Platform and method for establishing provable identities while maintaining privacy

US 20060080528A1
Filed: 11/29/2005
Published: 04/13/2006
Est. Priority Date: 06/28/2000
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method for utilizing a pseudonym to protect the identity of a platform and its user is described. The method comprises producing a pseudonym that includes a public pseudonym key. The public pseudonym key is placed in a certificate template. Hash operations are performed on the certificate template to produce a certificate hash value, which is transformed from the platform. Thereafter, a signed result is returned to the platform. The signed result is a digital signature for the transformed certificate hash value. Upon performing an inverse transformation of the signed result, a digital signature of the certificate hash value is recovered. This digital signature may be used for data integrity checks for subsequent communications using the pseudonym.

109 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. A method comprising:
- producing a pseudonym including a public pseudonym key within a first platform;
  
  placing the public pseudonym key into a certificate template;
  
  performing a hash operation on the certificate template to produce a certificate hash value;
  
  performing a transformation on the certificate hash value to create a blinded certificate hash value;
  
  creating a certificate request including the blinded certificate hash value;
  
  digitally signing the certification request with a private key of the first platform to produce a signed certification request; and
  
  transferring the signed certificate request with a device certificate including a public key of the first platform.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method of claim 21, wherein the producing of the pseudonym includes generating the public pseudonym key and a private pseudonym key corresponding to the public pseudonym key.
  - 23. The method of claim 21, wherein the placing of the public pseudonym key into the certificate template includes writing the public pseudonym key into a field of the certificate template.
  - 24. The method of claim 21, wherein the performing of the transformation comprises:
    - performing a logical operation on the certificate hash value using a pseudo-random number to produce a value differing from the certificate hash value.
  - 25. The method of claim 24, wherein the pseudo-random number is a predetermined value raised to an inverse power designated by a pseudo-random value.
  - 26. The method of claim 21 further comprising:
    - encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.
  - 27. The method of claim 26 further comprising recovering by the second platform the public key of the first platform from the device certificate using a public key of a certification authority, the public key being used to recover and verify the device certificate.
  - 28. The method of claim 27 further comprising:
    - digitally signing the blinded certificate hash value to produce a signed result; and
      
      transferring the signed result back to the first platform.

29. A platform comprising:
- a transceiver; and
  
  a device in communication with the transceiver, the device including a persistent memory to contain a permanent key pair, at least one pseudonym generated internally within the device and a digital signature of a hash value of a digital certificate chain that includes a public pseudonym key of the at least one pseudonym.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The platform of claim 29, wherein the device further includes:
    - a processing unit to (i) write the public pseudonym key into a certificate template, (ii) perform a hash operation on the certificate template to produce a certificate hash value, (iii) to perform a transformation operation on the certificate hash value.
  - 31. The platform of claim 30, wherein the processing unit of the device further produces a digital signature of at least the transformed certificate hash value using a private key of the permanent key pair.
  - 32. The platform of claim 29, wherein the processing unit of the device further appending a device certificate with the digital signature of at least the transformed certificate hash value.
  - 33. The platform of claim 32, wherein the device certificate is the digital certificate chain.

34. A method comprising:
- producing a pseudonym within a first platform, the pseudonym representing a persistent identity of the first platform so long as the user chooses to retain the pseudonym;
  
  performing a hash operation on a certificate template including pseudonym to produce a certificate hash value;
  
  performing a transformation on a certificate hash value to create a blinded certificate hash value by multiplying the certificate hash value, being a hash value of information including the pseudonym, by a pseudo-random number generated within and maintained by the first platform; and
  
  transmitting the pseudonym in an obfuscated format to a second platform.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The method of claim 34, wherein the transmitting of the pseudonym comprises creating a certificate request including the blinded certificate hash value;
    - digitally signing the certification request with a private key of the first platform to produce a signed certification request; and
      
      transferring the signed certificate request with a device certificate including a public key of the first platform.
  - 36. The method of claim 35, wherein the private key of the first platform and the public key of the first platform are permanently stored and associated with the first platform.
  - 37. The method of claim 34, wherein the producing of the pseudonym includes generating the public pseudonym key and a private pseudonym key corresponding to the public pseudonym key.
  - 38. The method of claim 37, wherein prior to performing the hash operation, the method further comprises placing the public pseudonym key into the certificate template by writing the public pseudonym key into a field of the certificate template.
  - 39. The method of claim 34, wherein the pseudo-random number is a predetermined value raised to an inverse power designated by a pseudo-random value.
  - 40. The method of claim 35, wherein the transmitting of the pseudonym further comprises:
    - encrypting the signed certificate request and the device certificate with a public key of a second platform targeted to receive the signed certificate request and the device certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Carl M. Ellison, James A. Sutton
Original Assignee
Carl M. Ellison, James A. Sutton
Inventors
Ellison, Carl M., Sutton, James A.

Granted Patent

US 7,516,330 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 9/3265   using certificate chains, t...

H04L 9/3271   using challenge-response

Platform and method for establishing provable identities while maintaining privacy

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Platform and method for establishing provable identities while maintaining privacy

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links