Replacing blinded authentication authority
First Claim
Patent Images
1. At a manufacturing entity, a method comprising:
- providing a blinded identity signature to a secure device;
obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the blinded identity signature; and
in response to a compromise of a signing key used to create the blinded identity signature, the method further comprising;
providing a time of the compromise of the signing key to a replacement authority; and
providing the time stamp on the blinded identity ticket to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the blinded identity signature.
1 Assignment
0 Petitions
Accused Products
Abstract
A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.
270 Citations
25 Claims
-
1. At a manufacturing entity, a method comprising:
-
providing a blinded identity signature to a secure device; obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the blinded identity signature; and in response to a compromise of a signing key used to create the blinded identity signature, the method further comprising; providing a time of the compromise of the signing key to a replacement authority; and providing the time stamp on the blinded identity ticket to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the blinded identity signature. - View Dependent Claims (2, 3)
-
-
4. At a replacement authority, a method comprising:
-
receiving from a manufacturing entity a time of compromise of a signing key and each blinded identity ticket of one or more authenticated secure devices that each require a replacement of respective blinded identity signatures; determining whether a time stamp on each blinded identity ticket is prior to the time of compromise, wherein each time stamp is a time of creation of the respective blinded identity signature of each respective authenticated secure device; and providing a new blinded identity signature to each authenticated secure device in response to a determination that the respective time stamp is prior to the time of compromise. - View Dependent Claims (5, 6, 7)
-
-
8. At a secure device, a method comprising:
-
receiving a first blinded identity signature from a manufacturing entity; and in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising; authenticating the secure device to a replacement authority; and receiving a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key. - View Dependent Claims (9, 10, 11)
-
-
12. A method comprising:
-
a manufacturing entity sending a first blinded identity signature to a secure device; the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; and in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising; the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to a replacement authority, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature; the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket; the replacement authority determining whether the time stamp is prior to the time of compromise; and the replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system comprising:
-
a processor to execute programs of the system; a storage unit, communicatively coupled to the processor, to store programs of the system; a communication interface, communicatively coupled to the processor, to communicate with a network; and a trusted program stored in the storage unit and executable on the processor of the system, wherein the trusted program is configured to; receive a first blinded identity signature from a manufacturing entity using the communication interface; and in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the trusted program is further configured to; authenticate the system to a replacement authority; and receive a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key. - View Dependent Claims (18, 19, 20)
-
-
21. A non-transitory computer readable storage medium having instructions stored thereon which, when executed, cause a manufacturing entity and a replacement authority to perform the following method:
-
the manufacturing entity sending a first blinded identity signature to a secure device; the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; and in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising; the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to the replacement authority; the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature; the replacement authority determining whether the time stamp is prior to the time of compromise; and the replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise. - View Dependent Claims (22, 23, 24, 25)
-
Specification