Anonymous authentication signature system, user device, verification device, signature method, verification method, and program therefor

US 8,949,609 B2
Filed: 07/06/2010
Issued: 02/03/2015
Est. Priority Date: 07/13/2009
Status: Active Grant

First Claim

Patent Images

1. An anonymous authentication signature system constituted by mutually connecting a user device which generates and outputs signature data for a document inputted by a user and a verification device which verifies whether or not the signature data generated by the user device is proper and outputs a result thereof, wherein:

the user device includesa first recording unit which stores first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate,an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose,a cryptograph generator which generates a cryptograph based on at least two from among the first parameters,a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, anda signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed;

the verification device includesa second recording unit which stores second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate,an input receiver which receives the input of the document and the signature data from the user device, anda zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receives the signature data when judged as acceptable;

the user public key and the attribute certificate are generated by using a same power;

the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and

the signature text generator of the user device combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The user device includes: a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate; an input/output unit which receives input of the document from the user and an attribute the user intends to disclose; a cryptograph generating module which generates a cryptograph based on the inputted document, the attribute to be disclosed, and each of the parameters; a signature text generating module which generates a zero-knowledge signature text from the generated cryptograph; and a signature output module which outputs the cryptograph and the zero-knowledge signature text as the signature data. The user public key and the attribute certificate are generated by using a same power.

8 Citations

View as Search Results

16 Claims

1. An anonymous authentication signature system constituted by mutually connecting a user device which generates and outputs signature data for a document inputted by a user and a verification device which verifies whether or not the signature data generated by the user device is proper and outputs a result thereof, wherein:
- the user device includesa first recording unit which stores first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate,an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose,a cryptograph generator which generates a cryptograph based on at least two from among the first parameters,a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, anda signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed;
  
  the verification device includesa second recording unit which stores second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate,an input receiver which receives the input of the document and the signature data from the user device, anda zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receives the signature data when judged as acceptable;
  
  the user public key and the attribute certificate are generated by using a same power;
  
  the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and
  
  the signature text generator of the user device combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The anonymous authentication signature system as claimed in claim 1, wherein:
    - the first recording unit of the user device stores a group public key and a group private key as respective parameters given in advance; and
      
      the cryptograph generator of the user device generates the cryptograph based on data corresponding to the attribute to be disclosed in the attribute certificate, the user public key, the user private key, the group public key, and the group private key.
  - 3. The anonymous authentication signature system as claimed in claim 1, whereinthe signature text generator of the user device generates a zero-knowledge signature text for a fact that the cryptograph generated by the cryptograph generator is a cryptograph of data contained in the user public key.
  - 4. The anonymous authentication signature system as claimed in claim 1, wherein:
    - the input receiver of the verification device receives the input of the data of the attribute disclosed by the user; and
      
      the zero-knowledge certification verifier of the verification device verifies the zero-knowledge certification text contained in the signature data by using the attribute disclosed by the user and each of the parameters.
  - 5. The anonymous authentication signature system as claimed in claim 4, wherein:
    - the second recording unit of the verification device stores a group public key as the parameter given in advance; and
      
      the zero-knowledge certification verifier of the verification device verifies the zero-knowledge certification text contained in the signature data based on data corresponding to the attribute disclosed by the user, the user public key, the group public key, and the group private key.
  - 6. The anonymous authentication signature system as claimed in claim 1, comprising an attribute authentication device connected mutually to the user device and the verification device, whereinthe attribute authentication device includes an attribute authenticator which generates the attribute certificate based on the data corresponding to an attribute given to the user and data determined depending on the user private key and the user device.
  - 7. The anonymous authentication signature system as claimed in claim 6, comprising an attribute verification device connected mutually to the user device, the verification device, and the attribute authentication device, whereinthe attribute verification device includes an attribute verifier which verifies whether or not the attribute certificate is proper based on the data corresponding to the attribute given to the user and data corresponding to a group to which the user belongs.

8. A user device which generates and outputs signature data for a document inputted by a user, the user device comprising:
- a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate;
  
  an input/output unit which receives input of the document from the user and a plurality of attributes the user intends to disclose;
  
  a cryptograph generator which generates a cryptograph based on at least two from among the parameters;
  
  a signature text generator which generates a signature text from the cryptograph and generates a zero-knowledge signature text from the generated cryptograph and the attribute certificate corresponding to each of the attributes to be disclosed; and
  
  a signature outputter which outputs the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed, whereinthe user public key and the attribute certificate are generated by using a same power;
  
  the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key; and
  
  the signature text generator combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance.

