Anonymity revocation
First Claim
1. A method for enabling a trusted entity to identify a user computer with a security module within a system comprising further an attester computer and a verification computer, the method comprising at the user computer the steps of:
- receiving from the attester computer an attestation value, the attestation value being derived from a security module public key and an identifying value;
deriving under use of the security module a user attestation-signature value from the attestation value;
computing an encryption by the user computer under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; and
providing the user attestation-signature value and the encryption to the verification computer for verification, wherein the trusted entity having a trusted entity secret key is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for anonymity revocation, enabling a trusted entity to identify a user computer within an anonymous system. A system comprises an attester computer providing attestation value cert from a security module public key and an identifying value. The user computer having a module providing the module public key and a security module attestation value, the user computer providing a user public key, a user attestation-signature value derived from the attestation value cert, and an encryption computable under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; a verification computer verifying validity of received user attestation-signature value and the encryption; and a trusted entity having a trusted entity secret key, wherein the trusted entity is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module.
-
Citations
20 Claims
-
1. A method for enabling a trusted entity to identify a user computer with a security module within a system comprising further an attester computer and a verification computer, the method comprising at the user computer the steps of:
-
receiving from the attester computer an attestation value, the attestation value being derived from a security module public key and an identifying value;
deriving under use of the security module a user attestation-signature value from the attestation value;
computing an encryption by the user computer under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value; and
providing the user attestation-signature value and the encryption to the verification computer for verification, wherein the trusted entity having a trusted entity secret key is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module. - View Dependent Claims (2, 3, 4, 10, 11, 13, 16)
-
-
5. A method for enabling a trusted entity to identify a user computer comprising further an attester computer and a verification computer, the method comprising at the trusted entity the steps of:
-
providing a trusted-entity public key;
receiving an encryption computed by the user computer under use of the trusted-entity public key, wherein the encryption comprises a module-generated-identifier value relating to an identifying value which together with a security module public key was used by the attester computer to generate an attestation value; and
deriving the module-generated-identifier value from the encryption by applying a trusted entity secret key, the derived module-generated-identifier value being usable to identify the user computer with the security module. - View Dependent Claims (6, 17)
-
-
7. A method for verifying a user attestation-signature value by a verification computer within a system in which an identity of a user computer with a security module is identifiable by a trusted entity, the system comprising further, and an attester computer, the method comprising at the verification computer the steps of:
-
receiving the user attestation-signature value and an encryption for verification, the encryption having been computed by the user computer under use of a trusted-entity public key and a module-generated-identifier value that relates to an identifying value which together with a security module public key was used by the attester computer to generate an attestation value, wherein the user computer under use of the security module derived the user attestation-signature value from the attestation value, wherein the trusted entity having a trusted entity secret key is able to derive the module-generated-identifier value from the encryption, the derived module-generated-identifier value being usable to identify the user computer with the security module; and
verifying the validity of the received user attestation-signature value and the encryption. - View Dependent Claims (8, 18)
-
-
9. A method for enabling identification of a user computer with a security module by a trusted entity within a system comprising further an attester computer and a verification computer, the method comprising at the attester computer the steps of:
-
deriving an attestation value from a security module public key and an identifying value;
providing the attestation value to the user computer which under use of the security module is able to derive a user attestation-signature value from the attestation value and to compute an encryption under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value, the user attestation-signature value and the encryption being verifiable by the verification computer, wherein the trusted entity having a trusted entity secret key is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module. - View Dependent Claims (14, 15, 19)
-
-
12. A network for enabling identification a user computer by a trusted entity, comprising:
-
an attester computer that provides an attestation value from a security module public key and an identifying value;
the user computer having a security module that provides the module public key and a security module attestation value, the user computer providing a user public key, a user attestation-signature value derived from the attestation value, and an encryption computable under use of a trusted-entity public key and a module-generated-identifier value, the module-generated-identifier value relating to the identifying value;
a verification computer for verifying the validity of the received user attestation-signature value and the encryption; and
a trusted entity having a trusted entity secret key, wherein the trusted entity is able to derive the module-generated-identifier value from the encryption, the module-generated-identifier value being usable to identify the user computer with the security module. - View Dependent Claims (20)
-
Specification