EP1461898A1 - Verfahren und vorrichtung zur anonymen unterschrift mittels eines gemeinsamen privaten schlüssels - Google Patents

Verfahren und vorrichtung zur anonymen unterschrift mittels eines gemeinsamen privaten schlüssels

Info

Publication number
EP1461898A1
EP1461898A1 EP02801132A EP02801132A EP1461898A1 EP 1461898 A1 EP1461898 A1 EP 1461898A1 EP 02801132 A EP02801132 A EP 02801132A EP 02801132 A EP02801132 A EP 02801132A EP 1461898 A1 EP1461898 A1 EP 1461898A1
Authority
EP
European Patent Office
Prior art keywords
group
key
common
private key
calculation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02801132A
Other languages
English (en)
French (fr)
Inventor
Sébastien CANARD
Marc Girault
Jacques Traore
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
France Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom SA filed Critical France Telecom SA
Publication of EP1461898A1 publication Critical patent/EP1461898A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures

Definitions

  • the present invention relates to the field of telecommunications and more particularly to the securing of transmissions, in particular for services, which uses cryptography.
  • the individual signing the message must first obtain certification from the trusted authority by communicating at least their public key and identity.
  • the signature process calculates an electronic signature of the message by taking into account on the one hand the content of the message and on the other hand the private key of the individual.
  • the signatory transmits the message, the signature and his certificate to the recipient.
  • the recipient of the message verifies the electronic signature of the message using at least the public key and the content of the message.
  • An anonymous electronic signature has the same characteristics as an electronic signature except that the recipient cannot determine the identity of the signatory; the signatory remains anonymous.
  • the addressee can address himself to the trusted authority which has, via the certificate, a means to lift anonymity.
  • anonymous group signature An anonymous group signature process allows each member of a group to produce an electronic signature that is characteristic of the group. The recipient of a message accompanied by an anonymous group signature can verify that the signature was produced by one of the group members. However, he cannot determine, among the various members of the group, the member in question.
  • a group is a set of individuals who declare themselves to an authority as belonging to the same group. During this declaration, each individual interacts with the trusted authority according to a determined protocol at the end of which the individual obtains a private key, associated with a group public key previously determined by the trusted authority, and the authority and the individual obtain an identifier of the individual associated with this private key. Each of these individuals is in the continuation of the request designated by the term of member.
  • An example of such a protocol is described in the article by J. Camenisch and M. Michels which has for reference "Efficient group signature signature schemes for large groups", In B.
  • Kaliski editor, Advances in Cryptology - CRYPTO97, volume 1296 of LNCS, pages 410 to 424, Springer-Verlag, 1997.
  • the same interaction occurs when a new member arrives.
  • the existence of a group translates on the side of the authority of trust by the attribution to the group of a public key known as of group and by the attribution to each member of a private key associated with the public key, different for each member, and an identifier.
  • a member can produce an anonymous group signature of a message of their choice. Any recipient can verify that this signature has been produced by one of the members of the group, provided that the group public key is used.
  • the recipient is certain that the signature has been produced, or not, by a member of the group, but he does not obtain any information on the identifier of this member, the signatory communicates to the recipient only its identifier encrypted using a public key of the trusted authority; the signature is anonymous.
  • the recipient has the option of contacting the trusted authority, which can determine the identity of the signatory from the encrypted identifier accompanying the anonymous group signature.
  • the trusted authority can therefore lift anonymity at any time.
  • a group can evolve. According to a first type of evolution, new individuals can become members of the group.
  • the method encrypts, with an encryption algorithm, each of the results of these divisions and transmits to the recipient these encrypted results accompanied by determined elements.
  • the recipient uses the determined elements and the quantified results to verify on the one hand that the divisions were correctly carried out and on the other hand that all the results are different from 1; that is, to ensure that the signature was produced by an unrevoked member.
  • This process consists in using three additional keys in addition to the keys necessary for the success of the group signature: a private property key for each member, a public property key to allow each member to check the validity of his key and a public renewal key allowing each member to modify his private ownership key each time a member joins or leaves the group.
  • the trusted authority modifies the public ownership key and the renewal key.
  • Each remaining member of the group modifies their own private ownership key using the renewal key and checks its validity using the public ownership key.
  • signing a message electronically the signatory member uses their private property key.
  • the recipient can verify the electronic signature using the public ownership key.
  • One of the objectives of the invention is to remedy the drawbacks of the known and previously described methods.
  • the subject of the invention is a cryptographic method of anonymous signature of a message intended to be implemented by a member of a group, this group being composed of n members each equipped with a means of calculation and an associated storage means.
  • This process comprises initial steps which consist in the constitution of the group: in a first step, to calculate by a first means of calculation of a trusted authority, a pair of asymmetric keys common to the members of the group, this pair of keys consisting of a public key and a common private key, in a second step, to be calculated by the first means of calculation a group public key associated with the group, in a third step, for each member, during an interaction between the means of calculating the trusted authority and the means of calculating the member, calculating a private group key and storing this private group key in the member memorizing means, each group private key being associated with the group public key and being different for each member of the group,
