WO2006066143A3 - Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity - Google Patents

Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity Download PDF

Info

Publication number
WO2006066143A3
WO2006066143A3 PCT/US2005/045798 US2005045798W WO2006066143A3 WO 2006066143 A3 WO2006066143 A3 WO 2006066143A3 US 2005045798 W US2005045798 W US 2005045798W WO 2006066143 A3 WO2006066143 A3 WO 2006066143A3
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
validity
key data
certificates
decryption
Prior art date
Application number
PCT/US2005/045798
Other languages
French (fr)
Other versions
WO2006066143A2 (en
Inventor
Zulfikar Amin Ramzan
Craig B Gentry
Bernhard Bruhn
Original Assignee
Ntt Docomo Inc
Zulfikar Amin Ramzan
Craig B Gentry
Bernhard Bruhn
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ntt Docomo Inc, Zulfikar Amin Ramzan, Craig B Gentry, Bernhard Bruhn filed Critical Ntt Docomo Inc
Priority to EP05854500A priority Critical patent/EP1825634A4/en
Priority to JP2007546972A priority patent/JP2008524931A/en
Publication of WO2006066143A2 publication Critical patent/WO2006066143A2/en
Publication of WO2006066143A3 publication Critical patent/WO2006066143A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

A certification authority (CA, 120) generates decryption key data (K'F) for each set (F) in the complement cover (804) for a plurality of digital certificates. The CA encrypts all or a portion of the validity proof data (cj(i)) for each digital certificate (140.i) for each time period j for which the validity proof is to be provided. For each certificate, the decryption can be performed with decryption keys (K,,;) that can be obtained from the decryption key data (K'F) for any set containing the certificate. The CA distributes the encrypted portions of the validity proof data to prover systems that will provide validity proofs in the periods j. To perform certificate re-validation in a period j, the CA constructs the complement cover for the set of the revoked certificates, and distributes the decryption key data (K'F) for the sets in the complement cover. In some embodiments, for each period j, the decryption keys (Ki) are also a function of the decryption key data provided for the preceding periods of time. Therefore, to perform the re-validation, the CA constructs the complement cover not for the set of all the revoked certificates but only for the set of the certificates revoked in the previous period j-1. The complement cover size can therefore be reduced. Other features and embodiments are also provided.
PCT/US2005/045798 2004-12-17 2005-12-16 Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity WO2006066143A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP05854500A EP1825634A4 (en) 2004-12-17 2005-12-16 Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity
JP2007546972A JP2008524931A (en) 2004-12-17 2005-12-16 Multiple certificate revocation using encrypted certificate data for certificate validity / invalidity certification

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US63717704P 2004-12-17 2004-12-17
US60/637,177 2004-12-17
US11/304,201 US7315941B2 (en) 2004-12-17 2005-12-14 Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity
US11/304,201 2005-12-14

Publications (2)

Publication Number Publication Date
WO2006066143A2 WO2006066143A2 (en) 2006-06-22
WO2006066143A3 true WO2006066143A3 (en) 2006-10-12

Family

ID=36588616

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/045798 WO2006066143A2 (en) 2004-12-17 2005-12-16 Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity

Country Status (4)

Country Link
US (1) US7315941B2 (en)
EP (1) EP1825634A4 (en)
JP (1) JP2008524931A (en)
WO (1) WO2006066143A2 (en)

