专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08788828B2 Non-transferable anonymous digital receipts 失效
标题翻译：不可转让的匿名数字收据
公开(公告)号：US08788828B2
公开(公告)日：2014-07-22
申请号：US13612263
申请日：2012-09-12
申请人： Elsie van Herrewegen , Jan Camenisch
发明人： Elsie van Herrewegen , Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , G06Q20/0453 , H04L2209/42 , H04L2209/56
摘要： A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.
摘要翻译：一种用于验证提供公共密钥基础设施的通信系统中的电子收据的所有权的系统和方法，所述验证是由在第一方和验证方之间发送和接收的一系列消息产生的，所述方法包括以下步骤：接收来自第一方的证明消息，证明消息基于由第一方所拥有的秘密从至少第一公钥导出，并且其中该秘密至少与第一方的另一个公钥的秘密相关联;以及通过用第二公开密钥电子地签署请求消息而发出的电子收据，确定证明消息是否从第二公开密钥导出。

12. 发明申请

US20120297196A1 MAINTAINING PRIVACY FOR TRANSACTIONS PERFORMABLE BY A USER DEVICE HAVING A SECURITY MODULE 有权
标题翻译：维护具有安全模块的用户设备执行的交易隐私
公开(公告)号：US20120297196A1
公开(公告)日：2012-11-22
申请号：US13562932
申请日：2012-07-31
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/28
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.
摘要翻译：公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备可执行的交易的私密性的方法和系统。该系统包括提供发行者公钥的发行者; 具有用于生成第一组认证签名值的安全模块的用户设备; 一个用于提供授权公共密钥和发出第二认证价值的隐私认证机构计算机; 以及验证计算机，用于利用所述授权公钥用所述颁发者公开密钥和所述认证签名值的有效性来检查所述第一认证签名值集合的有效性，所述第二认证签名值集合可由所述认证签名值导出来自第二证明的用户设备值，其中可证实两组认证签名值与用户设备相关。

13. 发明申请

US20120297185A1 MAINTAINING PRIVACY FOR TRANSACTIONS PERFORMABLE BY A USER DEVICE HAVING A SECURITY MODULE 有权
公开(公告)号：US20120297185A1
公开(公告)日：2012-11-22
申请号：US13562940
申请日：2012-07-31
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： A method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier are disclosed. The system includes an issuer providing an issuer public key; a user device having a security module for generating a first set of attestation-signature values; a privacy certification authority computer for providing an authority public key and issuing second attestation values; and a verification computer for checking the validity of the first set of attestation signature values with the issuer public key and the validity of a second set of attestation-signature values with the authority public key, the second set of attestation-signature values being derivable by the user device from the second attestation values, where it is verifiable that the two sets of attestation-signature values relate to the user device.

14. 发明授权

US08139767B2 Fine-grained forward-secure signature scheme 有权
标题翻译：细粒度的前向安全签名方案
公开(公告)号：US08139767B2
公开(公告)日：2012-03-20
申请号：US12120349
申请日：2008-05-14
申请人： Jan Camenisch , Maciel Koprowski
发明人： Jan Camenisch , Maciel Koprowski
IPC分类号： H04L9/00
CPC分类号： H04L9/14 , H04L9/3255
摘要： The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.
摘要翻译：所提出的方法构成了可靠安全的前向安全签名方案的基础。此外，提出的方法也是安全有效的细粒度前向安全签名方案的基础。该方案允许立即对黑客入侵进行反应，使得过去的签名仍然保持有效，而不重新发布它们，并且可以相应地识别基于暴露密钥的未来签名值。一般来说，每个准备的签名都带有上升索引，使得一旦使用索引，就不能使用较低的索引进行签名。那么，每当对手中断时，一个诚实的签名者就可以通过例如通过当前索引签署一些特殊消息来宣布当前的索引，作为当前时间段的撤消消息的一部分。据了解，在先前的时间段内进行的所有签名以及在所宣布的索引的撤销时间内的所有签名都是有效的，即非信誉的。

15. 发明申请

US20110013771A1 ASSERTION MESSAGE SIGNATURES 有权
公开(公告)号：US20110013771A1
公开(公告)日：2011-01-20
申请号：US12301788
申请日：2007-04-26
申请人： Jan Camenisch , Thomas Gross , Dieter Sommer
发明人： Jan Camenisch , Thomas Gross , Dieter Sommer
IPC分类号： H04L9/14
CPC分类号： H04L9/3218 , H04L9/3252 , H04L2209/42 , H04L2209/56 , H04L2209/68
摘要： The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of:—creating an assertion (A) comprising one or more statements,—creating an assertion proof (p A),—creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A),—creating a key proof (PK) for the temporary public key (K),—creating an assertion message signature (S) by means of the temporary private key,—creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).
摘要翻译：本发明涉及一种用于从证明方（20）向依赖方（40）提供断言消息（200）的方法，所述方法包括以下步骤： - 创建包括一个或多个语句的断言（A）， - 创建断言证明（p A）， - 从断言（A）和断言证明（p A）创建临时私钥和相应的临时公钥（K）， - 为临时证明公开密钥（K）， - 通过临时专用密钥创建断言消息签名（S）， - 创建包括临时公开密钥（K）的断言消息（200），断言证明（PA），密钥证明（PK），断言（A），消息体（220）和断言消息签名（S）到依赖方（40）。

