Multi-Dimensional Credentialing Using Veiled Certificates

US 20100185864A1
Filed: 12/21/2009
Published: 07/22/2010
Est. Priority Date: 12/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method for creating a veiled certificate, the method comprising:

requesting a certificate from a regulator by sending with a digital signature of the message signed by the owner, the message comprising an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising an identification public key, the message being encrypted using the regulator'"'"'s external public key;

validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token has been created properly using the identification public key; and

creating a veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with certain embodiments of the present disclosure, a method for creating a veiled certificate is provided. The method comprises requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner. The message comprises an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s identification public key for the certificate. The message further comprises the identification public key, the whole message being encrypted using the regulator'"'"'s external public key. The certificate request is validated by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the individual'"'"' external public key. A veiled certificate is created by combining the veiled certificate token, identification public key and digitally signing the veiled certificate with the regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner.

70 Citations

View as Search Results

20 Claims

1. A method for creating a veiled certificate, the method comprising:
- requesting a certificate from a regulator by sending with a digital signature of the message signed by the owner, the message comprising an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s public key for the certificate, the message further comprising an identification public key, the message being encrypted using the regulator'"'"'s external public key;
  
  validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token has been created properly using the identification public key; and
  
  creating a veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the certificate owner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising third party validation of the veiled certificate comprising:
    - validating the integrity of the veiled certificate by decrypting the digitally signed veiled certificate using regulator'"'"'s external public key; and
      
      verifying ownership of the veiled certificate, wherein none of owner'"'"'s identification data is provided to the third party.
  - 3. The method of claim 1, further comprising creating second veiled certificate, the method comprising:
    - requesting a certificate from a second regulator by sending a message with a digital signature of the message signed by the owner, the message comprising the owner'"'"'s veiled certificate token, the veiled certificate token comprising the owner'"'"'s identification data and the owner'"'"'s identification public key for the certificate, the message further comprising the identification public key, the message being encrypted using the second regulator'"'"'s external public key;
      
      validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the identification public key; and
      
      creating a second veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the second veiled certificate with second regulator'"'"'s private key, wherein the owner'"'"'s identification information is inaccessible from the second veiled certificate, except to the owner.
  - 4. The method of claim 3, further comprising aggregating the first and second veiled certificates.
  - 5. The method of claim 4, further comprising third party validation of the aggregated veiled certificates comprising:
    - validating the integrity of the veiled certificates by decrypting the digitally signed veiled certificates using the regulators'"'"' external public keys; and
      
      verifying ownership of the veiled certificates, wherein none of owner'"'"'s identification data is provided to the third party.
  - 6. The method of claim 1, wherein the message further comprises a timestamp that specifies the lifetime of the veiled certificate.
  - 7. The method of claim 1, wherein the message further comprises additional evidence to prove credential worthiness, such additional evidence being removed when the veiled certificate is created.
  - 8. The method of claim 1, wherein the message further comprises an escrowed version of the private key corresponding to the identification public key embedded in the veiled certificate to aid in key management.
  - 9. The method of claim 1, wherein the message further comprises biometric information, such biometric information being present in the veiled certificate.
  - 10. The method of claim 9, wherein the biometric information comprises an iris scan, facial scan, hand geometry, palm print, finger print, retina scan, or other hard biometric data.

11. A veiled certificate request processing system comprising:
- a regulator system that outputs a veiled certificate to an object, the regulator system being in communication with the object to receive a certificate request from the object comprising an input message with a digital signature of the message signed by the owner, the message comprising an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s identification public key for the certificate, the message further comprising an identification public key, the message being encrypted using the device'"'"'s public key, the regulator system validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token construction using the individual'"'"'s external public key, wherein the regulator system outputs the veiled certificate after combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with the regulator'"'"'s external private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the owner.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the message further comprises a timestamp that specifies the lifetime of the veiled certificate.
  - 13. The system of claim 11, wherein the message further comprises additional evidence to prove credential worthiness, such additional evidence being removed when the veiled certificate is created.
  - 14. The system of claim 11, wherein the message further comprises biometric information, such biometric information being present in the veiled certificate.
  - 15. The system of claim 14, wherein the biometric information comprises a fingerprint.
  - 16. The system of claim 14, wherein the biometric information comprises an iris scan, facial scan, hand geometry, palm print, retina scan, or any other hard biometric data.

17. A method for creating a veiled certificate, the method comprising:
- requesting a certificate from a regulator by sending a message with a digital signature of the message signed by the owner, the message comprising an owner'"'"'s veiled certificate token, the veiled certificate token comprising an encrypted version of the owner'"'"'s identification data and the owner'"'"'s identification public key for the certificate, the message further comprising an identification public key and a timestamp that specifies the requested lifetime of the veiled certificate;
  
  validating the certificate request by verifying the sender'"'"'s identity through validation of the digital signature using the owner'"'"'s external public key and verifying the veiled certificate token using the individual'"'"'s external public key; and
  
  creating a veiled certificate by combining the veiled certificate token, identification public key, and digitally signing the veiled certificate with regulator'"'"'s external private key, wherein the owner'"'"'s identification information is inaccessible from the veiled certificate, except to the owner.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the message further comprises biometric information, such biometric information being present in the veiled certificate.
  - 19. The method of claim 18, wherein the biometric information comprises a fingerprint.
  - 20. The method of claim 18, wherein the biometric information comprises an iris scan, facial scan, hand geometry, palm print, retina scan, or any other hard biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
University of South Carolina
Original Assignee
University of South Carolina
Inventors
Gerdes, John H. JR., Huang, Chin-Tser, Kalvenes, Joakim

Granted Patent

US 8,468,355 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2209/88   Medical equipments

H04L 9/3213   using tickets or tokens, e....

H04L 9/3263   involving certificates, e.g...

Multi-Dimensional Credentialing Using Veiled Certificates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Multi-Dimensional Credentialing Using Veiled Certificates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others