Replacing blinded authentication authority
First Claim
Patent Images
1. At a manufacturing entity, a method comprising:
- providing a blinded signature to a secure device;
associating a time with the blinded signature; and
if a signing key is compromised, providing a time of the compromise to a replacement authority; and
providing the time associated with the blinded signature to the replacement authority.
1 Assignment
0 Petitions
Accused Products
Abstract
A manufacturing entity providing a blinded signature to a secure device, associating a time with the blinded signature, and if a signing key is compromised, providing a time of the compromise to a replacement authority and providing the time associated with the blinded signature to the replacement authority.
109 Citations
31 Claims
-
1. At a manufacturing entity, a method comprising:
-
providing a blinded signature to a secure device;
associating a time with the blinded signature; and
if a signing key is compromised, providing a time of the compromise to a replacement authority; and
providing the time associated with the blinded signature to the replacement authority. - View Dependent Claims (2, 3, 4, 17, 18, 19, 20)
-
-
5. At a replacement authority, a method comprising:
-
receiving, from a manufacturing entity, a time of a signing key compromise;
and a first time associated with a first blinded signature provided to a secure device by the manufacturing entity. - View Dependent Claims (6, 7, 8, 9, 10, 21, 22, 23, 24, 25, 26)
-
-
11. At a secure device, a method comprising:
-
receiving a first blinded signature from a manufacturing entity; and
if a signing key of the manufacturing entity is compromised, authenticating the secure device to a replacement authority; and
receiving a second blinded signature from the replacement authority. - View Dependent Claims (12, 13, 14, 27, 28, 29, 30)
-
-
15. A method comprising:
-
a manufacturing entity receiving a first blinded identity and a first time stamped blinded identity ticket from a secure device;
the manufacturing entity signing the first blinded identity and sending the signed first blinded identity to the secure device;
the manufacturing entity obtaining and storing a first time stamp based on the time of creation of the first blinded identity ticket; and
if a signing key of the manufacturing entity is compromised, the manufacturing entity providing a time of the compromise to a replacement authority;
the manufacturing entity providing the first time stamp to the replacement authority;
the replacement authority receiving the time of the compromise;
the replacement authority receiving the first time stamp and comparing the time of the first time stamp to the time of the compromise;
the replacement authority initiating a zero knowledge protocol for authenticating the secure device using the identity ticket;
the replacement authority receiving a second blinded identity and a second blinded identity ticket from the secure device;
the replacement authority signing the second blinded identity and sending the signed second blinded identity to the secure device; and
the replacement authority obtaining and storing a second time stamp based on the time of creation of the second blinded identity ticket. - View Dependent Claims (31)
-
-
16. A system comprising:
-
a processor to execute programs of the system;
a storage unit, communicatively coupled to the processor, to store programs of the system;
a communication interface, communicatively coupled to the processor, to communicate with a network;
and a trusted program stored in the storage unit and executable on the processor of the system, the trusted program to send a first blinded identity and an associated first blinded identity ticket to a manufacturing entity using the communication interface;
receive the signed first blinded identity from the manufacturing entity using the communication interface;
initiate a zero knowledge protocol for communicating with the replacement authority using the communication interface;
send a second blinded identity and an associated second blinded identity ticket to the replacement authority using the communication interface; and
receive the signed second blinded identity from the replacement authority using the communication interface.
-
Specification