Non-transferable anonymous credential system with optional anonymity revocation
First Claim
1. A method for establishing a pseudonym system by having a certificate authority accepting a user as a new participant in said pseudonym system, the method comprising the steps of:
- receiving a first public key provided by said user;
verifying that said user is allowed to join the system;
computing a credential by signing the first public key using a secret key owned by said certificate authority; and
publishing said first public key and said credential,whereinthe step of receiving a first public key further includes receiving an external public key being registered for said user with an external public key infrastructure and receiving an encryption of a secret key encrypted by using said first public key;
the step of verifying that said user is allowed to join the system further includes verifying that said external public key is indeed registered with said external public key infrastructure;
the step of publishing said first public key and said credential comprises publishing said encryption and the name of the external public key infrastructure; and
additionally comprises the step of proving that the secret key corresponding to said external public key is encrypted in said received encryption.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method and system for securely proving ownership of pseudonymous or anonymous electronic credentials. A credential system is described consisting of users and organizations. An organization knows a user only by a pseudonym. The pseudonyms of the same user, established for use with different organizations, cannot be linked. An organization can issue a credential to a pseudonym, and the corresponding user can prove possession of this credential to another organization that knows him under another pseudonym. During the prove of possession of the credential nothing besides the fact that he owns such a credential is revealed. A refinement of the credential system provides credentials for unlimited use, so called multiple-show credentials, and credentials for one-time use, so called one-show credentials.
43 Citations
19 Claims
-
1. A method for establishing a pseudonym system by having a certificate authority accepting a user as a new participant in said pseudonym system, the method comprising the steps of:
-
receiving a first public key provided by said user; verifying that said user is allowed to join the system; computing a credential by signing the first public key using a secret key owned by said certificate authority; and publishing said first public key and said credential, wherein the step of receiving a first public key further includes receiving an external public key being registered for said user with an external public key infrastructure and receiving an encryption of a secret key encrypted by using said first public key; the step of verifying that said user is allowed to join the system further includes verifying that said external public key is indeed registered with said external public key infrastructure; the step of publishing said first public key and said credential comprises publishing said encryption and the name of the external public key infrastructure; and additionally comprises the step of proving that the secret key corresponding to said external public key is encrypted in said received encryption. - View Dependent Claims (2, 3, 4)
-
-
5. A method for establishing a pseudonym system by having an organization register a user, the method comprising the steps of:
-
receiving a first public key provided by said user; receiving a first encryption encrypted by using said first public key; proving that an existing public key is registered for said user with another organization of said pseudonym system and proving that the secret key corresponding to said existing public key is encrypted in said received first encryption; publishing said first public key, said first encryption and the name of said other organization. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for having a verifier checking possession of a credential by a user issued by a specified organization, the method comprising the steps of:
-
proving that an existing public key is registered for said user with said specified organization of said pseudonym system, receiving a third encryption encrypted by using a public key published by a revocation manager; and proving that said existing public key is encrypted in said received third encryption, wherein the step of proving that an existing public key is registered for said user with said specified organization of said pseudonym system includes proving possession of a credential issued by said organization of said existing public key. - View Dependent Claims (19)
-
Specification