Families Citing this family (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7103574B1 (en) * 1999-03-27 2006-09-05 Microsoft Corporation Enforcement architecture and method for digital rights management
US7370212B2 (en) 2003-02-25 2008-05-06 Microsoft Corporation Issuing a publisher use license off-line in a digital rights management (DRM) system
US7568096B2 (en) * 2004-04-23 2009-07-28 Microsoft Corporation Rendering digital content in a content protection system according to a plurality of chained digital licenses
JP4794560B2 (en) 2004-08-31 2011-10-19 株式会社エヌ・ティ・ティ・ドコモ Cryptographic digital certificate revocation
US8347078B2 (en) 2004-10-18 2013-01-01 Microsoft Corporation Device certificate individualization
US20060089917A1 (en) * 2004-10-22 2006-04-27 Microsoft Corporation License synchronization
US8336085B2 (en) 2004-11-15 2012-12-18 Microsoft Corporation Tuning product policy using observed evidence of customer behavior
US8438645B2 (en) 2005-04-27 2013-05-07 Microsoft Corporation Secure clock with grace periods
US8725646B2 (en) * 2005-04-15 2014-05-13 Microsoft Corporation Output protection levels
US9363481B2 (en) 2005-04-22 2016-06-07 Microsoft Technology Licensing, Llc Protected media pipeline
US9436804B2 (en) * 2005-04-22 2016-09-06 Microsoft Technology Licensing, Llc Establishing a unique session key using a hardware functionality scan
US20060265758A1 (en) * 2005-05-20 2006-11-23 Microsoft Corporation Extensible media rights
JP4771053B2 (en) * 2005-05-27 2011-09-14 日本電気株式会社 Integrated shuffle validity proving device, proof integrating device, integrated shuffle validity verifying device, and mixed net system
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
IL178488A0 (en) * 2006-10-05 2008-01-20 Nds Ltd Improved key production system
FR2912578B1 (en) * 2007-02-13 2009-05-22 Airbus France Sas METHOD OF AUTHENTICATING AN ELECTRONIC DOCUMENT AND METHOD OF VERIFYING A DOCUMENT THUS AUTHENTICATED.
JP5060222B2 (en) * 2007-09-11 2012-10-31 株式会社東芝 Account management system, base account management device, derivative account management device, and program
US8230215B2 (en) * 2008-04-11 2012-07-24 Toyota Motor Engineering & Manufacturing North America, Inc. Method for allocating multiple authentication certificates to vehicles in a vehicle-to-vehicle communication network
US8254580B2 (en) * 2009-09-30 2012-08-28 Telefonaktiebolaget L M Ericsson (Publ) Key distribution in a hierarchy of nodes
ES2732548T3 (en) * 2010-02-12 2019-11-25 Ericsson Telefon Ab L M Discovery of trust in a communications network
US20110231535A1 (en) * 2010-03-18 2011-09-22 Ian Charles Starnes Wireless Sensor Network
US8295825B2 (en) * 2010-11-30 2012-10-23 Motorola Solutions, Inc. Method to facilitate late joining of a call
FR2979044B1 (en) * 2011-08-09 2013-08-30 Morpho METHOD FOR MANAGING AND CONTROLLING DATA OF DIFFERENT FIELDS OF IDENTITY ORGANIZED IN THE ENHANCEMENT STRUCTURE
US9425967B2 (en) 2013-03-20 2016-08-23 Industrial Technology Research Institute Method for certificate generation and revocation with privacy preservation
US9603113B2 (en) * 2013-10-29 2017-03-21 Qualcomm Incorporated Distributed algorithm for constructing and maintaining a hierarchical structure for device-to-device synchronization
CN104901931B (en) * 2014-03-05 2018-10-12 财团法人工业技术研究院 certificate management method and device
US9680827B2 (en) 2014-03-21 2017-06-13 Venafi, Inc. Geo-fencing cryptographic key material
US9654922B2 (en) 2014-03-21 2017-05-16 Venafi, Inc. Geo-fencing cryptographic key material
US9647998B2 (en) 2014-03-21 2017-05-09 Venafi, Inc. Geo-fencing cryptographic key material
US9577823B2 (en) * 2014-03-21 2017-02-21 Venafi, Inc. Rule-based validity of cryptographic key material
US9686244B2 (en) 2014-03-21 2017-06-20 Venafi, Inc. Rule-based validity of cryptographic key material
US9531533B2 (en) * 2014-03-21 2016-12-27 Venafi, Inc. Rule-based validity of cryptographic key material
US20160164884A1 (en) * 2014-12-05 2016-06-09 Skuchain, Inc. Cryptographic verification of provenance in a supply chain
US10333696B2 (en) 2015-01-12 2019-06-25 X-Prime, Inc. Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency
US9436923B1 (en) 2015-02-26 2016-09-06 Skuchain, Inc. Tracking unitization occurring in a supply chain
US9641338B2 (en) 2015-03-12 2017-05-02 Skuchain, Inc. Method and apparatus for providing a universal deterministically reproducible cryptographic key-pair representation for all SKUs, shipping cartons, and items
JP6166804B1 (en) * 2016-01-28 2017-07-19 株式会社三井住友銀行 Electronic contract management system, method and program
US10374808B2 (en) 2017-03-08 2019-08-06 Bank Of America Corporation Verification system for creating a secure link
US10425417B2 (en) 2017-03-08 2019-09-24 Bank Of America Corporation Certificate system for verifying authorized and unauthorized secure sessions
US10361852B2 (en) 2017-03-08 2019-07-23 Bank Of America Corporation Secure verification system
US10432595B2 (en) 2017-03-08 2019-10-01 Bank Of America Corporation Secure session creation system utililizing multiple keys
EP3493461A1 (en) * 2017-12-01 2019-06-05 Nagravision S.A. Capability revocation
JP6952661B2 (en) * 2018-08-30 2021-10-20 株式会社東芝 Information processing equipment, communication equipment, information processing systems, information processing methods, and information processing programs
US11005654B2 (en) 2019-05-14 2021-05-11 Google Llc Outsourcing exponentiation in a private group

