Replacing blinded authentication authority
First Claim
Patent Images
1. A method comprising:
- detecting, at a manufacturing entity, that a signing key has been compromised, wherein the manufacturing entity has used the signing key to authenticate one or more secure devices; and
providing, from the manufacturing entity to a replacement authority, a blinded identity ticket associated with a first secure device having a certificate to be replaced due to the compromise, wherein the blinded identity ticket is separate from the certificate that is to be replaced for the first secure device, wherein the manufacturing entity is separate from the replacement authority and the replacement authority is to authenticate the first secure device and provide a new certificate to the first secure device.
0 Assignments
0 Petitions
Accused Products
Abstract
A manufacturing entity provides a blinded signature to a secure device and associates a time with the blinded signature. If a signing key is compromised, the manufacturing entity provides a time of the compromise and the time associated with the blinded signature to the replacement authority.
273 Citations
11 Claims
-
1. A method comprising:
-
detecting, at a manufacturing entity, that a signing key has been compromised, wherein the manufacturing entity has used the signing key to authenticate one or more secure devices; and providing, from the manufacturing entity to a replacement authority, a blinded identity ticket associated with a first secure device having a certificate to be replaced due to the compromise, wherein the blinded identity ticket is separate from the certificate that is to be replaced for the first secure device, wherein the manufacturing entity is separate from the replacement authority and the replacement authority is to authenticate the first secure device and provide a new certificate to the first secure device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving, at a replacement authority from a manufacturing entity, a time of compromise of a signing key and a blinded identity ticket associated with a first secure device that is to be authenticated with another signing key having a certificate to be replaced due to the compromise, the blinded identity ticket separate from the certificate for the first secure device; comparing a time stamp on the blinded identity ticket associated with the first secure device with the time of compromise of the signing key; and authenticating the first secure device and providing a new blinded identity signature to the first secure device in response to determining that a time of signing the blinded identity ticket for the first secure device with the signing key indicated by the time stamp on the blinded identity ticket is earlier than the time of compromise of the signing key, wherein the replacement authority is separate from the manufacturing entity. - View Dependent Claims (7)
-
-
8. A non-transitory machine-readable medium having stored thereon instructions, which if performed by a machine of a manufacturing entity cause the machine to perform a method comprising:
-
detecting, at the manufacturing entity, that a signing key has been compromised, wherein the signing key has been used to authenticate a first secure device; and providing, from the manufacturing entity to a replacement authority, a blinded identity ticket associated with the first secure device having a certificate to be replaced due to the compromise, the blinded identity ticket separate from the certificate that is to be replaced for the first secure device, wherein the manufacturing entity is separate from the replacement authority and the replacement authority is to authenticate the first secure device and provide a new certificate to the first secure device. - View Dependent Claims (9, 10, 11)
-
Specification