别信息。 一旦验证者确信硬件设备具有加密信息，验证者可以向可信硬件设备发出拒绝撤销请求，包括使用基本值BI和多个撤销的假名（K1，...，Kn） 对于与发行者的连接过程中的多个可疑成员密钥。 作为响应，可信硬件设备发出组拒绝撤销，以证明私有成员密钥F不匹配多个未知的可疑密钥F1中的任何一个。 。 。 Fn由撤销的假名形成，其中n是大于1的整数，i和从1到n的整数。 描述和要求保护其他实施例。