Method and apparatus for anonymous and trustworthy authentication in pervasive social networking

US 10,291,587 B2
Filed: 06/25/2013
Issued: 05/14/2019
Est. Priority Date: 06/25/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

at least one processor; and

at least one memory comprising computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;

issue token information to a first node registered with the apparatus, wherein the token information indicates a first token and a backup token to enable the first node to change from the first token to the backup token for anonymous authentication, the first token including a first validity period for the first token, a first pseudonym identifier to enable the anonymous authentication of the first node with a second node, a first trust value for the first validity period, and the backup token including a second validity period for the backup token, a second pseudonym identifier to enable the anonymous authentication of the first node, and a second trust value for the second validity period, the first token and the backup token being issued at the same time as part of the token information; and

distribute a token list to a plurality of nodes registered with the apparatus, wherein the token list is associated with tokens for the plurality of nodes comprising at least the first node and a second node, and wherein the token information and the token list enable the anonymous authentication between the first node and the second node, wherein the backup token is used for the anonymous authentication between the first node and the second node after the first validity period has expired and the apparatus is unavailable to the first node and/or the second node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for anonymous authentication may comprise: issuing token information to a first node registered with a network entity, wherein the token information indicates one or more tokens for the first node; distributing a token list to a plurality of nodes registered with the network entity, wherein the token list is associated with respective tokens for the plurality of nodes comprising at least the first node and a second node, and wherein the token information and the token list are used for an anonymous authentication between the first node and the second node.

Citations

12 Claims

1. An apparatus, comprising:
- at least one processor; and
  
  at least one memory comprising computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  issue token information to a first node registered with the apparatus, wherein the token information indicates a first token and a backup token to enable the first node to change from the first token to the backup token for anonymous authentication, the first token including a first validity period for the first token, a first pseudonym identifier to enable the anonymous authentication of the first node with a second node, a first trust value for the first validity period, and the backup token including a second validity period for the backup token, a second pseudonym identifier to enable the anonymous authentication of the first node, and a second trust value for the second validity period, the first token and the backup token being issued at the same time as part of the token information; and
  
  distribute a token list to a plurality of nodes registered with the apparatus, wherein the token list is associated with tokens for the plurality of nodes comprising at least the first node and a second node, and wherein the token information and the token list enable the anonymous authentication between the first node and the second node, wherein the backup token is used for the anonymous authentication between the first node and the second node after the first validity period has expired and the apparatus is unavailable to the first node and/or the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus according to claim 1, wherein the second trust value of the backup token is less than the first trust value of the first token in order to trigger the first node return to the apparatus for issuance of additional token information, and wherein the backup token enables the first node to change the anonymous authentication to the second pseudonym identifier.
  - 3. The apparatus according to claim 2, wherein at least a portion of the first token enables the first node to generate security information including a short-lived public and private keys for the anonymously authenticate to the second node, the security information enabling the first node to anonymous authentication over a mobile ad hoc network with the second node in order to access a social network.
  - 4. The apparatus according to claim 3, wherein the second trust value of the first node corresponds to an extension to the first validity period, wherein the second trust value is set based at least in part on a trust value change pattern generated based at least in part on historical statistics for the first node.
  - 5. The apparatus according to claim 1, wherein the token list is updated based at least in part on a change of the tokens for the plurality of nodes.
  - 6. The apparatus according to claim 1, wherein the token list comprises an aggregated list of hashed tokens certified by the apparatus.
  - 7. The apparatus according to claim 1, wherein the apparatus comprises a trusted server configured to at least provide token information to enable the anonymous authentication between at least the first node and the second node participating in a social network.

8. An apparatus, comprising:
- at least one processor; and
  
  at least one memory comprising computer program code,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least;
  
  obtain token information from a network entity with which the apparatus is registered, wherein the token information indicates a first token and a backup token to enable the apparatus to change from the first token to the backup token for anonymous authentication, the first token including a first validity period for the first token, a first pseudonym identifier to enable the anonymous authentication of the apparatus with a second node, a first trust value for the first validity period, and the backup token including a second validity period for the backup token, a second pseudonym identifier to enable the anonymous authentication of the apparatus, a second trust value for the second validity period, the first token and the backup token being obtained at the same time as part of the token information;
  
  generate security information for the apparatus based at least in part on the backup token information in response to the first validity period expiring and the network entity being unavailable to the apparatus and/or the second node; and
  
  send a message with authentication information to the second node, wherein the authentication information is associated with the security information and used for an anonymous authentication between the apparatus and the second node.
- View Dependent Claims (9, 10, 11)
- - 9. The apparatus according to claim 8, wherein the apparatus is further configured to at least send the message over a mobile ad hoc network in order to access a social network.
  - 10. The apparatus according to claim 9, wherein at least a portion of the first token enables the apparatus to generate security information including a short-lived public and private keys for the anonymous authentication to the second node.
  - 11. The apparatus according to claim 10, wherein the authentication information comprises the short-lived public key of the apparatus, and a signature generated by using the short-lived private key of the apparatus.

12. A non-transitory a computer-readable medium including computer program code which when executed by at least one processor causes operations comprising:
- obtaining token information from a network entity with which a first node is registered, wherein the token information indicates a first token and a backup token to enable the first node to change from the first token to the backup token for anonymous authentication, the first token including a first validity period for the first token, a first pseudonym identifier to enable the anonymous authentication of the first node with a second node, a first trust value for the first validity period, and the backup token including a second validity period for the backup token, a second pseudonym identifier to enable the anonymous authentication of the first node, a second trust value for the second validity period, the first token and the backup token being obtained at the same time as part of the token information;
  
  generating security information for the first node based at least in part on the backup token information in response to the first validity period expiring and the network entity being unavailable to the first node and/or the second node; and
  
  sending a message with authentication information to the second node from the first node, wherein the authentication information is associated with the security information and used for the anonymous authentication between the first node and the second node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Yan, Zheng
Primary Examiner(s)
Lesniewski, Victor

Application Number

US14/896,988
Publication Number

US 20160127341A1
Time in Patent Office

2,149 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/601   Broadcast encryption

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0884   by delegation of authentica...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

H04L 9/3273   for mutual authentication n...

H04L 9/50   using hash chains, e.g. blo...

H04W 4/21   for social networking appli...

Method and apparatus for anonymous and trustworthy authentication in pervasive social networking

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for anonymous and trustworthy authentication in pervasive social networking

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links