16. 发明申请

US20100100926A1 INTERACTIVE SELECTION OF IDENTITY INFORMATOIN SATISFYING POLICY CONSTRAINTS 审中-公开
标题翻译：互动选择身份信息满足政策约束
公开(公告)号：US20100100926A1
公开(公告)日：2010-04-22
申请号：US12252598
申请日：2008-10-16
申请人： Carl Binding , Anthony Bussani , Jan Camenisch , Dieter M. Sommer
发明人： Carl Binding , Anthony Bussani , Jan Camenisch , Dieter M. Sommer
IPC分类号： G06F21/24
CPC分类号： H04L63/102 , G06F21/41 , H04L63/0815
摘要： A system and method for verifying an attribute includes providing a compound policy by a relying party. The compound policy has one or more claims and/or sub-claims expressing conditions on attributes and constants. Identity providers are associated with aspects of the compound policy by mapping attributes of the compound policy with attributes of the identity providers. A selection of at least one identity provider that satisfies the compound policy is enabled. At least one attribute of the user is verified by at least one identity provider in accordance with the selection.
摘要翻译：用于验证属性的系统和方法包括由依赖方提供复合策略。复合策略具有表示对属性和常数的条件的一个或多个权利要求和/或子权利要求。身份提供者通过将复合策略的属性映射到身份提供者的属性来与复合策略的各个方面相关联。启用满足复合策略的至少一个身份提供者的选择。用户的至少一个属性由至少一个身份提供者根据选择进行验证。

17. 发明授权

US07551737B2 Cryptographic keys using random numbers instead of random primes 失效
标题翻译：加密密钥使用随机数而不是随机素数
公开(公告)号：US07551737B2
公开(公告)日：2009-06-23
申请号：US10809267
申请日：2004-03-25
申请人： Jan Camenisch , Maciej A Koprowski
发明人： Jan Camenisch , Maciej A Koprowski
IPC分类号： H04L9/22 , H04L9/28 , H04L9/30
CPC分类号： H04L9/302 , H04L9/3247 , H04L2209/42
摘要： A system and method for providing cryptographic keys which are usable in a network of connected computer nodes applying a signature scheme. The method employs: generating a random secret key usable in the network of connected computer nodes; generating an exponent interval I having a plurality of exponent elements, the exponent interval having a specified first random limit, wherein each element of the plurality of exponent elements of the exponent interval has a unique prime factor tat is larger than a given security parameter; and, providing a public key comprising an exponent-interval description including The first random limit, and a public key value derived from the random secret key, such That the random secret key and a selected exponent value from the plurality of exponent elements in the exponent interval I are usable for deriving a signature value on a message to be sent within The network to a second computer node for verification.
摘要翻译：一种用于提供加密密钥的系统和方法，所述加密密钥可用于应用签名方案的连接的计算机节点的网络中。该方法采用：产生在连接的计算机节点的网络中可用的随机密钥; 产生具有多个指数元素的指数间隔I，所述指数间隔具有指定的第一随机限制，其中所述指数间隔的所述多个指数元素中的每个元素具有唯一素数因子tat大于给定的安全参数; 并且提供包括包括第一随机限制的指数间隔描述和从随机秘密密钥导出的公开密钥值的公开密钥，使得随机秘密密钥和来自指数中的多个指数元素的选择的指数值间隔I可用于将要在网络内发送的消息的签名值导出到第二计算机节点用于验证。

