User controlled anonymity when evaluating into a role

US 20050283608A1
Filed: 06/17/2004
Published: 12/22/2005
Est. Priority Date: 06/17/2004
Status: Active Grant

First Claim

Patent Images

1. A method for anonymous role authentication, comprising:

receiving a role authentication certificate from a role authenticator, wherein said role authentication certificate certifies that the holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate;

establishing an anonymous channel for anonymously presenting said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of any disclosure of said identity for authenticated role-based accesses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user'"'"'s identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses.

74 Citations

View as Search Results

26 Claims

1. A method for anonymous role authentication, comprising:
- receiving a role authentication certificate from a role authenticator, wherein said role authentication certificate certifies that the holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate;
  
  establishing an anonymous channel for anonymously presenting said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of any disclosure of said identity for authenticated role-based accesses.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method for anonymous role authentication according to claim 1, further comprising:
    - requesting said role authentication certificate from said role authenticator;
      
      providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role;
      
      engaging in a blind signature correspondence with said role authenticator; and
      
      receiving a blinded role authentication certificate signed by said role authenticator, wherein said blinded role authenticator certificate authenticates said particular user in said particular role without revealing said identity of said particular user.
  - 3. The method for anonymous role authentication according to claim 2, wherein providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - providing an encrypted sessions key that when verified with a public key of said particular user authenticates an identity of said particular user, wherein said role authenticator matches said identity within a plurality of identities of members of said particular role to authenticate said user into said particular role.
  - 4. The method for anonymous role authentication according to claim 2, wherein providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - providing a signed role authentication certificate authenticating said holder of said certificate as authenticated to a second role, wherein by authenticating to said second role said holder of said certificate proves membership to said particular role.
  - 5. The method for anonymous role authentication according to claim 1, wherein said role authenticator and said resource protector are controlled by a single entity.
  - 6. The method for anonymous role authentication according to claim 1, wherein establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - establishing said anonymous communication channel comprising a plurality of nodes wherein each of said plurality of nodes only knows of a previous node and a following node.
  - 7. The method for anonymous role authentication according to claim 1, further comprising:
    - maintaining said anonymous channel for communicating with said resource protector after authenticating into said particular role.
  - 8. The method for anonymous role authentication according to claim 1, wherein establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - presenting said role authentication certificate and a session key to said resource protector, wherein upon authentication into said particular role, said resource protector enables access to said resource for requests associated with said session key.
  - 9. The method for anonymous role authentication according to claim 1, wherein said role authentication certificate is valid for a particular number of presentations.

10. A system for anonymous role authentication, comprising:
- an anonymous authentication controller communicatively connected to a network;
  
  said anonymous authentication controller further comprising;
  
  means for receiving a role authentication certificate from a role authenticator via said network, wherein said role authentication certificate certifies that the holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate; and
  
  means for establishing an anonymous channel via said network for anonymously presenting said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of said identity for authenticated role-based accesses.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system for anonymous role authentication according to claim 10, further comprising:
    - means for requesting said role authentication certificate from said role authenticator;
      
      means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role;
      
      means for engaging in a blind signature correspondence with said role authenticator; and
      
      means for receiving a blinded role authentication certificate signed by said role authenticator, wherein said blinded role authenticator certificate authenticates said particular user in said particular role without revealing said identity of said particular user.
  - 12. The system for anonymous role authentication according to claim 11, wherein said means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - means for providing an encrypted sessions key that when verified with a public key of said particular user authenticates an identity of said particular user, wherein said role authenticator matches said identity within a plurality of identities of members of said particular role to authenticate said user into said particular role.
  - 13. The system for anonymous role authentication according to claim 11, wherein said means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - means for providing a signed role authentication certificate authenticating said holder of said certificate as authenticated to a second role, wherein by authenticating to said second role said holder of said certificate proves membership to said particular role.
  - 14. The system for anonymous role authentication according to claim 10, wherein said role authenticator and said resource protector are controlled by a single entity.
  - 15. The system for anonymous role authentication according to claim 10, wherein said means for establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - means for establishing said anonymous communication channel comprising a plurality of nodes wherein each of said plurality of nodes only knows of a previous node and a following node.
  - 16. The system for anonymous role authentication according to claim 10, further comprising:
    - means for maintaining said anonymous channel for communicating with said resource protector after authenticating into said particular role.
  - 17. The system for anonymous role authentication according to claim 10, wherein said means for establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - means for presenting said role authentication certificate and a session key to said resource protector, wherein upon authentication into said particular role, said resource protector enables access to said resource for requests associated with said session key.
  - 18. The system for anonymous role authentication according to claim 10, wherein said role authentication certificate is valid for a particular number of presentations.

19. A computer program product, residing on a computer readable medium, for anonymous role authentication, comprising:
- means for receiving a role authentication certificate from a role authenticator via said network, wherein said role authentication certificate certifies that the holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate;
  
  means for establishing an anonymous channel via said network for anonymously presenting said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of said identity for authenticated role-based accesses.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The computer program product for anonymous role authentication according to claim 19, further comprising:
    - means for requesting said role authentication certificate from said role authenticator;
      
      means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role;
      
      means for engaging in a blind signature correspondence with said role authenticator; and
      
      means for receiving a blinded role authentication certificate signed by said role authenticator, wherein said blinded role authenticator certificate authenticates said particular user in said particular role without revealing said identity of said particular user.
  - 21. The computer program product for anonymous role authentication according to claim 20, wherein said means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - means for providing an encrypted sessions key that when verified with a public key of said particular user authenticates an identity of said particular user, wherein said role authenticator matches said identity within a plurality of identities of members of said particular role to authenticate said user into said particular role.
  - 22. The computer program product for anonymous role authentication according to claim 20, wherein said means for providing a credential that enables said role authenticator to determine that said particular user is a member of said particular role further comprises:
    - means for providing a signed role authentication certificate authenticating said holder of said certificate as authenticated to a second role, wherein by authenticating to said second role said holder of said certificate proves membership to said particular role.
  - 23. The computer program product for anonymous role authentication according to claim 19, further comprising:
    - means for delaying establishing said anonymous channel after receiving said role authentication certificate.
  - 24. The computer program product for anonymous role authentication according to claim 19, wherein said means for establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - means for establishing said anonymous communication channel comprising a plurality of nodes wherein each of said plurality of nodes only knows of a previous node and a following node.
  - 25. The computer program product for anonymous role authentication according to claim 19, further comprising:
    - means for maintaining said anonymous channel for communicating with said resource protector after authenticating into said particular role.
  - 26. The computer program product for anonymous role authentication according to claim 19, wherein said means for establishing an anonymous channel for anonymously presenting said role authentication certificate to said resource protector further comprises:
    - means for presenting said role authentication certificate and a session key to said resource protector, wherein upon authentication into said particular role, said resource protector enables access to said resource for requests associated with said session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ratliff, Emily Jane, Kirkland, Dustin C., Halcrow, Michael Austin

Granted Patent

US 7,472,277 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06Q 20/3674   involving authentication

G06Q 20/3678   e-cash details, e.g. blinde...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0421   Anonymous communication, i....

H04L 63/0823   using certificates cryptogr...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3263   involving certificates, e.g...

User controlled anonymity when evaluating into a role

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

User controlled anonymity when evaluating into a role

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links