METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT

US 20120023334A1
Filed: 10/27/2010
Published: 01/26/2012
Est. Priority Date: 07/26/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

initiating a two-way mutual authentication between a first device and a remote entity, wherein the first device remains anonymous to the remote entity after performing the authentication; and

establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for anonymous authentication and key exchange are presented. In one embodiment, a method includes initiating a two-way mutual authentication between a device and a remote entity. The device remains anonymous to the remote entity after performing the authentication. The method also includes establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).

120 Citations

23 Claims

1. A method comprising:
- initiating a two-way mutual authentication between a first device and a remote entity, wherein the first device remains anonymous to the remote entity after performing the authentication; and
  
  establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - selecting a first random value; and
      
      sending a first message comprising at least a key-exchange-protocol public key computed based on the first random value.
  - 3. The method of claim 2, further comprising:
    - computing, in response to receiving a second message, a shared value based on the first random value and a second key-exchange-protocol public key associated with the remote entity;
      
      generating a session key and a message authentication code (MAC) key based at least on the shared value;
      
      verifying, by using the MAC key, a first public key certificate associated with the remote entity; and
      
      authenticating a first digital signature from the second message based on combined public keys retrievable from the first digital signature, wherein the first digital signature is associated with the remote entity and is retrievable by using a public key from the first public key certificate.
  - 4. The method of claim 3, further comprising:
    - generating, by using the MAC key, a MAC based at least on a DAA-based group certificate;
      
      generating, by using a DAA-based private key, a DAA-based signature based on the combined public keys; and
      
      sending a third message comprising at least the DAA-based signature and the MAC.
  - 5. The method of claim 4, wherein the second message further includes a basename associated with the remote entity and the DAA-based signature is generated further based on the basename, wherein the basename is a random based signature such that the remote entity remains anonymous and non-linkable.
  - 6. The method of claim 4, further comprising:
    - detecting whether there is a failure during MAC verification, signature verification, or certificate verification; and
      
      aborting the authentication if a failure is detected.
  - 7. The method of claim 4, wherein the remote entity is a server acting as a verifier, wherein the first message further includes a group ID (GID), wherein the DAA-based signature in the third message is generated further based on a signature-based revocation list and includes non-revoked proof.
  - 8. The method of claim 4, wherein the remote entity is a second device, wherein the first message further includes a basename associated with the first device, wherein the first digital signature is a DAA-based signature generated by using a DAA-based private key associated with the second device.
  - 9. The method of claim 4, wherein the first random value is an ephemeral Diffie-Hellman (DH) private key associated with the first device, wherein the key-exchange-protocol public key is a DH public key, wherein the session key and the MAC key are generated using a pseudo-random function.

10. A method comprising:
- receiving, by a remote entity, a first message from a first device with a request to perform bilateral mutual anonymous authentication; and
  
  establishing a shared key for use in secure communication, wherein the receiving and the establishing are performed in conjunction with direct anonymous attestation (DAA).
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprising:
    - computing, based on a random value, a DH public key associated with the remote entity;
      
      computing a shared value based on the random number and a DH public key associated with the first device retrievable from the first message;
      
      secure erasing, the random value;
      
      generating a session key and a message authentication code (MAC) key based at least on the shared value;
      
      generating, by using the MAC key, a MAC based on a public key certificate associated with the remote entity;
      
      generating, by using a remote entity private key, a first digital signature based at least on combined public keys, wherein the combined public keys include the DH public key associated with the remote entity and the DH public key associated with the first device; and
      
      sending a second message comprising at least the first digital signature and the MAC.
  - 12. The method of claim 11, further comprising:
    - receiving a third message from the first device;
      
      verifying, by using the MAC key, a DAA-based public key retrievable from the third message; and
      
      verifying at least, by using the DAA-based public key, a DAA-based signature from the third message.
  - 13. The method of claim 12, wherein the remote entity is a server acting as a verifier, wherein the first message further includes a group ID (GID), wherein the MAC in the second message is generated further based on a signature-based revocation list, wherein the DAA-based signature in the third message further includes non-revoked proof, further comprising determining whether or not the first device is revoked from a trusted membership based at least on the revocation list and the non-revoked proof.
  - 14. The method of claim 12, wherein the remote entity is a second device, wherein the first message further includes a basename associated with the first device, wherein the first digital signature is a DAA-based signature generated by using a DAA-based private key associated with the second device, wherein the first and the second devices authenticate to each other anonymously.
  - 15. The method of claim 12, wherein the first random value is an ephemeral DH private key associated with the remote entity.

