Method and apparatus for pseudonym generation and authentication
First Claim
Patent Images
1. A method for pseudonym generation in a Personal Identity Manager (PIM), the method comprising:
- with a computer hardware processor, determining a set of public parameters {g,g∂
,G1,G2,ê
,H2,p} in which;
G1 and G2 are two selected groups of order q modulo p, in which q is a prime number;
ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator selected from the group G1,H2 is a one-way hash function and H2;
G2→
{0,1}*, andH1;
{0,1}*→
G1;
with the computer hardware processor, receiving a user identity IDuser from a user device;
with the computer hardware processor, generating a prime pseudonym Pprime=<
H1(IDuser),H1∂
(IDuser)>
based on the determined set of private parameters and the IDuser, in which H1 is a one-way hash function, ∂
is a random number selected from a domain Zp, and p is a selected prime number;
with the computer hardware processor, transmitting the prime pseudonym Pprime and the set of public parameters to the user device;
with the computer hardware processor, receiving a sub-pseudonym Ppseu=<
QA,QB,cA>
from a third-party device;
with the computer hardware processor, calculating a query parameter Ver=ê
(g∂
,QA)cA with the sub-pseudonym Ppseu and the set of public parameters;
with the computer hardware processor, searching for a user identity ID′
user in stored user identities based on the query parameter Ver such that ê
(QB,H∂
(ID′
user))=Ver;
with the computer hardware processor, transmitting the ID′
user to the third-party device as a user identity corresponding to the Ppseu.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a method and apparatus for pseudonym generation and authentication. The method comprises the steps of: transmitting a user identity IDuser to a Personal Identity Manager (PIM); receiving a set of public parameters and a prime pseudonym Pprime corresponding to the ID user from the PIM; and selecting at least two random parameters, and generating a sub-pseudonym Ppseu with the at least two random numbers, the set of public parameters, and the prime pseudonym Pprime.
13 Citations
18 Claims
-
1. A method for pseudonym generation in a Personal Identity Manager (PIM), the method comprising:
-
with a computer hardware processor, determining a set of public parameters {g,g∂
,G1,G2,ê
,H2,p} in which;G1 and G2 are two selected groups of order q modulo p, in which q is a prime number; ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator selected from the group G1, H2 is a one-way hash function and H2;
G2→
{0,1}*, andH1;
{0,1}*→
G1;with the computer hardware processor, receiving a user identity IDuser from a user device; with the computer hardware processor, generating a prime pseudonym Pprime=<
H1(IDuser),H1∂
(IDuser)>
based on the determined set of private parameters and the IDuser, in which H1 is a one-way hash function, ∂
is a random number selected from a domain Zp, and p is a selected prime number;with the computer hardware processor, transmitting the prime pseudonym Pprime and the set of public parameters to the user device; with the computer hardware processor, receiving a sub-pseudonym Ppseu=<
QA,QB,cA>
from a third-party device;with the computer hardware processor, calculating a query parameter Ver=ê
(g∂
,QA)cA with the sub-pseudonym Ppseu and the set of public parameters;with the computer hardware processor, searching for a user identity ID′
user in stored user identities based on the query parameter Ver such that ê
(QB,H∂
(ID′
user))=Ver;with the computer hardware processor, transmitting the ID′
user to the third-party device as a user identity corresponding to the Ppseu. - View Dependent Claims (2, 3)
-
-
4. A method for pseudonym generation, the method comprising:
-
with a computer hardware processor, receiving a user identity IDuser and calculating a prime pseudonym Pprime corresponding to the user ID with a computer hardware processor of a Personal Identity Manager (PIM) system; with the computer hardware processor, receiving a set of public parameters is {g,g∂
,G1,G2,ê
,H2,p}, from the PIM system in which;p is a prime number and ∂
is a random number selected from a domain Zp;G1 and G2 are two groups of order q modulo p, in which q is a prime number; ê
is a bilinear map and ê
;
G1×
G1→
G2;g is a random generator in the group G1; and H2 is a one-way hash function and H2;
G2→
{0,1}*;and the prime pseudonym is Pprime=<
H1(IDuser),H1∂
(IDuser)>
,in which H1 is a one-way hash function and H1;
G1→
{0,1}*;with the computer hardware processor, generating a sub-pseudonym Ppseu with the at least two random parameters, the set of public parameters, and the prime pseudonym Pprime including; selecting two random numbers k1 and k2 from the domain Zp based on the set of public parameters; and with the selected random numbers k1 and k2, the set of public parameters and the prime pseudonym Pprime, calculating parameters;
QA=H1k1 2 k2 (ID);
QB=gk1 2 ;cA=ê
(QC,QD), in which QC=gk1 k2 , QD=H1∂
k1 (k2 − −
1
1)(ID), and k2k2−
1 mod p=1; andwith the computer hardware processor, generating a sub-pseudonym Ppseu=<
QA,QB,cA>
based on the calculated parameters. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A method for pseudonym authentication in a third-party device, the method comprising the steps of:
-
with a computer hardware processor of the third-party device, receiving a sub-pseudonym Ppseu and an identifier IDserver for identifying a Personal Identity Manager (PIM) from a user device; with the third-party device computer hardware processor, obtaining a set of public parameters {g,g∂
,G1,G2,ê
,H2,p} from the PIM system based on the identifier IDserver in which;p is a prime number and ∂
is a random number selected from a domain Zp,G1 and G2 are two groups of order q modulo p, in which q is a prime number, ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator in the group G1, and H2 is a one-way hash function and H2;
