公开(公告)号：US20140289512A1

公开(公告)日：2014-09-25

申请号：US13847562

申请日：2013-03-20

Applicant: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE

Inventor： Huei-Ru Tseng ,  Pei-Chuan Tsai ,  Rong-Hong Jan ,  Chien Chen ,  Hsia-Hsin Li ,  Chih-Che Lin

IPC: H04L9/32

CPC classification number: H04L9/3265 ,  H04L9/3268

Abstract: Embodiments of the present invention are directed to methods and systems for generating and revoking, as well as validating, certificates used to protect communications within networks while maintaining privacy protection. In the context of a method, certificate generation and revocation with privacy preservation comprises determining a secret value to be used by a certificate authority and an entity; constructing a key tree based on the secret value, wherein the leaves of the key tree represent derived keys for the certificates for the entity; and generating certificates for the entity based in part on the key tree leaves. The method further comprises determining that one or more of the certificates should be revoked; determining a minimum key node set that covers the certificates to be revoked; adding the minimum key node set to a certificate revocation list; and providing the certificate revocation list to one or more entities. Corresponding apparatuses and computer program products are also provided.

Abstract translation: 本发明的实施例涉及用于生成和撤销以及验证用于保护网络内的通信的证书同时保持隐私保护的方法和系统。 在方法的上下文中，具有隐私保护的证书生成和撤销包括确定由认证机构和实体使用的秘密值; 基于秘密值构建密钥树，其中密钥树的叶表示实体的证书的导出密钥; 并且基于密钥树叶部分地为实体生成证书。 该方法还包括确定一个或多个证书应被撤销; 确定覆盖要撤销的证书的最小密钥节点集; 将最小密钥节点集添加到证书吊销列表中; 并将证书吊销列表提供给一个或多个实体。 还提供了相应的设备和计算机程序产品。

公开(公告)号：US09425967B2

公开(公告)日：2016-08-23

申请号：US13847562

申请日：2013-03-20

Applicant: INDUSTRIAL TECHNOLOGY RESEARCH INSTITUTE

Inventor： Huei-Ru Tseng ,  Pei-Chuan Tsai ,  Rong-Hong Jan ,  Chien Chen ,  Hsia-Hsin Li ,  Chih-Che Lin

IPC: H04L29/06 ,  H04L9/32

CPC classification number: H04L9/3265 ,  H04L9/3268

Abstract: Embodiments of the present invention are directed to methods and systems for generating and revoking, as well as validating, certificates used to protect communications within networks while maintaining privacy protection. In the context of a method, certificate generation and revocation with privacy preservation comprises determining a secret value to be used by a certificate authority and an entity; constructing a key tree based on the secret value, wherein the leaves of the key tree represent derived keys for the certificates for the entity; and generating certificates for the entity based in part on the key tree leaves. The method further comprises determining that one or more of the certificates should be revoked; determining a minimum key node set that covers the certificates to be revoked; adding the minimum key node set to a certificate revocation list; and providing the certificate revocation list to one or more entities. Corresponding apparatuses and computer program products are also provided.

Abstract translation: 本发明的实施例涉及用于生成和撤销以及验证用于保护网络内的通信的证书同时保持隐私保护的方法和系统。 在方法的上下文中，具有隐私保护的证书生成和撤销包括确定由认证机构和实体使用的秘密值; 基于秘密值构建密钥树，其中密钥树的叶表示实体的证书的导出密钥; 并且基于密钥树叶部分地为实体生成证书。 该方法还包括确定一个或多个证书应被撤销; 确定覆盖要撤销的证书的最小密钥节点集; 将最小密钥节点集添加到证书吊销列表中; 并将证书吊销列表提供给一个或多个实体。 还提供了相应的设备和计算机程序产品。