16. An apparatus comprising:
- a memory to store cryptographic information from an issuer;
  
  a digital signature logic to generate digital signatures; and
  
  a direct anonymous attestation module (DAA) to convince a verifier that the DAA possess cryptographic information from an issuer of a trusted membership group without disclosure of any unique identification information associated with the apparatus, wherein the DAA is operable toinitiate two-way mutual authentication with a remote entity and remain anonymous to the remote entity after performing the authentication; and
  
  establish a mutually shared session key for use in secure communication.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus of claim 16, wherein the DAA is operable tosend a first message comprising at least a key-exchange-protocol public key computed based on a first random value;
    - compute, in response to receiving a second message, a shared value based on the first random value and a second key-exchange-protocol public key associated with the remote entity;
      
      generate a session key and a message authentication code (MAC) key based at least on the shared value;
      
      authenticate a first digital signature from the second message based on combined public keys retrievable from the first digital signature, wherein the first digital signature is associated with the remote entity and is retrievable by using a public key from the first public key certificate;
      
      generate, by using a DAA-based private key, a DAA-based signature based on the combined public keys; and
      
      send a third message comprising at least the DAA-based signature.
  - 18. The apparatus of claim 17, wherein the remote entity is a server acting as a verifier, wherein the first message further includes a group ID (GID), wherein the DAA-based signature in the third message is generated further based on a signature-based revocation list and includes non-revoked proof.
  - 19. The apparatus of claim 17, wherein the remote entity is a second device, wherein the first message further includes a basename associated with the first device, wherein the first digital signature is a DAA-based signature generated in conjunction with a DAA-based private key associated with the second device.

20. An article of manufacture comprising a computer readable storage medium including data storing instructions thereon that, when accessed by a machine, cause the machine to perform a method comprising:
- initiating mutual authentication between a first device and a remote entity, wherein the first device remains anonymous to the remote entity after performing the authentication; and
  
  establishing a mutually shared session key for use in secure communication, wherein the initiating and the establishing are in conjunction with direct anonymous attestation (DAA).
- View Dependent Claims (21, 22, 23)
- - 21. The article of claim 20, wherein the method further comprising:
    - sending a first message comprising at least a key-exchange-protocol public key computed based on a first random value;
      
      computing, in response to receiving a second message, a shared value based on the first random value and a second key-exchange-protocol public key associated with the remote entity;
      
      generating a session key and a message authentication code (MAC) key based at least on the shared value;
      
      authenticating a first digital signature from the second message based on combined public keys retrievable from the first digital signature, wherein the first digital signature is associated with the remote entity and is retrievable by using a public key from the first public key certificate;
      
      generating, by using a DAA-based private key, a DAA-based signature based on the combined public keys; and
      
      sending a third message comprising at least the DAA-based signature.
  - 22. The article of claim 21, wherein the remote entity is a verifier, wherein the first message further includes a group ID (GID), wherein the DAA-based signature in the third message is generated further based on a signature-based revocation list and includes non-revoked proof.
  - 23. The article of claim 21, wherein the remote entity is a second peer device, wherein the first message further includes a basename associated with the first device, wherein the first digital signature is a DAA-based signature generated by using a DAA-based private key associated with the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernest F., Li, Jiangtao, Walker, Jesse

Granted Patent

US 8,799,656 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3255   using group based signature...

H04L 9/3273   for mutual authentication n...

METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

120 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS FOR ANONYMOUS AUTHENTICATION AND KEY AGREEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links