G2→
{0,1}*; andwith the third-party device computer hardware processor, authenticating a validation of the sub-pseudonym Ppseu by exchanging zero-knowledge proofs with a computer hardware processor of the user device on the basis of the set of public parameters, exchanging the zero-knowledge proofs including; selecting a random number t from a domain Zp, selecting an original session key Kses and a query content Na, and encrypting the query content Na with the original session key Kses to obtain an encrypted content Enc(Kses,Na), generating a query message <
gt,Kses⊕
H2(OBtcAt),Enc(Kses,Na)>
with the random number t, the set of public parameters, the sub-pseudonym Ppseu, and the encrypted content Enc(Kses,Na), in which OB=ê
(g∂
,QA);transmitting the query message to the user device, receiving a response message Enc(K*ses,Nb) from the user device, in which K*ses is a session key calculated with a computer hardware processor of the user device from the query message, and Nb is a response content selected by the user device computer hardware processor in accordance with a predetermined rule based on a query content decrypted from Enc(Kses,Na), decrypting the response message with the original session key Kses; and determining whether the predetermined rule is met between the decrypted response content Nb* and the query content Na so as to authenticate the validation of the sub-pseudonym Ppseu. - View Dependent Claims (10)
-
-
11. A Personal Identity Manager (PIM) system, comprising:
-
a PIM system computer hardware processor programmed to; determine a set of public parameters {g,g∂
,G1,G2,ê
,H2,p} and a set of private parameters in which;p is a prime number and ∂
is a random number selected from a domain Zp,G1 and G2 are two groups of order q modulo p, in which q is a prime number, ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator in the group G1, and H2 is a one-way hash function and H2;
G2→
{0,1}*,receive a user identity IDuser and a sub-pseudonym Ppseu=<
QA,QB,cA>
from a third-party device;generate a prime pseudonym Pprime=<
H1(IDuser),H1∂
(IDuser)>
based on the set of private parameters and the IDuser, in which H1 is a one-way hash function, ∂
is a random number selected from a domain Zp, and p is a selected prime number and H1;
G1→
{0,1}*;calculate a query parameter Ver=ê
(g∂
,QA)cA with the sub-pseudonym Ppseu and the set of public parameters; andsearch for a user identity ID′
user in a storage unit storing the IDuser based on the query parameter such that ê
(QB,H∂
(ID′
user))=Ver ;control a transmitter to transmit the prime pseudonym Pprime to a user device and transmit the ID′
user as a user identity corresponding to the sub-pseudonym Ppseu to the third-party device.
-
-
12. A user device comprising:
-
a transmitting unit configured to transmit a user identity IDuser to a Personal Identity Manager (PIM) system; a receiving unit configured to receive a set of public parameters {g,g∂
,G1,G2,ê
,H2,p} and a prime pseudonym Pprime corresponding to the IDuser from the PIM system, wherein;p is a prime number and ∂
is a random number selected from a domain Zp,G1 and G2 are two groups of order q modulo p, in which q is a prime number, ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator in the group G1, H2 is a one-way hash function and H2;
G2→
{0,1 }*,and the prime pseudonym Pprime=<
H1(IDuser),H1∂
(IDuser)>
,H1 is a one-way hash function, and H1;
G1→
{0,1}*; anda user computer hardware processor configured to; select at least two random numbers k1 and k2, and calculate a sub-pseudonym Ppseu with the selected random numbers k1 and k2, the public parameters, and the prime pseudonym Pprime, in which;
QA=H1k1 2 k2 (ID);
QB=gk1 2 ; andcA=ê
(QC,QD), in which QC=gk1 k2 , QD=H1∂
k1 (k2 − −
1
1)(ID), andk2k2−
1 mod p=1. - View Dependent Claims (13, 14, 15)
-
-
16. A third-party device from which a user requests a service, the third-party device comprising:
-
a receiving unit configured to receive a sub-pseudonym Ppseu and an identifier IDserver for identifying a Personal Identity Manager (PIM) system from a user device; a transmitting unit configured to transmit information to the user device; a computer hardware processor configured to; acquire a set of public parameters {g,g∂
,G1,G2,ê
,H2,p}from the PIM system based on the identifier IDserver in which;p is a prime number and ∂
is a random number selected from a domain Z p ,G1 and G2 are two groups of order q modulo p, in which q is a prime number, ê
is a bilinear map and ê
;
G1×
G1→
G2,g is a random generator in the group G1, and H2 is a one-way hash function and H2;
G2→
{0,1}*;select a random number t from the domain Z p , select an original session key Kses and a query content Na, and encrypt the query content Na with the original session key Kses so as to obtain an encrypted content Enc(Kses,Na); generate a query message <
gt,Kses⊕
H2(OBtcAt),ENC(Kses,Na)>
with the random number t, the set of public parameters, the sub-pseudonym Ppseu, and the encrypted content Enc(Kses,Na) in which OB=ê
(g∂
,QA) , and to control the transmitting unit to transmit the query message to the user device;decrypt a response message Enc(K*ses,Nb) received from the user device via the receiving unit with the original session key Kses , in which K*ses is a session key calculated by the user device from the query message, and Nb is a response content selected by the user device in accordance with a predetermined rule based on a query content decrypted from Enc(Kses,Na); and determine whether the predetermined rule is met between the decrypted response content Nb* and the query content Na, and to authenticate the sub-pseudonym Ppseu to be valid when the predetermined rule is met. - View Dependent Claims (17, 18)
-
Specification