ANONYMOUS VERIFIABLE PUBLIC KEY CERTIFICATES
First Claim
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method employed by a certificate authority for generating blind certificates for a user, the method comprising the steps of:
- utilizing a fixed-size PKI key set that may be accessed by the certificate authority for generating the blind certificates, the blind certificates being verifiable and providing anonymity for the user when used for authenticating the user;
randomly selecting a subset of key pairs from the fixed-size PKI key set on a per-user basis;
generating the blind certificates by using public keys from the subset of key pairs; and
providing the blind certificates and private keys from the subset of key pairs to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
The anonymity of a user at a client computer may be preserved when authenticating with an on-line service or content provider through the use of an anonymous and verifiable (i.e., “blind”) certificate set that is created by a certificate authority from a fixed-size set of PKI key pairs. The certificate authority randomly selects a subset of PKI key pairs to generate the blind certificate set where each certificate in the set includes a respective public key from the PKI key pair subset. The certificate authority also sends the private keys from the PKI key pair subset to the user. During authentication, the client computer is configured to randomly select a subset of one or more certificates from the set to present to the provider. The provider will encrypt content using the public keys in the subset of certificates and the client will decrypt the content with the corresponding private keys.
106 Citations
20 Claims
-
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method employed by a certificate authority for generating blind certificates for a user, the method comprising the steps of:
-
utilizing a fixed-size PKI key set that may be accessed by the certificate authority for generating the blind certificates, the blind certificates being verifiable and providing anonymity for the user when used for authenticating the user; randomly selecting a subset of key pairs from the fixed-size PKI key set on a per-user basis; generating the blind certificates by using public keys from the subset of key pairs; and providing the blind certificates and private keys from the subset of key pairs to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for using blind certificates, the method comprising the steps of:
-
making a request to a certificate authority for blind certificates; receiving a set of blind certificates from the certificate authority, the blind certificates being generated on a per-user basis using public keys from a randomly selected subset of key pairs of a fixed-size PKI key set, and the blind certificates further being verifiable and providing anonymity for the user when used to authenticate the user; and presenting one or more blind certificates from the set to an authenticating party so that the authenticating party may authenticate the user using the one or more blind certificates. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for authenticating a user with blind certificates, the method comprising the steps of:
-
receiving one or more blind certificates from a user seeking to be authenticated, the blind certificates being generated by a certificate authority on a per-user basis using public keys from a randomly selected subset of key pairs of a fixed-size PKI key set and being signed by the certificate authority with a signature; verifying the one or more blind certificates; and authenticating the user using the verified one or more blind certificates. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification