专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070288750A1 METHOD AND COMPUTER SYSTEM FOR PERFORMING TRANSACTIONS BETWEEN A CLIENT AND A SERVER 有权
标题翻译：用于客户和服务器之间进行交易的方法和计算机系统
公开(公告)号：US20070288750A1
公开(公告)日：2007-12-13
申请号：US11760026
申请日：2007-06-08
申请人： Jan Camenisch , Abhi Shelat , Dieter Sommer , Roger Zimmermann
发明人： Jan Camenisch , Abhi Shelat , Dieter Sommer , Roger Zimmermann
IPC分类号： H04L9/00
CPC分类号： G06F3/04842 , G06F21/33 , G06F2221/2119 , G06Q20/383 , H04L63/0823 , H04L63/20 , H04L67/10
摘要： A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.
摘要翻译：用于在客户端和服务器之间执行事务的方法和系统。客户端向服务器发送执行事务的事务请求，并从服务器接收事务策略。客户端显示描述用于实现交易策略的交易策略选项的交易策略的第一个表示。在用户选择第一事务策略选项之后，客户机显示事务策略的第二表示，描述与第一事务策略选项有关的至少一个机制以满足第一事务策略选项的要求。在用户选择第一个机制之后，客户端描述第一个交易策略选项的每个需求的证据选项。在用户为第一交易策略选项的每个需求选择证据选项之后，客户端向服务器发送包括由所选证据选项所指示的证据的交易启用信息。

2. 发明申请

US20110013771A1 ASSERTION MESSAGE SIGNATURES 有权
公开(公告)号：US20110013771A1
公开(公告)日：2011-01-20
申请号：US12301788
申请日：2007-04-26
申请人： Jan Camenisch , Thomas Gross , Dieter Sommer
发明人： Jan Camenisch , Thomas Gross , Dieter Sommer
IPC分类号： H04L9/14
CPC分类号： H04L9/3218 , H04L9/3252 , H04L2209/42 , H04L2209/56 , H04L2209/68
摘要： The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of:—creating an assertion (A) comprising one or more statements,—creating an assertion proof (p A),—creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A),—creating a key proof (PK) for the temporary public key (K),—creating an assertion message signature (S) by means of the temporary private key,—creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).
摘要翻译：本发明涉及一种用于从证明方（20）向依赖方（40）提供断言消息（200）的方法，所述方法包括以下步骤： - 创建包括一个或多个语句的断言（A）， - 创建断言证明（p A）， - 从断言（A）和断言证明（p A）创建临时私钥和相应的临时公钥（K）， - 为临时证明公开密钥（K）， - 通过临时专用密钥创建断言消息签名（S）， - 创建包括临时公开密钥（K）的断言消息（200），断言证明（PA），密钥证明（PK），断言（A），消息体（220）和断言消息签名（S）到依赖方（40）。

3. 发明授权

US08285647B2 Maintaining privacy for transactions performable by a user device having a security module 失效
标题翻译：维护具有安全模块的用户设备执行的事务的隐私
公开(公告)号：US08285647B2
公开(公告)日：2012-10-09
申请号：US12547051
申请日：2009-08-25
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： G06Q20/00 , G06F15/16
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译：本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。该系统包括提供发行者公钥PKI的发行者; 具有用于生成第一组认证签名值DAA1的安全模块的用户设备; 用于提供授权公钥PKPCA并发出第二认证值AV2的隐私认证机构计算机; 以及验证计算机，用于使用发行者公开密钥PKI和第二证书签名值DAA2的有效性与权限公钥PKPCA，第二证书签名集合来检查第一认证签名值DAA1的有效性值DAA2可由用户设备20从第二认证值AV2导出，其中可证实两组认证签名值DAA1，DAA2与用户设备有关。

