Optionally moderated transaction systems
First Claim
1. In a cryptographic system with a tamper-resistant part that can conduct transactions with an external system through a moderating computer, the improvement comprising:
- said tamper-resistant part including first register means that is incremented when a candidate value is issued by said tamper-resistant part;
said tamper-resistant part including means to ensure that when previously secret information about a candidate is released by said tamper-resistant part, that the value of said first register means when the candidate was created is at least as large as the value in a second register means; and
said tamper-resistant part including means to update the value of said second register means responsive to said release of previously secret values to reflect said value of said first register means when said candidate was created.
19 Assignments
0 Petitions
Accused Products
Abstract
A tamper-resistant part is disclosed that can conduct transactions with an external system through a moderating user-controlled computer or that can on other occasions be brought into direct connection with the external system. In the moderated configuration, the moderating computer is able to ensure that certain transactions with the external system are unlinkable to each other. In the unmoderated configuration, the tamper-resistant part can also ensure the unlinkability of certain transactions. Also testing configurations are disclosed that allow improper functioning of the tamper-resistant part, such as that which could link transactions, to be detected by user-controlled equipment. Another testing configuration can detect improper functioning of an external system that could, for instance, obtain linking information from a tamper-resistant part.
124 Citations
9 Claims
-
1. In a cryptographic system with a tamper-resistant part that can conduct transactions with an external system through a moderating computer, the improvement comprising:
-
said tamper-resistant part including first register means that is incremented when a candidate value is issued by said tamper-resistant part; said tamper-resistant part including means to ensure that when previously secret information about a candidate is released by said tamper-resistant part, that the value of said first register means when the candidate was created is at least as large as the value in a second register means; and said tamper-resistant part including means to update the value of said second register means responsive to said release of previously secret values to reflect said value of said first register means when said candidate was created.
-
-
2. In a method of cryptographic authentication wherein a first party issues challenge information and a second party returns corresponding response information so that the first party is convinced that the second party has access to certain secret information, the improvement comprising the steps of:
-
(a) pre-computing by said first party of plural response parts substantially based on said secret information and repeating the following steps (i) through (iii) plural times; (i) sending a distinct partial challenge value by said first party to said second party, said partial challenge value being substantially unpredictable to said second party, (ii) receiving said partial challenge value by said second party and selecting by the second party a single partial response value, determined by the partial challenge value, from among said plural partial response values, and (iii) sending said selected partial response value by said second party to said first party and receiving the partial response value by the first party; and (b) testing, by said first party, of substantially a complete set of said partial responses together with corresponding said partial challenges to determine their validity. - View Dependent Claims (3, 4)
-
-
5. In a method of cryptographic authentication between first, second and third parties, where first and third parties can communicate with each other substantially only through the second party, where authentication of a message is to be provided to said first party by said third party, and where said second party ensures that said first party is substantially unable to leak to said third party additional information besides the authentication of said message, the improvement comprising the steps of:
-
determining by said first and said third parties, a cryptographic authenticator of a message using a secret key; committing to said authenticator by said first party determining the image of said authenticator under a substantially one-way function and supplying the image to said second party; providing said authenticator to said second party by said third party; applying said one-way function by said second party to said authenticator received from said third party; comparing, by said second party, of said commit received from said first party with the result of applying said one-way function; and if said result of said comparison is equality, then forwarding said authenticator by said second party to said first party.
-
-
6. In cryptographic authentication system wherein a first party issues challenge information and a second party returns corresponding response information so that the first party is convinced that the second party has access to certain secret information, the improvement comprising:
-
(a) means for pre-computing by said first party of plural response parts substantially based on said secret information and repeating the following steps (i) through (iii) plural times; (i) sending a distinct partial challenge value by said first party to said second party, said partial challenge value being substantially unpredictable to said second party, (ii) receiving said partial challenge value by said second party and selecting by the second party a single partial response value, determined by the partial challenge value, from among said plural partial response values, and (iii) sending said selected partial response value by said second party to said first party and receiving the partial response value by the first party; and (b) means for testing, by said first party, of substantially a complete set of said partial responses together with corresponding said partial challenges to determine their validity. - View Dependent Claims (7, 8)
-
-
9. In a cryptographic authentication system operating between first, second and third parties, where first and third parties can communicate with each other substantially only through the second party, where authentication of a message is to be provided to said first party by said third party, and where said second party ensures that said first party is substantially unable to leak to said third party additional information besides the authentication of said message, the improvement comprising:
-
means for determining by said first and said third parties, a cryptographic authenticator of a message using a secret key; means for committing to said authenticator by said first party determining the image of said authenticator under a substantially one-way function and supplying the image to said second party; means for providing said authenticator to said second party by said third party; means for applying said one-way function by said second party to said authenticator received from said third party; and means for comparing, by said second party, of said commit received from said first party with the result of applying said one-way function; and
if said result of said comparison is equality, then forwarding said authenticator by said second party to said first party.
-
Specification