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6141347A (en) * 1998-08-26 2000-10-31 Motorola, Inc. Wireless communication system incorporating multicast addressing and method for use
US6381695B2 (en) * 1997-08-22 2002-04-30 International Business Machines Corporation Encryption system with time-dependent decryption
US6381696B1 (en) * 1998-09-22 2002-04-30 Proofspace, Inc. Method and system for transient key digital time stamps
US6397329B1 (en) * 1997-11-21 2002-05-28 Telcordia Technologies, Inc. Method for efficiently revoking digital identities
US7043024B1 (en) * 2001-04-18 2006-05-09 Mcafee, Inc. System and method for key distribution in a hierarchical tree

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7337315B2 (en) 1995-10-02 2008-02-26 Corestreet, Ltd. Efficient certificate revocation
US7353396B2 (en) 1995-10-02 2008-04-01 Corestreet, Ltd. Physical access control
US5717757A (en) 1996-08-29 1998-02-10 Micali; Silvio Certificate issue lists
US5717758A (en) 1995-11-02 1998-02-10 Micall; Silvio Witness-based certificate revocation system
US6292893B1 (en) 1995-10-24 2001-09-18 Silvio Micali Certificate revocation system
US5793868A (en) 1996-08-29 1998-08-11 Micali; Silvio Certificate revocation system
US6097811A (en) 1995-11-02 2000-08-01 Micali; Silvio Tree-based certificate revocation system
US6487658B1 (en) 1995-10-02 2002-11-26 Corestreet Security, Ltd. Efficient certificate revocation
US6766450B2 (en) 1995-10-24 2004-07-20 Corestreet, Ltd. Certificate revocation system
US5666416A (en) 1995-10-24 1997-09-09 Micali; Silvio Certificate revocation system
US8732457B2 (en) 1995-10-02 2014-05-20 Assa Abloy Ab Scalable certificate validation and simplified PKI management
US5687235A (en) 1995-10-26 1997-11-11 Novell, Inc. Certificate revocation performance optimization
US6301659B1 (en) 1995-11-02 2001-10-09 Silvio Micali Tree-based certificate revocation system
US5699431A (en) 1995-11-13 1997-12-16 Northern Telecom Limited Method for efficient management of certificate revocation lists and update information
US5903651A (en) 1996-05-14 1999-05-11 Valicert, Inc. Apparatus and method for demonstrating and confirming the status of a digital certificates and other data
US6044462A (en) 1997-04-02 2000-03-28 Arcanvs Method and apparatus for managing key revocation
US6128740A (en) 1997-12-08 2000-10-03 Entrust Technologies Limited Computer security system and method with on demand publishing of certificate revocation lists
US6226743B1 (en) * 1998-01-22 2001-05-01 Yeda Research And Development Co., Ltd. Method for authentication item
JP2001265216A (en) * 2000-03-16 2001-09-28 Nippon Telegr & Teleph Corp <Ntt> Method and device for publishing public key certificate
US6950853B2 (en) * 2000-06-27 2005-09-27 The Regents Of The University Of California Multisite coordination in shared multicast trees
CN1666460A (en) 2002-05-09 2005-09-07 松下电器产业株式会社 Public key certificate revocation list generation apparatus, revocation judgement apparatus, and authentication system
US20030236976A1 (en) 2002-06-19 2003-12-25 Microsoft Corporation Efficient membership revocation by number
FI20021738A0 (en) 2002-09-30 2002-09-30 Ssh Comm Security Oyj Procedure for producing certificate revocation lists
KR100402348B1 (en) 2003-07-02 2003-10-22 Bong Taek Kim Automatic train protection stop device for controlling railroad using data communication
KR100519770B1 (en) 2003-07-08 2005-10-07 삼성전자주식회사 Method and apparatus for distributed certificate management for Ad-hoc networks
ATE451656T1 (en) 2003-09-19 2009-12-15 Ntt Docomo Inc METHOD AND DEVICE FOR EFFICIENT CERTIFICATE REVOKAL
JP3894181B2 (en) 2003-10-10 2007-03-14 株式会社日立製作所 Method and apparatus for speeding up public key certificate verification