9. A verification device which verifies whether or not signature data generated by a user device is proper and outputs a result thereof, the verification device comprising:
- a recording unit which stores system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate;
  
  an input receiver which receives input of a document from a user and the signature data; and
  
  a zero-knowledge certification verifier which judges whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters, and receives the signature data when judged as acceptable, whereinthe user public key and the attribute certificate are generated by using a same power, andthe signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

10. A signature method which generates and outputs signature data for a document inputted by a user, the method comprising:
- storing in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, and a member certificate as well as an attribute certificate generated by using a same power as that of the user public key;
  
  receiving input of the document from the user and a plurality of attributes the user intends to disclose;
  
  generating, using a cryptograph generator, a cryptograph based on at least two from among the parameters;
  
  combining, using a signature text generator, a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate a zero-knowledge signature text showing that the combined data satisfies an expression defined in advance; and
  
  outputting, using a signature outputter, the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed,wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

11. A verification method which verifies whether or not signature data generated by a user device is proper and outputs a result thereof, the method comprising:
- storing in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate generated by using a same power as that of the user public key;
  
  receiving input of a document from a user and the signature data;
  
  judging, using a zero-knowledge certification verifier, whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters; and
  
  receiving, using an input receiver, the signature data when judged as acceptable,wherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

12. A non-transitory computer readable recording medium storing a signature program for generating and outputting signature data for a document inputted by a user, the program causing a computer which stores in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, and a member certificate as well as an attribute certificate generated by using a same power as that of the user public key to execute:
- a procedure for receiving input of the document from the user and a plurality of attributes the user intends to disclose;
  
  a procedure for generating, using a cryptograph generator, a cryptograph based on at least two from among the parameters;
  
  a procedure for combining, using a signature text generator, a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate a zero-knowledge signature text showing that the combined data satisfies an expression defined in advance; and
  
  a procedure for outputting, using a signature outputter, the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed,wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

13. A non-transitory computer readable recording medium storing a verification program for verifying whether or not signature data generated by a user device is proper and outputting a result thereof, the program causing a computer which stores in advance system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate generated by using a same power as that of the user public key to execute:
- a procedure for receiving input of the document from a user and the signature data;
  
  a procedure for judging, using a zero-knowledge certification verifier, whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters; and
  
  a procedure for receiving, using an input receiver, the signature data when judged as acceptable,wherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

14. An anonymous authentication signature system constituted by mutually connecting user means for generating and outputting signature data for a document inputted by a user and verification means for verifying whether or not the signature data generated by the user device is proper and outputting a result thereof, wherein:
- the user means includes;
  
  first recording means for storing first system parameters as respective first parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate,input/output means for receiving input of the document from the user and a plurality of attributes the user intends to disclose,cryptograph generating means for generating a cryptograph based on at least two from among the first parameters,signature text generating means for generating a signature text from the cryptograph and for generating a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed, andsignature output means for outputting the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed;
  
  the verification means includes;
  
  second recording means for storing second system parameter as respective second parameters given in advance, the disclosure public key, the user public key, and the attribute certificate,input receiving means for receiving the input of the document and the signature data from the user means, andzero-knowledge certification verifying means for judging whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the second parameters, and receiving the signature data when judged as acceptable;
  
  the user public key and the attribute certificate are generated by using a same power; and
  
  the signature text generating means of the user means combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance,wherein the signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

15. User means for generating and outputting signature data for a document inputted by a user, the user device comprising:
- recording means for storing system parameters as respective parameters given in advance, a disclosure public key, a user public key, a user private key, a member certificate, and an attribute certificate;
  
  input/output means for receiving input of the document from the user and a plurality of attributes the user intends to disclose;
  
  cryptograph generating means for generating a cryptograph from at least two from among the parameters;
  
  signature text generating means for generating a signature text from the cryptograph and for generating a zero-knowledge signature text from the attribute certificate corresponding to each of the attributes to be disclosed; and
  
  signature output means for outputting the cryptograph and the zero-knowledge signature text as the signature data, along with the document and the plurality of attributes to be disclosed,wherein;
  
  the user public key and the attribute certificate are generated by using a same power;
  
  the signature text generating means combines a part of the user public key and a part of the attribute certificate corresponding to an attribute that is not disclosed to generate the zero-knowledge signature text showing that the combined data satisfies an expression defined in advance, andthe signature data contains a first element which does not include the plurality of attributes to be disclosed and includes the user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

16. Verification means for verifying whether or not signature data generated by a user device is proper and outputs a result thereof, the verification means comprising:
- recording means for storing system parameters as respective parameters given in advance, a disclosure public key, a user public key, and an attribute certificate;
  
  input receiving means for receiving input of a document from a user and the signature data; and
  
  zero-knowledge certification verifying means for judging whether or not a zero-knowledge certification text contained in the signature data is acceptable by verifying the zero-knowledge certification text contained in the signature data by using each of the parameters, and receiving the signature data when judged as acceptable,wherein the user public key and the attribute certificate are generated by using a same power, andwherein the signature data contains a first element which does not include a plurality of attributes the user intends to disclose and includes a user private key, and a second element which includes the plurality of attributes to be disclosed and does not include the user private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Teranishi, Isamu
Primary Examiner(s)
Tabor, Amare F
Assistant Examiner(s)
Zoubair, Noura

Application Number

US13/383,476
Publication Number

US 20120124379A1
Time in Patent Office

1,673 Days
Field of Search

713/158, 713/168, 713/175, 713/176, 713/180, 380/28, 380/30, 380/282, 380/284
US Class Current

713/175
CPC Class Codes

H04L 9/3218 using proof of knowledge, e...

H04L 9/3249 using RSA or related signat...

Anonymous authentication signature system, user device, verification device, signature method, verification method, and program therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Anonymous authentication signature system, user device, verification device, signature method, verification method, and program therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links