18. 发明申请

US20090049300A1 Method and system for user attestation-signatures with attributes 失效
标题翻译：具有用户认证签名的方法和系统与属性
公开(公告)号：US20090049300A1
公开(公告)日：2009-02-19
申请号：US12131621
申请日：2008-06-02
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： G06F21/577 , G06F21/64 , G06F21/645 , H04L9/3257 , H04L2209/127 , H04L2209/42
摘要： The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device (20) having a security module (22) that provides a module public key (PKTPM) and a security module attestation value (DAA), the user device (20) providing a user public key (PKUC) that inherently comprises none, one, or more user determined attribute value (x, y) and a proof value demonstrating that the user public key (PKUC) is validly derived from the module public key (PKTPM) of the security module (22); an attester computer (30) that provides none, one, or more attester determined attribute value (w, z) and an attestation value (cert) that bases on an attester secret key (SKAC), the user public key (PKUC), and an anonymous attribute value (w, z); and a verification computer (40) for verifying whether or not (i) the user attestation-signature value (DAA′) was validly derived from the security module attestation value (DAA) provided by the security module (22) and the attestation value (cert), and (ii) the attestation value (cert) is associated with a subset (B, D) of at least one attribute, each attribute in the subset (B, D) having a revealed attribute value (x, z).
摘要翻译：本发明公开了一种用于生成和验证用户认证签名值（DAA'）并发布用于生成用户认证签名值（DAA'）的认证值（cert）的方法。此外，本发明涉及一种用于使用对应于至少一个属性（A，B，C，D）的用户认证签名值（DAA'）的系统，每个属性值（w，x，y， z），所述属性值（x，y）中的一个或多个对于事务保持匿名，所述系统包括：具有提供模块公钥（PKTPM）的安全模块（22）的用户设备（20）安全模块认证值（DAA），用户设备（20）提供固有地包括没有，一个或多个用户确定的属性值（x，y）的用户公钥（PKUC）以及证明用户公开密钥（PKUC）从安全模块（22）的模块公钥（PKTPM）有效地导出; 用户公开密钥（PKUC）提供基于服务器秘密密钥（SKAC），用户公钥（PKUC）和/或服务器密钥（PKUC）的任何一个，一个或多个服务器确定的属性值（w，z）和认证值（cert）匿名属性值（w，z）; 以及验证计算机（40），用于验证是否（i）用户认证签名值（DAA'）从安全模块（22）提供的安全模块认证值（DAA）和证明值（证书），和（ii）证明值（证书）与至少一个属性的子集（B，D）相关联，子集（B，D）中的每个属性具有透明的属性值（x，z）。

19. 发明申请

US20070288750A1 METHOD AND COMPUTER SYSTEM FOR PERFORMING TRANSACTIONS BETWEEN A CLIENT AND A SERVER 有权
标题翻译：用于客户和服务器之间进行交易的方法和计算机系统
公开(公告)号：US20070288750A1
公开(公告)日：2007-12-13
申请号：US11760026
申请日：2007-06-08
申请人： Jan Camenisch , Abhi Shelat , Dieter Sommer , Roger Zimmermann
发明人： Jan Camenisch , Abhi Shelat , Dieter Sommer , Roger Zimmermann
IPC分类号： H04L9/00
CPC分类号： G06F3/04842 , G06F21/33 , G06F2221/2119 , G06Q20/383 , H04L63/0823 , H04L63/20 , H04L67/10
摘要： A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.
摘要翻译：用于在客户端和服务器之间执行事务的方法和系统。客户端向服务器发送执行事务的事务请求，并从服务器接收事务策略。客户端显示描述用于实现交易策略的交易策略选项的交易策略的第一个表示。在用户选择第一事务策略选项之后，客户机显示事务策略的第二表示，描述与第一事务策略选项有关的至少一个机制以满足第一事务策略选项的要求。在用户选择第一个机制之后，客户端描述第一个交易策略选项的每个需求的证据选项。在用户为第一交易策略选项的每个需求选择证据选项之后，客户端向服务器发送包括由所选证据选项所指示的证据的交易启用信息。

20. 发明申请

US20060101507A1 Method and apparatus for obtaining and verifying credentials for accessing a computer application program 失效
标题翻译：用于获取和验证访问计算机应用程序的凭证的方法和装置
公开(公告)号：US20060101507A1
公开(公告)日：2006-05-11
申请号：US11265732
申请日：2005-11-02
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/32 , G06K9/00 , G06F17/30 , G06F15/16 , G06F7/04 , G06F7/58 , G06K19/00
CPC分类号： G06F21/33
摘要： Methods for obtaining credentials and for verifying credentials are disclosed. In some embodiments, a request may be generated to register a computing device of a user to a registration issuer, and in response a device related credential for the computing device may be obtained, the device related credential being for exclusive use of that computing device and being related to a unique identifier of the user. A request for a credential for an application program may be generated, and in response an application credential for the application program may be obtained, the application credential being related to the unique identifier of the user. A request for access to the application program may be generated, the request comprising the application credential and the device related credential. In response to the request for access, access to the application may be granted if the device related credential and the application credential relate to the same unique user identifier.
摘要翻译：公开了获得凭证和验证凭据的方法。在一些实施例中，可以生成请求以将用户的计算设备注册到注册发行者，并且响应于可以获得用于计算设备的设备相关凭证，所述设备相关凭证被用于该计算设备的专用，以及与用户的唯一标识相关。可以生成对应用程序的凭证的请求，并且响应于可以获得应用程序的应用凭证，应用凭证与用户的唯一标识符相关。可以生成对应用程序的访问请求，该请求包括应用凭证和与设备相关的凭证。响应于访问请求，如果设备相关凭证和应用凭证与相同的唯一用户标识符相关，则可以授予对应用的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式