Method and system with authentication, revocable anonymity and non-repudiation
First Claim
1. A method of accessing a service with authentication and revocable anonymity, comprising the steps of:
- i) identifying and registering a client and providing the client with means for authenticating the client to an anonymous certification authority;
ii) authenticating the client to the anonymous certification authority using the means provided in step i) and supplying the client with an anonymous certificate associated to a public key and configured to enable the client to authenticate the client anonymously to a server;
iii) the client calculating data formed as a series of tokens, wherein an initialization token of the series of tokens is configured to enable an authentication session to be opened and tokens of the series of tokens other than the initialization token are configured to enable the authentication session to be maintained;
iv) authenticating the client by producing an anonymous signature of the initialization token, the signatures being obtained using a private key associated with said public key and opening an anonymous authentication session with the server, wherein said anonymous signature is a unique signature used for said authentication session;
v) maintaining the anonymous authentication session with the aid of the series of tokens, thereby enabling the server to prove each of the actions of the client; and
vi) selectively allowing contact between the server and the anonymous certification authority to revoke the anonymity of the client using the anonymous signature provided in step iv.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method of access to a service consisting in i) identifying and registering a client (C), ii) authenticating the client to an anonymous certification authority, iii) authenticating the client by producing an anonymous signature and opening and maintaining an anonymous authentication session with a server (Se), and iv) selectively allowing contact between the server (Se) and the anonymous certification authority (ACA) to revoke the anonymity of the client (C) using the signature provided in step iii). The invention also relates to a system for opening and maintaining an authentication session guaranteeing non-repudiation.
-
Citations
18 Claims
-
1. A method of accessing a service with authentication and revocable anonymity, comprising the steps of:
-
i) identifying and registering a client and providing the client with means for authenticating the client to an anonymous certification authority; ii) authenticating the client to the anonymous certification authority using the means provided in step i) and supplying the client with an anonymous certificate associated to a public key and configured to enable the client to authenticate the client anonymously to a server; iii) the client calculating data formed as a series of tokens, wherein an initialization token of the series of tokens is configured to enable an authentication session to be opened and tokens of the series of tokens other than the initialization token are configured to enable the authentication session to be maintained; iv) authenticating the client by producing an anonymous signature of the initialization token, the signatures being obtained using a private key associated with said public key and opening an anonymous authentication session with the server, wherein said anonymous signature is a unique signature used for said authentication session; v) maintaining the anonymous authentication session with the aid of the series of tokens, thereby enabling the server to prove each of the actions of the client; and vi) selectively allowing contact between the server and the anonymous certification authority to revoke the anonymity of the client using the anonymous signature provided in step iv. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system adapted to open and maintain an anonymous authentication session with revocable anonymity, the system comprising:
-
an identifier configured to identify and register a client and to provide the client with means for authenticating the client to an anonymous certification authority; an authentication device configured to authenticate the client to the anonymous certification authority using the authenticating means and to supply the client with an anonymous certificate associated to a public key and configured to enable the client to authenticate the client anonymously to a server; a calculator configured to calculate data formed as a series of tokens, wherein an initialization token of the series of tokens is configured to enable an authentication session to be opened and tokens of the series of tokens other than the initialization token are configured to enable the authentication session to be maintained; a producer for producing an anonymous signature of the initialization token, the signatures being obtained using a private key associated with said public key and opening an anonymous authentication session with the server, wherein said anonymous signature is a unique signature used for said authentication session to authenticate the client; wherein the anonymous authentication session is maintained with the aid of the series of tokens, thereby enabling the server to prove each of the actions of the client; and wherein selective contact is provided between the server and the anonymous certification authority to revoke the anonymity of the client using the anonymous signature. - View Dependent Claims (15, 16, 17, 18)
-
Specification