Replacing blinded authentication authority

US 8,037,314 B2
Filed: 12/22/2003
Issued: 10/11/2011
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. At a manufacturing entity, a method comprising:

providing a blinded identity signature to a secure device;

obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the blinded identity signature; and

in response to a compromise of a signing key used to create the blinded identity signature, the method further comprising;

providing a time of the compromise of the signing key to a replacement authority; and

providing the time stamp on the blinded identity ticket to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the blinded identity signature.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.

270 Citations

25 Claims

1. At a manufacturing entity, a method comprising:
- providing a blinded identity signature to a secure device;
  
  obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the blinded identity signature; and
  
  in response to a compromise of a signing key used to create the blinded identity signature, the method further comprising;
  
  providing a time of the compromise of the signing key to a replacement authority; and
  
  providing the time stamp on the blinded identity ticket to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the blinded identity signature.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 wherein providing the time stamp on the blinded identity ticket to the replacement authority comprises:
    - providing access to the time stamp of the blinded identity ticket to the replacement authority.
  - 3. The method of claim 1, further comprising:
    - receiving a blinded identity and the blinded identity ticket from the secure device; and
      
      signing the blinded identity using the signing key, creating the blinded identity signature.

4. At a replacement authority, a method comprising:
- receiving from a manufacturing entity a time of compromise of a signing key and each blinded identity ticket of one or more authenticated secure devices that each require a replacement of respective blinded identity signatures;
  
  determining whether a time stamp on each blinded identity ticket is prior to the time of compromise, wherein each time stamp is a time of creation of the respective blinded identity signature of each respective authenticated secure device; and
  
  providing a new blinded identity signature to each authenticated secure device in response to a determination that the respective time stamp is prior to the time of compromise.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, further comprising authenticating each authenticated secure device in accordance with a zero knowledge protocol.
  - 6. The method of claim 4, wherein the signing key is a first signing key, wherein each blinded identity ticket is a respective first blinded identity ticket, and wherein providing the new blinded identity signature to each authenticated secure device comprises:
    - receiving a blinded identity and a second blinded identity ticket from each authenticated secure device;
      
      signing each blinded identity using a second signing key, creating the respective new blinded identity signature for each authenticated secure device; and
      
      sending each new blinded identity signature to each respective authenticated secure device.
  - 7. The method of claim 6, wherein each time stamp is a respective first time stamp, and wherein providing the new blinded identity signature to each authenticated secure device further comprises:
    - obtaining and storing a respective second time stamp on each second blinded identity ticket from each authenticated secure device, wherein each second fixed time stamp is a time of creation of the respective new blinded identity signature.

8. At a secure device, a method comprising:
- receiving a first blinded identity signature from a manufacturing entity; and
  
  in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising;
  
  authenticating the secure device to a replacement authority; and
  
  receiving a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein authenticating the secure device to the replacement authority comprises:
    - authenticating the secure device to the replacement authority in accordance with a zero knowledge protocol.
  - 10. The method of claim 8, wherein receiving the new blinded identity signature from the replacement authority comprises:
    - sending a blinded identity and a blinded identity ticket to the replacement authority; and
      
      receiving the new blinded identity signature from the replacement authority, wherein the new blinded identity signature is created by signing the blinded identity ticket using a replacement signing key of the replacement authority.
  - 11. The method of claim 8, wherein receiving the first blinded identity signature from the manufacturing entity comprises:
    - sending a blinded identity and a blinded identity ticket to the manufacturing entity, wherein the first blinded identity signature received from the manufacturing entity is created by signing the blinded identity ticket using the signing key of the manufacturing entity.