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6381695B2 (en) * 1997-08-22 2002-04-30 International Business Machines Corporation Encryption system with time-dependent decryption
US6397329B1 (en) * 1997-11-21 2002-05-28 Telcordia Technologies, Inc. Method for efficiently revoking digital identities
US6141347A (en) * 1998-08-26 2000-10-31 Motorola, Inc. Wireless communication system incorporating multicast addressing and method for use
US6381696B1 (en) * 1998-09-22 2002-04-30 Proofspace, Inc. Method and system for transient key digital time stamps
US7043024B1 (en) * 2001-04-18 2006-05-09 Mcafee, Inc. System and method for key distribution in a hierarchical tree

Also Published As

Publication number Publication date
US20070074036A1 (en) 2007-03-29
EP1825634A4 (en) 2011-05-11
WO2006066143A2 (en) 2006-06-22
EP1825634A2 (en) 2007-08-29
US7315941B2 (en) 2008-01-01
JP2008524931A (en) 2008-07-10

Similar Documents

Publication Publication Date Title
WO2006066143A3 (en) Multi-certificate revocation using encrypted proof data for proving certificate&#39;s validity or invalidity
WO2009025459A3 (en) Method of and apparatus for sharing secret information between devices in home network
Boldyreva et al. Identity-based encryption with efficient revocation
WO2001089133A3 (en) Method and apparatus for self-authenticating digital records
Jo et al. Reliable cooperative authentication for vehicular networks
CA2556155A1 (en) Token provisioning
WO2006026737A3 (en) Revocation of cryptographic digital certificates
WO2005067672A3 (en) Batch ocsp and batch distributed ocsp
ES2170167T3 (en) SECRET KEY CERTIFICATES.
SE9901671D0 (en) Cryptographic method and system
WO2006066142A3 (en) Use of modular roots to perform authentication including authentication of validity of digital certificates
MX9602773A (en) Cryptographic system and method with key escrow feature.
WO2003030444A1 (en) Intrusion-tolerant digital certificate distribute system and distribute method
WO2006078654A3 (en) A cryptographic system for resource starved ce device secure upgrade and re-configuration
EP2012248A3 (en) Method and apparatus for distributed authorization by anonymous flexible credential
MXPA02009771A (en) Authentication of data transmitted in a digital transmission system.
CN107294718B (en) Attribute-based encryption method for revocable key strategy in standard model
GB2378865A (en) Packaging evidence for long term validation
ATE362249T1 (en) METHOD AND DEVICES FOR CREATING FAIR BLIND SIGNATURES
Lee et al. The security of a strong proxy signature scheme with proxy signer privacy protection
EP1843517A3 (en) Validating cryptographic digital certificates
GB201222212D0 (en) Malware detection
Preetha et al. MLPPT-MHS: Multi-Layered Privacy Preserving and Traceable Mobile Health System
JP4744929B2 (en) Anonymous authentication system, device and program
Grundner-Culemann A Survey of Revocation Mechanisms in Identity-based Cryptography

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2005854500

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2007546972

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWP Wipo information: published in national office

Ref document number: 2005854500

Country of ref document: EP