ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES

US 20100131765A1
Filed: 11/26/2008
Published: 05/27/2010
Est. Priority Date: 11/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method employed by a certificate authority for generating blind certificates for a user, the method comprising the steps of:

utilizing a fixed-size PKI key set that may be accessed by the certificate authority for generating the blind certificates, the blind certificates being verifiable and providing anonymity for the user when used for authenticating the user;

randomly selecting a subset of key pairs from the fixed-size PKI key set on a per-user basis;

generating the blind certificates by using public keys from the subset of key pairs; and

providing the blind certificates and private keys from the subset of key pairs to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The anonymity of a user at a client computer may be preserved when authenticating with an on-line service or content provider through the use of an anonymous and verifiable (i.e., “blind”) certificate set that is created by a certificate authority from a fixed-size set of PKI key pairs. The certificate authority randomly selects a subset of PKI key pairs to generate the blind certificate set where each certificate in the set includes a respective public key from the PKI key pair subset. The certificate authority also sends the private keys from the PKI key pair subset to the user. During authentication, the client computer is configured to randomly select a subset of one or more certificates from the set to present to the provider. The provider will encrypt content using the public keys in the subset of certificates and the client will decrypt the content with the corresponding private keys.

106 Citations

View as Search Results

20 Claims

1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method employed by a certificate authority for generating blind certificates for a user, the method comprising the steps of:
- utilizing a fixed-size PKI key set that may be accessed by the certificate authority for generating the blind certificates, the blind certificates being verifiable and providing anonymity for the user when used for authenticating the user;
  
  randomly selecting a subset of key pairs from the fixed-size PKI key set on a per-user basis;
  
  generating the blind certificates by using public keys from the subset of key pairs; and
  
  providing the blind certificates and private keys from the subset of key pairs to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1 in which the generating further includes signing each of the blind certificates.
  - 3. The computer-readable medium of claim 1 in which each of the blind certificates includes a description of at least one of access rights, usage rights, terms of use, terms of service, limitations, or authorized devices, where the description is arranged to limit the disclosure of identifying information pertaining to the user.
  - 4. The computer-readable medium of claim 1 in which the method further includes the steps of identifying a user whose access rights are revoked and placing one or more of the public keys that are associated with the identified user on a revocation list.
  - 5. The computer-readable medium of claim 4 in which the method further includes a step of publishing the revocation list to an authenticating party.
  - 6. The computer-readable medium of claim 4 in which the method further includes a step of providing new blind certificates and private keys to a user having existing public keys on the revocation list but whose access rights are not legitimately revoked.
  - 7. The computer-readable medium of claim 4 in which the method further includes a step of rejecting a request for new blind certificates and private keys from a user having existing public keys on the revocation list and whose access rights are legitimately revoked.

8. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for using blind certificates, the method comprising the steps of:
- making a request to a certificate authority for blind certificates;
  
  receiving a set of blind certificates from the certificate authority, the blind certificates being generated on a per-user basis using public keys from a randomly selected subset of key pairs of a fixed-size PKI key set, and the blind certificates further being verifiable and providing anonymity for the user when used to authenticate the user; and
  
  presenting one or more blind certificates from the set to an authenticating party so that the authenticating party may authenticate the user using the one or more blind certificates.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable medium of claim 8 in which the method further includes a step of receiving private keys from the subset of key pairs from the certificate authority.
  - 10. The computer-readable medium of claim 9 in which the method further includes a step of receiving content that is encrypted using one or more public keys from the presented one or more blind certificates.
  - 11. The computer-readable medium of claim 10 in which the method further includes a step of decrypting the encrypted content using respective one or more private keys.
  - 12. The computer-readable medium of claim 11 in which the method further includes a step of rendering the decrypted content on the electronic device.
  - 13. The computer-readable medium of claim 8 in which the authenticating party is selected from one of content provider, service provider, or an organization to which the user seeks to be authenticated as a member.
  - 14. The computer-readable medium of claim 8 in which the request is made in an automated manner as part of a registration procedure with a service provider or content provider.

15. A method for authenticating a user with blind certificates, the method comprising the steps of:
- receiving one or more blind certificates from a user seeking to be authenticated, the blind certificates being generated by a certificate authority on a per-user basis using public keys from a randomly selected subset of key pairs of a fixed-size PKI key set and being signed by the certificate authority with a signature;
  
  verifying the one or more blind certificates; and
  
  authenticating the user using the verified one or more blind certificates.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 including a further step of binding content to one or more of the public keys so as to encrypt the content where the encrypted content may be decrypted using corresponding one or more private keys from the subset of key pairs and consumed by the user.
  - 17. The method of claim 16 in which the encryption is performed by binding the content to two or more public keys in a sequential manner.
  - 18. The method of claim 16 including a further step of transmitting the encrypted content to the user over a network.
  - 19. The method of claim 16 in which the encryption is performed as a function of a multiplicity of PKI key pairs.
  - 20. The method of claim 15 in which the user is authenticated in association with downloading of media content under digital rights management provisions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bromley, Dennis N., Grigorovitch, Alexandre V.

Granted Patent

US 9,621,341 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0414   during transmission, i.e. p...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/3263   involving certificates, e.g...

ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links