12. A method comprising:
- a manufacturing entity sending a first blinded identity signature to a secure device;
  
  the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; and
  
  in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising;
  
  the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to a replacement authority, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature;
  
  the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket;
  
  the replacement authority determining whether the time stamp is prior to the time of compromise; and
  
  the replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, further comprising:
    - the manufacturing entity receiving a blinded identity and the blinded identity ticket from the secure device; and
      
      the manufacturing entity signing the blinded identity using the signing key, creating the first blinded identity signature.
  - 14. The method of claim 12, further comprising the replacement authority authenticating the secure device in accordance with a zero knowledge protocol.
  - 15. The method of claim 12, wherein the signing key is a first signing key, wherein the blinded identity ticket is a first blinded identity ticket, and wherein the replacement authority providing the new blinded identity signature to the secure device comprises:
    - the replacement authority receiving a blinded identity and a second blinded identity ticket from the secure device;
      
      the replacement authority signing the blinded identity using a second signing key, creating the new blinded identity signature; and
      
      the replacement authority sending the new blinded identity signature to the secure device.
  - 16. The method of claim 15, wherein the time stamp is a first time stamp, and wherein the replacement authority providing the new blinded identity signature to the secure device further comprises:
    - the replacement authority obtaining and storing a second time stamp on the second blinded identity ticket, wherein the second time stamp is a time of creation of the new blinded identity signature.

17. A system comprising:
- a processor to execute programs of the system;
  
  a storage unit, communicatively coupled to the processor, to store programs of the system;
  
  a communication interface, communicatively coupled to the processor, to communicate with a network;
  
  and a trusted program stored in the storage unit and executable on the processor of the system, wherein the trusted program is configured to;
  
  receive a first blinded identity signature from a manufacturing entity using the communication interface; and
  
  in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the trusted program is further configured to;
  
  authenticate the system to a replacement authority; and
  
  receive a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the trusted program is further configured to send a blinded identity and a blinded identity ticket to the manufacturing entity using the communication interface.
  - 19. The system of claim 17, wherein the trusted program is further configured to authenticate the system to the replacement authority in accordance with a zero knowledge protocol.
  - 20. The system of claim 17, wherein the trusted program is further configured to send a blinded identity and a blinded identity ticket to the replacement authority.

21. A non-transitory computer readable storage medium having instructions stored thereon which, when executed, cause a manufacturing entity and a replacement authority to perform the following method:
- the manufacturing entity sending a first blinded identity signature to a secure device;
  
  the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; and
  
  in response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising;
  
  the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to the replacement authority;
  
  the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature;
  
  the replacement authority determining whether the time stamp is prior to the time of compromise; and
  
  the replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The medium of claim 21, wherein the method performed by the execution of the stored instructions further comprises:
    - the manufacturing entity receiving a blinded identity and the blinded identity ticket from the secure device; and
      
      the manufacturing entity signing the blinded identity using the signing key, creating the first blinded identity signature.
  - 23. The medium of claim 21, wherein the method performed by the execution of the stored instructions further comprises:
    - the replacement authority authenticating the secure device in accordance with a zero knowledge protocol.
  - 24. The medium of claim 21, wherein the signing key is a first signing key, wherein the blinded identity ticket is a first blinded identity ticket, and wherein the replacement authority providing the new blinded identity signature to the secure device comprises:
    - the replacement authority receiving a blinded identity and a second blinded identity ticket from the secure device;
      
      the replacement authority signing the blinded identity using a second signing key, creating the new blinded identity signature; and
      
      the replacement authority sending the new blinded identity signature to the secure device.
  - 25. The medium of claim 24, wherein the time stamp is a first time stamp, and wherein the replacement authority providing the new blinded identity signature to the secure device further comprises:
    - the replacement authority obtaining and storing a second time stamp on the second blinded identity ticket, wherein the second time stamp is a time of creation of the new blinded identity signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Brickell, Ernie, Wood, Matthew D.
Primary Examiner(s)
Davis; Zachary A

Application Number

US10/744,193
Publication Number

US 20050137898A1
Time in Patent Office

2,850 Days
Field of Search

713/180, 713/176, 713/178, 713/168, 726/5, 726/6, 726/9, 380/277
US Class Current

713/180
CPC Class Codes

G06F 21/33   using certificates

G06F 21/72   in cryptographic circuits

G06F 2221/2151   Time stamp

H04L 9/0891   Revocation or update of sec...

H04L 9/3257   using blind signatures

H04L 9/3297   involving time stamps, e.g....

Replacing blinded authentication authority

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

270 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Replacing blinded authentication authority

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

270 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links