Apparatus and method for proving the denial of a direct proof signature
First Claim
1. A method comprising:
- convincing a verifier that an anonymous hardware device possesses cryptographic information without disclosure of the cryptographic information to the verifier;
receiving a denial of signature request, including a base value B0 and a pseudonym value K0 of a suspect signature from the verifier;
convincing the verifier that a cryptographic key, F, stored within the anonymous hardware device and used to construct a pseudonym, K, does not match an unknown, suspect key F0 used to form the suspect signature, to prove to the verifier that the cryptographic key, F, stored within the anonymous hardware device is uncompromised without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier.
1 Assignment
0 Petitions
Accused Products
Abstract
In some embodiments, a method and apparatus for proving the denial of a direct proof signature are described. In one embodiment, a trusted hardware device convinces a verifier that the trusted hardware device possesses cryptographic information without revealing unique, device identification information of the trusted hardware device or the cryptographic information. Once the verifier is convinced that the hardware device possesses the cryptographic information, the verifier may issue a denial of signature request to the trusted hardware device, including at least one compromised direct proof signature. In response, the trusted hardware device issues a denial of the compromised direct proof signature by proving to the verifier that a cryptographic key held by the trusted hardware device was not used to form the at least one compromised direct proof signature. Other embodiments are described and claims.
-
Citations
39 Claims
-
1. A method comprising:
-
convincing a verifier that an anonymous hardware device possesses cryptographic information without disclosure of the cryptographic information to the verifier; receiving a denial of signature request, including a base value B0 and a pseudonym value K0 of a suspect signature from the verifier; convincing the verifier that a cryptographic key, F, stored within the anonymous hardware device and used to construct a pseudonym, K, does not match an unknown, suspect key F0 used to form the suspect signature, to prove to the verifier that the cryptographic key, F, stored within the anonymous hardware device is uncompromised without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
verifying that an anonymous hardware device possesses cryptographic information without determining the cryptographic information of the hardware device; and verifying that a cryptographic key of the hardware device was not used to generate at least one suspect signature held by a verifier to prove to the verifier that the cryptographic key of the anonymous hardware device is uncompromised, where a suspect key used to generate the suspect signature is unknown to the verifiers without determining the cryptographic key or any unique device identification information of the hardware device to enable the hardware device to remain anonymous to the verifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An anonymous hardware device, comprising:
-
a flash memory to store cryptographic information from a certifying manufacturer; and a trusted platform module to convince a verifier that the anonymous hardware device possesses cryptographic information from a certifying manufacturer without disclosure of the cryptographic information to the verifier, and to convince the verifier that a cryptographic key, stored within the flash memory, is uncompromised without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier; and denial of signature logic to receive a denial of sinnature request, including a base value B0 and a pseudonym value K0 of a suspect signature from the verifier and to convince the verifier that the cryptographic key stored within the hardware device and used to construct a pseudonym. K, does not match an unknown, suspect key F0 used to form the suspect signature. - View Dependent Claims (21, 22, 23)
-
-
24. A system, comprising:
-
a verifier platform coupled to a network; and an anonymous prover platform coupled to the network, comprising; a bus, a processor coupled to the bus, a chipset coupled to the bus, including a trusted platform module, in response to a challenge received over the network, the trusted platform module to convince the verifier platform that the anonymous prover platform device possesses cryptographic information without disclosure of the cryptographic information to the verifier platform and to convince the verifier that a cryptographic key stored within the anonymous prover platform is uncompromised without disclosure of the cryptographic key or any unique device identification information of the anonymous prover platform to the verifier to enable the prover platform to remain anonymous to the verifier platform, and denial of signature logic to receive a denial of signature reiuest, including a base value B0 and a pseudonym value K0 of a suspect signature from the verifier platform, and to convince the verifier platform that a cryptographic key F stored within the anonymous prover platform used to compute a pseudonym, K, does not match an unknown, suspect key F0 used to form the suspect signature. - View Dependent Claims (25, 26, 27)
-
-
28. An article of manufacture including a machine readable medium having stored thereon instructions which use to program a system to perform a method, comprising:
-
convincing a verifier that an anonymous hardware device possesses cryptographic information without disclosure of the cryptographic information to the verifier; receiving a denial of signature reciuest, including a base value B0 and a pseudonym value K0 of a suspect signature from the verifier; convincing the verifier that a cryptographic key, F, stored within the hardware device and used to construct a pseudonym, K, does not match an unknown, suspect key F0 used to form the suspect signature, to prove to the verifier that the cryptographic key, F, stored within the anonymous hardware device is uncompromised without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier. - View Dependent Claims (29, 30, 31, 32)
-
-
33. An article of manufacture including a machine readable medium having stored thereon instructions which use to program a system to perform a method, comprising:
-
verifying that an anonymous hardware device possesses cryptographic information without determining the cryptographic information of the hardware device; and verifying that a cryptographic key of the hardware device was not used to generate at least one suspect signature held by a verifier, to prove that the cryptographic key of the verifier is uncompromised, where a suspect key used to generate the suspect signature is unknown to the verifier, without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier. - View Dependent Claims (34, 35, 36, 37)
-
-
38. A method comprising:
-
convincing a verifier that an anonymous hardware devices possesses cryptographic information without disclosure of the cryptographic information the verifier; and convincing a verifier that a cryptographic key of the anonymous hardware device was not used to generate at least one suspect signature held by a verifier, where a suspect key used to generate the suspect signature is unknown to the verifier, to prove to the verifier that the cryptographic key is uncompromised, without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier.
-
-
39. A method comprising:
-
convincing a verifier that an anonymous hardware device possesses cryptographic information without disclosure of the cryptographic information to the verifier; transmitting one or more computed values to the verifier according to a suspect-base value B0 and a suspect pseudonym value K0 received from the verifier, a modulus value P of the hardware device and a random exponent value R selected by the hardware device in response to a denial of signature request, including the base value B0 and the pseudonym value K0 of the suspect signature from the verifier; and performing a proof by the hardware device to deny that a cryptographic key, F, stored within the hardware device was used to create a suspect direct proof signature prove to the verifier that the cryptographic key stored within the anonymous hardware device is uncompromised, without disclosure of the cryptographic key or any unique device identification information of the hardware device to the verifier to enable the hardware device to remain anonymous to the verifier, the proof comprising a plurality of exponentiations, each being conducted using one of the cryptographic key, F, the random exponent value R and other random exponent values as an exponent without exposing the cryptographic key, F, the random exponent value R and the other random exponent values.
-
Specification