专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08139767B2 Fine-grained forward-secure signature scheme 有权
标题翻译：细粒度的前向安全签名方案
公开(公告)号：US08139767B2
公开(公告)日：2012-03-20
申请号：US12120349
申请日：2008-05-14
申请人： Jan Camenisch , Maciel Koprowski
发明人： Jan Camenisch , Maciel Koprowski
IPC分类号： H04L9/00
CPC分类号： H04L9/14 , H04L9/3255
摘要： The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.
摘要翻译：所提出的方法构成了可靠安全的前向安全签名方案的基础。此外，提出的方法也是安全有效的细粒度前向安全签名方案的基础。该方案允许立即对黑客入侵进行反应，使得过去的签名仍然保持有效，而不重新发布它们，并且可以相应地识别基于暴露密钥的未来签名值。一般来说，每个准备的签名都带有上升索引，使得一旦使用索引，就不能使用较低的索引进行签名。那么，每当对手中断时，一个诚实的签名者就可以通过例如通过当前索引签署一些特殊消息来宣布当前的索引，作为当前时间段的撤消消息的一部分。据了解，在先前的时间段内进行的所有签名以及在所宣布的索引的撤销时间内的所有签名都是有效的，即非信誉的。

2. 发明申请

US20090316886A1 FINE-GRAINED FORWARD-SECURE SIGNATURE SCHEME 有权
标题翻译：精细前进的安全签名计划
公开(公告)号：US20090316886A1
公开(公告)日：2009-12-24
申请号：US12120349
申请日：2008-05-14
申请人： Jan Camenisch , Maciel Koprowski
发明人： Jan Camenisch , Maciel Koprowski
IPC分类号： H04L9/00
CPC分类号： H04L9/14 , H04L9/3255
摘要： The presented methods form the basis of a forward-secure signature scheme that is provably secure. Moreover, the presented methods form also the basis of a fine-grained forward-secure signature scheme that is secure and efficient. The scheme allows to react immediately on hacker break-ins such that signatures from the past still remain valid without re-issuing them and future signature values based on an exposed key can be identified accordingly. In general, each prepared signature carries an ascending index such that once an index is used, no lower index can be used to sign. Then, whenever an adversary breaks in, an honest signer can just announce the current index, e.g., by signing some special message with respect to the current index, as part of the revocation message for the current time period. It is then understood that all signatures made in prior time periods as well as all signatures make in the revoked period up to the announced index are valid, i.e., non-reputable.
摘要翻译：所提出的方法构成了可靠安全的前向安全签名方案的基础。此外，提出的方法也是安全有效的细粒度前向安全签名方案的基础。该方案允许立即对黑客入侵进行反应，使得过去的签名仍然保持有效，而不重新发布它们，并且可以相应地识别基于暴露密钥的未来签名值。一般来说，每个准备的签名都带有上升索引，使得一旦使用索引，就不能使用较低的索引进行签名。那么，每当对手中断时，一个诚实的签名者就可以通过例如通过当前索引签署一些特殊消息来宣布当前的索引，作为当前时间段的撤消消息的一部分。据了解，在先前的时间段内进行的所有签名以及在所宣布的索引的撤销时间内的所有签名都是有效的，即非信誉的。

3. 发明授权

US08285647B2 Maintaining privacy for transactions performable by a user device having a security module 失效
标题翻译：维护具有安全模块的用户设备执行的事务的隐私
公开(公告)号：US08285647B2
公开(公告)日：2012-10-09
申请号：US12547051
申请日：2009-08-25
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： G06Q20/00 , G06F15/16
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译：本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。该系统包括提供发行者公钥PKI的发行者; 具有用于生成第一组认证签名值DAA1的安全模块的用户设备; 用于提供授权公钥PKPCA并发出第二认证值AV2的隐私认证机构计算机; 以及验证计算机，用于使用发行者公开密钥PKI和第二证书签名值DAA2的有效性与权限公钥PKPCA，第二证书签名集合来检查第一认证签名值DAA1的有效性值DAA2可由用户设备20从第二认证值AV2导出，其中可证实两组认证签名值DAA1，DAA2与用户设备有关。

4. 发明授权

US07543139B2 Revocation of anonymous certificates, credentials, and access rights 有权
标题翻译：撤销匿名证书，凭据和访问权限
公开(公告)号：US07543139B2
公开(公告)日：2009-06-02
申请号：US10325790
申请日：2002-12-19
申请人： Jan Camenisch , Anna Lysyanskaya
发明人： Jan Camenisch , Anna Lysyanskaya
IPC分类号： H04L9/00
CPC分类号： H04L9/3255 , H04L9/3218 , H04L9/3268 , H04L2209/42
摘要： In accordance with the present invention, there is given methods, systems and apparatus for revoking a derived credential formed from an initial credential and an indication value within a network. An example method comprises the steps of: updating an accumulator value based on a plurality of user credential keys where each user credential key is associated with a user device entitled to the derived credential; providing public information that comprises a public key for verifying the initial credential and the accumulator value; an entity receiving from a user device derived-credential information comprising an initial-credential information and an indication-value information indicating that the user credential key is inherently included in the accumulator value, and request information; and, processing the request information in response to verifying by the entity that the initial-credential information and the indication-value information are valid.
摘要翻译：根据本发明，给出了用于撤销由网络内的初始凭证和指示值形成的导出凭证的方法，系统和装置。一个示例性方法包括以下步骤：基于多个用户证书密钥更新累加器值，其中每个用户凭证密钥与被授权获得的凭证的用户设备相关联; 提供包括用于验证初始凭证和累加器值的公开密钥的公共信息; 从用户设备接收的实体 - 包括初始凭证信息和表示用户凭证密钥固有地包括在累加器值中的指示值信息的凭证信息和请求信息; 以及响应于所述实体验证所述初始凭证信息和所述指示值信息是有效的，来处理所述请求信息。

