Replacing blinded authentication authority

US 20050137898A1
Filed: 12/22/2003
Published: 06/23/2005
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. At a manufacturing entity, a method comprising:

providing a blinded signature to a secure device;

associating a time with the blinded signature; and

if a signing key is compromised, providing a time of the compromise to a replacement authority; and

providing the time associated with the blinded signature to the replacement authority.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A manufacturing entity providing a blinded signature to a secure device, associating a time with the blinded signature, and if a signing key is compromised, providing a time of the compromise to a replacement authority and providing the time associated with the blinded signature to the replacement authority.

109 Citations

View as Search Results

31 Claims

1. At a manufacturing entity, a method comprising:
- providing a blinded signature to a secure device;
  
  associating a time with the blinded signature; and
  
  if a signing key is compromised, providing a time of the compromise to a replacement authority; and
  
  providing the time associated with the blinded signature to the replacement authority.
- View Dependent Claims (2, 3, 4, 17, 18, 19, 20)
- - 2. The method of claim 1 wherein providing a blinded signature to a secure device further comprises:
    - receiving a blinded identity and an associated blinded identity ticket from a secure device; and
      
      signing the blinded identity and sending the signed blinded identity to the secure device.
  - 3. The method of claim 2 wherein associating a time with the blinded signature further comprises:
    - obtaining a time stamp based on the time of creation of the blinded identity ticket and storing the time stamp.
  - 4. The method of claim 3 wherein providing the time associated with the blinded signature to the replacement authority further comprises:
    - providing access to the time stamp to the replacement authority.
  - 17. A machine readable medium having stored thereon data which when accessed by a machine causes the machine to perform the method of claim 1.
  - 18. The machine readable medium of claim 17 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 2.
  - 19. The machine readable medium of claim 18 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 3.
  - 20. The machine readable medium of claim 19 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 4.

5. At a replacement authority, a method comprising:
- receiving, from a manufacturing entity, a time of a signing key compromise;
  
  and a first time associated with a first blinded signature provided to a secure device by the manufacturing entity.
- View Dependent Claims (6, 7, 8, 9, 10, 21, 22, 23, 24, 25, 26)
- - 6. The method of claim 5 further comprising, at the replacement authority, authenticating the secure device;
    - providing a second blinded signature to the secure device; and
      
      recording a second time associated with the second blinded signature.
  - 7. The method of claim 6 wherein receiving a time associated with a first blinded signature further comprises receiving access to a first time stamp based on the time of creation of a first blinded identity ticket associated with a first blinded identity of the secure device.
  - 8. The method of claim 7 wherein authenticating the secure device further comprises:
    - initiating a zero knowledge protocol for communicating with the secure device; and
      
      comparing the first time stamp to the time of the signing key compromise.
  - 9. The method of claim 8 wherein providing a second blinded signature to the secure device further comprises receiving a second blinded identity and an associated second blinded identity ticket from the secure device;
    - signing the second blinded identity and sending the signed second blinded identity to the secure device.
  - 10. The method of claim 9 wherein recording a time associated with the second blinded signature further comprises:
    - obtaining a second time stamp based on the time of creation of the second blinded identity ticket; and
      
      storing the second time stamp.
  - 21. A machine readable medium having stored thereon data which when accessed by a machine causes the machine to perform the method of claim 5.
  - 22. The machine readable medium of claim 21 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 6.
  - 23. The machine readable medium of claim 22 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 7.
  - 24. The machine readable medium of claim 23 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 8.
  - 25. The machine readable medium of claim 24 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 9.
  - 26. The machine readable medium of claim 25 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 10.

11. At a secure device, a method comprising:
- receiving a first blinded signature from a manufacturing entity; and
  
  if a signing key of the manufacturing entity is compromised, authenticating the secure device to a replacement authority; and
  
  receiving a second blinded signature from the replacement authority.
- View Dependent Claims (12, 13, 14, 27, 28, 29, 30)
- - 12. The method of claim 11 wherein receiving a first blinded signature from a manufacturing entity further comprises:
    - sending a first blinded identity and an associated first blinded identity ticket to the manufacturing entity; and
      
      receiving the signed first blinded identity from the manufacturing entity.
  - 13. The method of claim 12 wherein authenticating the secure device to a replacement authority further comprises:
    - initiating a zero knowledge protocol for communicating with the replacement authority.
  - 14. The method of claim 12 wherein receiving a second blinded signature from the replacement authority further comprises:
    - sending a second blinded identity and an associated second blinded identity ticket to the replacement authority; and
      
      receiving the signed second blinded identity from the replacement authority.
  - 27. A machine readable medium having stored thereon data which when accessed by a machine causes the machine to perform the method of claim 11.
  - 28. The machine readable medium of claim 27 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 12.
  - 29. The machine readable medium of claim 28 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 13.
  - 30. The machine readable medium of claim 29 having stored thereon further data which when accessed by a machine causes the machine causes the machine to perform the method of claim 14.

15. A method comprising:
- a manufacturing entity receiving a first blinded identity and a first time stamped blinded identity ticket from a secure device;
  
  the manufacturing entity signing the first blinded identity and sending the signed first blinded identity to the secure device;
  
  the manufacturing entity obtaining and storing a first time stamp based on the time of creation of the first blinded identity ticket; and
  
  if a signing key of the manufacturing entity is compromised, the manufacturing entity providing a time of the compromise to a replacement authority;
  
  the manufacturing entity providing the first time stamp to the replacement authority;
  
  the replacement authority receiving the time of the compromise;
  
  the replacement authority receiving the first time stamp and comparing the time of the first time stamp to the time of the compromise;
  
  the replacement authority initiating a zero knowledge protocol for authenticating the secure device using the identity ticket;
  
  the replacement authority receiving a second blinded identity and a second blinded identity ticket from the secure device;
  
  the replacement authority signing the second blinded identity and sending the signed second blinded identity to the secure device; and
  
  the replacement authority obtaining and storing a second time stamp based on the time of creation of the second blinded identity ticket.
- View Dependent Claims (31)
- - 31. A machine readable medium having stored thereon data which when accessed by a machine causes the machine to perform the method of claim 15.

16. A system comprising:
- a processor to execute programs of the system;
  
  a storage unit, communicatively coupled to the processor, to store programs of the system;
  
  a communication interface, communicatively coupled to the processor, to communicate with a network;
  
  and a trusted program stored in the storage unit and executable on the processor of the system, the trusted program to send a first blinded identity and an associated first blinded identity ticket to a manufacturing entity using the communication interface;
  
  receive the signed first blinded identity from the manufacturing entity using the communication interface;
  
  initiate a zero knowledge protocol for communicating with the replacement authority using the communication interface;
  
  send a second blinded identity and an associated second blinded identity ticket to the replacement authority using the communication interface; and
  
  receive the signed second blinded identity from the replacement authority using the communication interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie, Wood, Matthew D.

Granted Patent

US 8,037,314 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

G06F 21/33   using certificates

G06F 21/72   in cryptographic circuits

G06F 2221/2151   Time stamp

H04L 9/0891   Revocation or update of sec...

H04L 9/3257   using blind signatures

H04L 9/3297   involving time stamps, e.g....

Replacing blinded authentication authority

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Replacing blinded authentication authority

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links