4. 发明授权

US07543139B2 Revocation of anonymous certificates, credentials, and access rights 有权
标题翻译：撤销匿名证书，凭据和访问权限
公开(公告)号：US07543139B2
公开(公告)日：2009-06-02
申请号：US10325790
申请日：2002-12-19
申请人： Jan Camenisch , Anna Lysyanskaya
发明人： Jan Camenisch , Anna Lysyanskaya
IPC分类号： H04L9/00
CPC分类号： H04L9/3255 , H04L9/3218 , H04L9/3268 , H04L2209/42
摘要： In accordance with the present invention, there is given methods, systems and apparatus for revoking a derived credential formed from an initial credential and an indication value within a network. An example method comprises the steps of: updating an accumulator value based on a plurality of user credential keys where each user credential key is associated with a user device entitled to the derived credential; providing public information that comprises a public key for verifying the initial credential and the accumulator value; an entity receiving from a user device derived-credential information comprising an initial-credential information and an indication-value information indicating that the user credential key is inherently included in the accumulator value, and request information; and, processing the request information in response to verifying by the entity that the initial-credential information and the indication-value information are valid.
摘要翻译：根据本发明，给出了用于撤销由网络内的初始凭证和指示值形成的导出凭证的方法，系统和装置。一个示例性方法包括以下步骤：基于多个用户证书密钥更新累加器值，其中每个用户凭证密钥与被授权获得的凭证的用户设备相关联; 提供包括用于验证初始凭证和累加器值的公开密钥的公共信息; 从用户设备接收的实体 - 包括初始凭证信息和表示用户凭证密钥固有地包括在累加器值中的指示值信息的凭证信息和请求信息; 以及响应于所述实体验证所述初始凭证信息和所述指示值信息是有效的，来处理所述请求信息。

5. 发明申请

US20080229097A1 Privacy-protecting integrity attestation of a computing platform 有权
标题翻译：计算平台的隐私保护完整性认证
公开(公告)号：US20080229097A1
公开(公告)日：2008-09-18
申请号：US12126978
申请日：2008-05-26
申请人： Endre Bangerter , Matthias Schunter , Michael Waidner , Jan Camenisch
发明人： Endre Bangerter , Matthias Schunter , Michael Waidner , Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： H04L9/3218 , H04L9/3234 , H04L2209/80
摘要： Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译：用于隐私保护计算平台完整性认证的系统，设备和方法。用于隐私保护计算平台（P）的完整性认证的示例方法具有可信平台模块（TPM），并且包括以下步骤。首先，计算平台（P）接收配置值（PCR1 ... PCRn）。然后，通过可信平台模块（TPM），确定取决于计算平台（P）的配置的配置值（PCRp）。在进一步的步骤中，配置值（PCRp）通过可信平台模块进行签名。最后，如果配置值（PCRp）是接收到的配置值（PCR1 ... PCRn）之一，则计算平台（P）向验证者（V）证明其知道签名（sign（PCRp ））接收配置值之一（PCR1 ... PCRn）。

6. 发明申请

US20070245138A1 Documenting Security Related Aspects in the Process of Container Shipping 失效
公开(公告)号：US20070245138A1
公开(公告)日：2007-10-18
申请号：US10575158
申请日：2004-08-20
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/30
CPC分类号： G06F21/577 , G06F21/64 , G06F21/645 , H04L9/3257 , H04L2209/127 , H04L2209/42
摘要： The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device (20) having a security module (22) that provides a module public key (PKTPM) and a security module attestation value (DAA), the user device (20) providing a user public key (PKUC) that inherently comprises none, one, or more user determined attribute value (x, y) and a proof value demonstrating that the user public key (PKUC) is validly derived from the module public key (PKTPM) of the security module (22); an attester computer (30) that provides none, one, or more attester determined attribute value (w, z) and an attestation value (cert) that bases on an attester secret key (SKAC), the user public key (PKUC), and an anonymous attribute value (w, z); and a verification computer (40) for verifying whether or not (i) the user attestation-signature value (DAA′) was validly derived from the security module attestation value (DAA) provided by the security module (22) and the attestation value (cert), and (ii) the attestation value (cert) is associated with a subset (B, D) of at least one attribute, each attribute in the subset (B, D) having a revealed attribute value (x, z).

7. 发明申请

US20070244833A1 Maintaining Privacy for Transactions Performable by a User Device Having a Security Module 有权
标题翻译：维护具有安全模块的用户设备可执行的事务的隐私
公开(公告)号：US20070244833A1
公开(公告)日：2007-10-18
申请号：US10575045
申请日：2004-08-20
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： G06Q20/00
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译：本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。该系统包括提供发行者公钥PKI的发行者; 用户设备具有用于生成第一组认证签名值DAA 1的安全模块; 用于提供授权公钥PKPCA并发出第二证明值AV 2的隐私认证机构计算机; 以及验证计算机，用于使用发行者公开密钥PKI和第二组认证签名值DAA 2的有效性公钥PKPCA来检查第一认证签名值DAA 1的有效性，第二组认证由用户设备20从第二证明值AV 2导出的签名值DAA 2，其中可证实两组认证签名值DAA 1，DAA 2与用户设备有关。