5. 发明申请

US20080229097A1 Privacy-protecting integrity attestation of a computing platform 有权
标题翻译：计算平台的隐私保护完整性认证
公开(公告)号：US20080229097A1
公开(公告)日：2008-09-18
申请号：US12126978
申请日：2008-05-26
申请人： Endre Bangerter , Matthias Schunter , Michael Waidner , Jan Camenisch
发明人： Endre Bangerter , Matthias Schunter , Michael Waidner , Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： H04L9/3218 , H04L9/3234 , H04L2209/80
摘要： Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译：用于隐私保护计算平台完整性认证的系统，设备和方法。用于隐私保护计算平台（P）的完整性认证的示例方法具有可信平台模块（TPM），并且包括以下步骤。首先，计算平台（P）接收配置值（PCR1 ... PCRn）。然后，通过可信平台模块（TPM），确定取决于计算平台（P）的配置的配置值（PCRp）。在进一步的步骤中，配置值（PCRp）通过可信平台模块进行签名。最后，如果配置值（PCRp）是接收到的配置值（PCR1 ... PCRn）之一，则计算平台（P）向验证者（V）证明其知道签名（sign（PCRp ））接收配置值之一（PCR1 ... PCRn）。

6. 发明申请

US20070245138A1 Documenting Security Related Aspects in the Process of Container Shipping 失效
公开(公告)号：US20070245138A1
公开(公告)日：2007-10-18
申请号：US10575158
申请日：2004-08-20
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L9/30
CPC分类号： G06F21/577 , G06F21/64 , G06F21/645 , H04L9/3257 , H04L2209/127 , H04L2209/42
摘要： The present invention discloses a method for generating and verifying a user attestation-signature value (DAA′) and issuing an attestation value (cert) for the generation of the user attestation-signature value (DAA′). Further, the invention is related to a system for using a user attestation-signature value (DAA′) that corresponds to at least one attribute (A, B, C, D), each with an attribute value (w, x, y, z), none, one or more of the attribute values (x, y) remaining anonymous for transactions, the system comprising: a user device (20) having a security module (22) that provides a module public key (PKTPM) and a security module attestation value (DAA), the user device (20) providing a user public key (PKUC) that inherently comprises none, one, or more user determined attribute value (x, y) and a proof value demonstrating that the user public key (PKUC) is validly derived from the module public key (PKTPM) of the security module (22); an attester computer (30) that provides none, one, or more attester determined attribute value (w, z) and an attestation value (cert) that bases on an attester secret key (SKAC), the user public key (PKUC), and an anonymous attribute value (w, z); and a verification computer (40) for verifying whether or not (i) the user attestation-signature value (DAA′) was validly derived from the security module attestation value (DAA) provided by the security module (22) and the attestation value (cert), and (ii) the attestation value (cert) is associated with a subset (B, D) of at least one attribute, each attribute in the subset (B, D) having a revealed attribute value (x, z).

7. 发明申请

US20070244833A1 Maintaining Privacy for Transactions Performable by a User Device Having a Security Module 有权
标题翻译：维护具有安全模块的用户设备可执行的事务的隐私
公开(公告)号：US20070244833A1
公开(公告)日：2007-10-18
申请号：US10575045
申请日：2004-08-20
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： G06Q20/00
CPC分类号： G06F21/602 , G06F21/33 , G06F21/57 , G06Q20/382 , G06Q20/3829 , G06Q20/401 , H04L9/321 , H04L9/3234 , H04L9/3257
摘要： The present invention discloses a method and system for maintaining privacy for transactions performable by a user device having a security module with a privacy certification authority and a verifier. The system comprises an issuer providing an issuer public key PKI; a user device having a security module for generating a first set of attestation-signature values DAA1; a privacy certification authority computer for providing an authority public key PKPCA and issuing second attestation values AV2; and a verification computer for checking the validity of the first set of attestation signature values DAA1 with the issuer public key PKI and the validity of a second set of attestation-signature values DAA2 with the authority public key PKPCA, the second set of attestation-signature values DAA2 being derivable by the user device 20 from the second attestation values AV2, wherein it is verifiable that the two sets of attestation-signature values DAA1, DAA2 relate to the user device.
摘要翻译：本发明公开了一种用于维护由具有具有隐私认证机构和验证者的安全模块的用户设备执行的事务的私密性的方法和系统。该系统包括提供发行者公钥PKI的发行者; 用户设备具有用于生成第一组认证签名值DAA 1的安全模块; 用于提供授权公钥PKPCA并发出第二证明值AV 2的隐私认证机构计算机; 以及验证计算机，用于使用发行者公开密钥PKI和第二组认证签名值DAA 2的有效性公钥PKPCA来检查第一认证签名值DAA 1的有效性，第二组认证由用户设备20从第二证明值AV 2导出的签名值DAA 2，其中可证实两组认证签名值DAA 1，DAA 2与用户设备有关。

