ATTRIBUTES IN CRYPTOGRAPHIC CREDENTIALS
First Claim
1. A computer implemented method for generating a cryptographic credential for use in certifying a plurality of user attributes, the method comprising the steps of:
- encoding, in said computer, each attribute as a prime number in accordance with a predetermined mapping of attributes to prime numbers;
calculating, in said computer, the product of the prime numbers encoding the attributes; and
generating, in said computer, an encoding of said product, thus producing the cryptographic credential for use in said certification.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for generating cryptographic credentials certifying user attributes and making cryptographic proofs about attributes encoded in such credentials. Attributes are encoded as prime numbers E in accordance with a predetermined mapping and a cryptographic credential is generated encoding E. To prove that an attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, without revealing the attribute in question, the proving module determines the product Q of respective prime numbers corresponding to the attributes in the set in accordance with the predetermined mapping of attributes to prime numbers. The proving module demonstrates to the receiving module possession of a cryptographic credential encoding a secret value that is the prime number E, and then whether this secret value divides the product value Q.
60 Citations
24 Claims
-
1. A computer implemented method for generating a cryptographic credential for use in certifying a plurality of user attributes, the method comprising the steps of:
-
encoding, in said computer, each attribute as a prime number in accordance with a predetermined mapping of attributes to prime numbers; calculating, in said computer, the product of the prime numbers encoding the attributes; and generating, in said computer, an encoding of said product, thus producing the cryptographic credential for use in said certification. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer implemented method for determining, in a verifying module of a data processing system, whether a cryptographic credential associated with a proving module of the system certifies a specified user attribute, said cryptographic credential encoding the product E of a plurality of prime numbers each encoding a respective user attribute in accordance with a predetermined mapping of attributes to prime numbers, the method comprising the steps of:
-
communicating with the verifying module to demonstrate possession of a cryptographic credential encoding said product E; and determining whether a prime number e encoding said specified attribute in accordance with said mapping divides the value E encoded in the credential, thus certifying the specified user attribute. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer implemented method for proving to a verifying module of a data processing system that a cryptographic credential associated with a proving module of the system certifies at least one of a predetermined set of user attributes, said cryptographic credential encoding the product E of a plurality of prime numbers each prime number encoding a respective user attribute in accordance with a predetermined mapping of attributes to prime numbers, the method comprising the steps of:
-
demonstrating to the verifying module possession of a cryptographic credential encoding E; and communicating with the verifying module to prove possession of a secret number d which divides both the value E encoded in the credential and a value Q that is the product of respective prime numbers encoding the attributes in said set in accordance with said predetermined mapping of attributes to prime numbers, thus proving said certification.
-
-
13. Apparatus for generating a cryptographic credential certifying a plurality of user attributes, the apparatus comprising control logic adapted for:
-
encoding each attribute as a prime number in accordance with a predetermined mapping of attributes to prime numbers; calculating the product of the prime numbers encoding the attributes; and generating a cryptographic credential encoding said product. - View Dependent Claims (14)
-
-
15. A computer implemented method for determining in a verifying module of a data processing system whether a user attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, the cryptographic credential encoding said user attribute as a prime number E in accordance with a predetermined mapping of attributes to prime numbers, the method comprising the steps of:
-
determining, in said computer, a product value Q which is the product of respective prime numbers corresponding to the attributes in said set in accordance with said predetermined mapping of attributes to prime numbers; communicating with the verifying module to demonstrate possession of a cryptographic credential encoding a secret value that is said prime number E; and demonstrating to the verifying module that said secret value divides the product value Q, thus demonstrating that said user attribute is a member of said set. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer implemented method for verifying at a verifying module of a data processing system whether a user attribute encoded in a cryptographic credential associated with a proving module of the system is a member of a predetermined set of user attributes, the cryptographic credential encoding said user attribute as a prime number E in accordance with a predetermined mapping of attributes to prime numbers, the method comprising the steps of:
-
communicating with the proving module to verify possession by the proving module of a cryptographic credential encoding a secret value E; and communicating with the proving module to determine whether said secret value divides a product value Q that is the product of respective prime numbers corresponding to the attributes in said set in accordance with said predetermined mapping of attributes to prime numbers. - View Dependent Claims (21)
-
-
22. A proving module of a data processing system for proving to a verifying module of the system whether a user attribute encoded in a cryptographic credential associated with the proving module is a member of a predetermined set of user attributes, the cryptographic credential encoding said user attribute as a prime number E in accordance with a predetermined mapping of attributes to prime numbers, the proving module comprising (i) a communications interface for communicating with the verifying module and (ii) control logic adapted to:
-
determine a product value Q that is the product of respective prime numbers corresponding to the attributes in said set in accordance with said predetermined mapping of attributes to prime numbers; communicate with the verifying module via said communications interface to demonstrate possession of a cryptographic credential encoding a secret value that is said prime number E; and communicate with the verifying module via said communications interface to prove whether said secret value divides the product value Q. - View Dependent Claims (23, 24)
-
Specification