8. 发明申请

US20130007461A1 NON-TRANSFERABLE ANONYMOUS DIGITAL RECEIPTS 失效
标题翻译：不可转让的无数字数字接收
公开(公告)号：US20130007461A1
公开(公告)日：2013-01-03
申请号：US13612263
申请日：2012-09-12
申请人： Elsie van Herrewegen , Jan Camenisch
发明人： Elsie van Herrewegen , Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , G06Q20/0453 , H04L2209/42 , H04L2209/56
摘要： A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.
摘要翻译：一种用于验证提供公共密钥基础设施的通信系统中的电子收据的所有权的系统和方法，所述验证是由在第一方和验证方之间发送和接收的一系列消息产生的，所述方法包括以下步骤：接收来自第一方的证明消息，证明消息基于由第一方所拥有的秘密从至少第一公钥导出，并且其中该秘密至少与第一方的另一个公钥的秘密相关联;以及通过用第二公开密钥电子地签署请求消息而发出的电子收据，确定证明消息是否从第二公开密钥导出。

9. 发明申请

US20120296829A1 Unlinkable Priced Oblivious Transfer with Rechargeable Wallets 审中-公开
标题翻译：带有可充电钱包的无法连接的价格转移
公开(公告)号：US20120296829A1
公开(公告)日：2012-11-22
申请号：US13574086
申请日：2010-11-12
申请人： Jan Camenisch , Maria Dubovitskaya , Gregory Neven
发明人： Jan Camenisch , Maria Dubovitskaya , Gregory Neven
IPC分类号： G06Q20/36 , G06F21/24 , G06F17/30
CPC分类号： G06Q20/401 , G06Q20/367 , G06Q20/38 , G06Q30/0603 , G06Q2220/00
摘要： A protocol that allows customers to buy database records while remaining fully anonymous, i.e. the database server does not learn who purchases a record, and cannot link purchases by the same customer; the database server does not learn which record is being purchased, nor the price of the record that is being purchased; the customer can only obtain a single record per purchase, and cannot spend more than his account balance; the database server does not learn the customer's remaining balance. In the protocol customers keep track of their own balances, rather than leaving this to the database server. The protocol allows customers to anonymously recharge their balances.
摘要翻译：一种协议，允许客户在完全匿名的情况下购买数据库记录，即数据库服务器不会了解谁购买记录，并且无法链接同一客户的购买; 数据库服务器不了解正在购买哪个记录，也不知道正在购买的记录的价格; 客户只能获得每次购买的单个记录，不能超过其账户余额; 数据库服务器不会了解客户的余额。在协议中，客户跟踪自己的余额，而不是将其留给数据库服务器。该协议允许客户匿名补充余额。

10. 发明授权

US08122245B2 Anonymity revocation 失效
标题翻译：匿名撤销
公开(公告)号：US08122245B2
公开(公告)日：2012-02-21
申请号：US12167488
申请日：2008-07-03
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L29/06
CPC分类号： G06Q30/04 , H04L9/3234 , H04L9/3247 , H04L2209/42 , H04L2209/56
摘要： Methods and systems for anonymity revocation, enabling a trusted entity to identify a user computer within an anonymous system. A system comprises an attester computer providing attestation value cert from a security module public key and an identifying value. The user computer having a module providing the module public key and a security module attestation value, the user computer providing a user public key, a user attestation-signature value derived from the attestation value cert, and an encryption computable under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; a verification computer verifying validity of received user attestation-signature value and the encryption; and a trusted entity having a trusted entity secret key, wherein the trusted entity is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.
摘要翻译：用于匿名撤销的方法和系统，使可信实体能够识别匿名系统内的用户计算机。系统包括从安全模块公开密钥和识别值提供认证价值证书的服务器计算机。具有提供模块公钥的模块和安全模块认证值的用户计算机，提供用户公开密钥的用户计算机，从认证值证书导出的用户认证签名值，以及可信任的使用中可计算的加密，实体公钥和模块生成标识符值，与识别值相关的模块生成标识符值; 验证接收到的用户认证签名值和加密的有效性的验证计算机; 以及具有可信实体秘密密钥的可信实体，其中所述可信实体能够从所述加密中导出所述模块生成的标识符值，所述模块生成的标识符值可用于使用所述安全模块来标识所述用户计算机。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式