8. 发明申请

US20130007461A1 NON-TRANSFERABLE ANONYMOUS DIGITAL RECEIPTS 失效
标题翻译：不可转让的无数字数字接收
公开(公告)号：US20130007461A1
公开(公告)日：2013-01-03
申请号：US13612263
申请日：2012-09-12
申请人： Elsie van Herrewegen , Jan Camenisch
发明人： Elsie van Herrewegen , Jan Camenisch
IPC分类号： H04L9/32
CPC分类号： H04L9/3247 , G06Q20/0453 , H04L2209/42 , H04L2209/56
摘要： A system and method for verifying ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing a request message with a second public key, determining whether or not the proof message was derived from the second public key.
摘要翻译：一种用于验证提供公共密钥基础设施的通信系统中的电子收据的所有权的系统和方法，所述验证是由在第一方和验证方之间发送和接收的一系列消息产生的，所述方法包括以下步骤：接收来自第一方的证明消息，证明消息基于由第一方所拥有的秘密从至少第一公钥导出，并且其中该秘密至少与第一方的另一个公钥的秘密相关联;以及通过用第二公开密钥电子地签署请求消息而发出的电子收据，确定证明消息是否从第二公开密钥导出。

9. 发明申请

US20120296829A1 Unlinkable Priced Oblivious Transfer with Rechargeable Wallets 审中-公开
标题翻译：带有可充电钱包的无法连接的价格转移
公开(公告)号：US20120296829A1
公开(公告)日：2012-11-22
申请号：US13574086
申请日：2010-11-12
申请人： Jan Camenisch , Maria Dubovitskaya , Gregory Neven
发明人： Jan Camenisch , Maria Dubovitskaya , Gregory Neven
IPC分类号： G06Q20/36 , G06F21/24 , G06F17/30
CPC分类号： G06Q20/401 , G06Q20/367 , G06Q20/38 , G06Q30/0603 , G06Q2220/00
摘要： A protocol that allows customers to buy database records while remaining fully anonymous, i.e. the database server does not learn who purchases a record, and cannot link purchases by the same customer; the database server does not learn which record is being purchased, nor the price of the record that is being purchased; the customer can only obtain a single record per purchase, and cannot spend more than his account balance; the database server does not learn the customer's remaining balance. In the protocol customers keep track of their own balances, rather than leaving this to the database server. The protocol allows customers to anonymously recharge their balances.
摘要翻译：一种协议，允许客户在完全匿名的情况下购买数据库记录，即数据库服务器不会了解谁购买记录，并且无法链接同一客户的购买; 数据库服务器不了解正在购买哪个记录，也不知道正在购买的记录的价格; 客户只能获得每次购买的单个记录，不能超过其账户余额; 数据库服务器不会了解客户的余额。在协议中，客户跟踪自己的余额，而不是将其留给数据库服务器。该协议允许客户匿名补充余额。

10. 发明授权

US08122245B2 Anonymity revocation 失效
标题翻译：匿名撤销
公开(公告)号：US08122245B2
公开(公告)日：2012-02-21
申请号：US12167488
申请日：2008-07-03
申请人： Jan Camenisch
发明人： Jan Camenisch
IPC分类号： H04L29/06
CPC分类号： G06Q30/04 , H04L9/3234 , H04L9/3247 , H04L2209/42 , H04L2209/56
摘要： Methods and systems for anonymity revocation, enabling a trusted entity to identify a user computer within an anonymous system. A system comprises an attester computer providing attestation value cert from a security module public key and an identifying value. The user computer having a module providing the module public key and a security module attestation value, the user computer providing a user public key, a user attestation-signature value derived from the attestation value cert, and an encryption computable under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; a verification computer verifying validity of received user attestation-signature value and the encryption; and a trusted entity having a trusted entity secret key, wherein the trusted entity is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.
摘要翻译：用于匿名撤销的方法和系统，使可信实体能够识别匿名系统内的用户计算机。系统包括从安全模块公开密钥和识别值提供认证价值证书的服务器计算机。具有提供模块公钥的模块和安全模块认证值的用户计算机，提供用户公开密钥的用户计算机，从认证值证书导出的用户认证签名值，以及可信任的使用中可计算的加密，实体公钥和模块生成标识符值，与识别值相关的模块生成标识符值; 验证接收到的用户认证签名值和加密的有效性的验证计算机; 以及具有可信实体秘密密钥的可信实体，其中所述可信实体能够从所述加密中导出所述模块生成的标识符值，所述模块生成的标识符值可用于使用所述安全模块来标识所述用户计算机。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式