User controlled anonymity when evaluating into a role
First Claim
Patent Images
1. A method for anonymous role authentication, comprising:
- requesting, by an anonymous authentication controller, a role authentication certificate from a role authenticator;
providing, by said anonymous authentication controller, a credential that enables said role authenticator to determine that said particular user is a member of a particular role and a plurality of blinded role authentication certificates identifying said particular role;
responsive to said role authenticator receiving said credential that specifies said particular user is a member of said particular role and receiving said plurality of blinded role authentication certificates, requesting by said role authenticator blinding factors for a only a random selection of said plurality of blinded role authentication certificates;
responsive to said anonymous authentication controller receiving said request for said blinding factors for only said random selection of said plurality of blinded role authentication certificates, returning, by said anonymous authentication controller, said selection of blinding factors for only said random selection of said plurality of blinded role authentication certificates;
responsive to said role authenticator receiving said returned selection of blinding factors, unblinding said random selection of said plurality of blinded role authentication certificates and comparing roles specified in said unblinded selection of said plurality of blinded role authenticated certificates with said particular role;
responsive to said role authenticator detecting said roles specified in said unblinded selection of said plurality of blinded role authenticated certificates match said particular role, applying a digital signature, by said role authenticator, a remaining blinded selection of said plurality of blinded role authentication certificates and returning said signed remaining blinded selection of said plurality of blinded role authentication certificates to said anonymous authentication controller, wherein said signed remaining blinded selection of said plurality of blinded role authentication certificates authenticate that a holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate;
responsive to verifying, by said anonymous authentication controller, that digital signature of said role authenticator on said signed remaining blinded selection of said plurality of blinded role authentication certificates does not contain a subliminal channel that allows said role authenticator to include an identity of said particular user, unblinding said signed remaining blinded selection of said plurality of blinded role authentication certificates while preserving said digital signature of said role authenticator;
establishing an anonymous channel for anonymously presenting one of unblended signed role certificates as said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of any disclosure of said identity for authenticated role-based accesses.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user'"'"'s identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate. Next, an anonymous channel is established for anonymously presenting the role authentication certificate to a resource protector, wherein the resource protector requires the user to authenticate into the particular role to access a resource, wherein the role authentication certificate authenticates the user into the particular role without enabling the resource protector to ascertain the identity of the user, such that the user is in control of maintaining user anonymity for authenticated role-based accesses.
39 Citations
8 Claims
-
1. A method for anonymous role authentication, comprising:
-
requesting, by an anonymous authentication controller, a role authentication certificate from a role authenticator; providing, by said anonymous authentication controller, a credential that enables said role authenticator to determine that said particular user is a member of a particular role and a plurality of blinded role authentication certificates identifying said particular role; responsive to said role authenticator receiving said credential that specifies said particular user is a member of said particular role and receiving said plurality of blinded role authentication certificates, requesting by said role authenticator blinding factors for a only a random selection of said plurality of blinded role authentication certificates; responsive to said anonymous authentication controller receiving said request for said blinding factors for only said random selection of said plurality of blinded role authentication certificates, returning, by said anonymous authentication controller, said selection of blinding factors for only said random selection of said plurality of blinded role authentication certificates; responsive to said role authenticator receiving said returned selection of blinding factors, unblinding said random selection of said plurality of blinded role authentication certificates and comparing roles specified in said unblinded selection of said plurality of blinded role authenticated certificates with said particular role; responsive to said role authenticator detecting said roles specified in said unblinded selection of said plurality of blinded role authenticated certificates match said particular role, applying a digital signature, by said role authenticator, a remaining blinded selection of said plurality of blinded role authentication certificates and returning said signed remaining blinded selection of said plurality of blinded role authentication certificates to said anonymous authentication controller, wherein said signed remaining blinded selection of said plurality of blinded role authentication certificates authenticate that a holder of said role authentication certificate is a member of a particular role without allowing said role authenticator issuing said role authentication certificate to track an identity of a particular user holding said role authentication certificate; responsive to verifying, by said anonymous authentication controller, that digital signature of said role authenticator on said signed remaining blinded selection of said plurality of blinded role authentication certificates does not contain a subliminal channel that allows said role authenticator to include an identity of said particular user, unblinding said signed remaining blinded selection of said plurality of blinded role authentication certificates while preserving said digital signature of said role authenticator; establishing an anonymous channel for anonymously presenting one of unblended signed role certificates as said role authentication certificate to a resource protector, wherein said resource protector requires said particular user to authenticate into said particular role to access a resource, wherein said role authentication certificate authenticates said particular user into said particular role without enabling said resource protector to ascertain said identity of said particular user, such that said particular user is in control of any disclosure of said identity for authenticated role-based accesses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsRatliff, Emily Jane, Kirkland, Dustin C., Halcrow, Michael Austin
-
Primary Examiner(s)Moazzami; Nasser G
-
Assistant Examiner(s)ABEDIN, SHANTO
-
Application NumberUS10/870,526Publication NumberTime in Patent Office1,657 DaysField of Search713/156, 713/175, 713/176, 705/50, 705/67, 726/2US Class Current713/175CPC Class CodesG06Q 20/3674 involving authenticationG06Q 20/3678 e-cash details, e.g. blinde...H04L 2209/42 Anonymization, e.g. involvi...H04L 63/0421 Anonymous communication, i....H04L 63/0823 using certificates cryptogr...H04L 9/3218 using proof of knowledge, e...H04L 9/3263 involving certificates, e.g...