  • a fourth step to determine by the first means of calculation as many symmetric secret keys as there are members of the group, in a fifth step, to encrypt by the first means of calculation the common private key with each of the secret keys to obtain as many of encrypted forms of the common private key than of unrevoked members.
  • the method comprises steps which consist: in a sixth step, by modifying by the first means of calculation the pair of common asymmetric keys to determine a public key and a private key up to date common, in a seventh step, to encrypt by the first means of calculation the common private key with each of the secret keys to obtain as many encrypted forms of the common private key as non-revoked members.
  • the method comprises steps which consist:
  • a so-called additional signature of the set composed of the message and the anonymous signature using the member's common private key.
  • the method according to the invention consists in supplementing the anonymous signature of a message made by a member with an additional signature.
  • This additional signature is calculated using a copy, held by the member, of a private signature key identical for all the members authorized to sign and unknown to all the dismissed members.
  • This so-called common private key is updated by the trusted authority each time a member of the group is dismissed. The update of the copy held by the member is triggered only during an anonymous signature phase of a message by this member and the update is only possible for an unrevoked member.
  • a method according to the invention is such that the group is set up on a date that is such that the steps also consist of:
  • the steps also consist of:
  • a method according to the invention is such that the steps also consist of:
  • a method according to the invention is such that the steps also consist of:
  • the method further comprises the step which consists in: deleting the secret key of the revoked member, from the storage means connected to the first calculation means, and is such as for updating the common private key stored by the member storage means, the method further comprises the steps which consist:
  • the subject of the invention is also a cryptographic device for anonymous signature of a digital message which comprises:
  • a first calculation means for calculating on the one hand at least one pair of asymmetric keys common to the members of the group composed of n members and on the other hand a public group key associated with the group, to calculate for each member, during '' an interaction with the member's calculation means, a group private key, each group private key being associated with the group public key and being different for each member of the group, to determine as many symmetric secret keys as members of the group group and to encrypt the common private key with each of the symmetric secret keys to obtain as many encrypted forms of the common private key as there are unrevoked members.
  • a device further comprises: - a storage means connected to the first calculation means via a communication network for storing at least the symmetric secret key of each member of the group, the group public key , the public key common to the members of the group and each of the different encrypted forms of the common private key.
  • the invention further relates to a smart card intended for a member of a group consisting of n members and intended to interact with a previous device. This card includes:
  • a calculation means for calculating an anonymous signature of a message using its private group key and for calculating an additional signature of the set composed of the message and the anonymous signature using the private key common of the member.
  • a card according to the invention is such that the updating means comprises a decryption means for decrypting one of the encrypted values of the common private key, calculated by the first calculation means of the device, at the using the common private key memorized by the member memorization means.
  • Figure 1 is a flow diagram of a method according to the invention.
  • FIG. 2 is a flow diagram of a particular embodiment of a method according to the invention.
  • Figure 3 is a diagram of a particular embodiment of a method according to the invention.
  • FIG. 1 represents a flow diagram of a cryptographic method of anonymous signature of a message according to the invention.
  • the method is intended to be implemented by a member of a group composed of n members. Each member has a means of calculation associated with a means of memorization. The process takes place in different steps which include initial steps and non-initial steps. The initial stages occur during the creation of the group and are listed below.
  • a first step consists in calculating 1 by a first means of calculating a trusted authority, a pair of asymmetric keys common to the members of the group; this key pair consists of a common public key and a common private key.
  • the algorithm used for the first step is a public key signature algorithm which may be the RSA algorithm, for R.L. Rivest, Shamir and L. Adleman who are the authors.
  • a second step consists in calculating 2 by the first means of calculating a group public key associated with the group.
  • the calculation is performed using a particular algorithm.
  • This algorithm can be that described in the article by J. Camemsch and M. Michels which has for reference "Efficient group signature signature schemes for large groups", In B. Kaliski, editor, Advances in Cryptology - CRYPTO97, volume 1296 of LNCS , pages 410 to 424, Springer-Verlag, 1997.
  • a third step consists in calculating 3 during an interaction between the trusted authority and each member of the group taken successively, a group private key associated with the group public key, each group private key being different for each member of the group. group.
  • the member's private group key is stored 4 by the member's storage means, the trusted authority is not aware of this key.
  • the calculation is performed using a particular algorithm. This algorithm can be that described in the article by J.Camenisch and M. Michels which has for reference "Efficient group signature signature schemes for large groups", In B.Kaliski, editor, Advances in Cryptology - CRYPTO97, volume 1296 of LNCS , pages 410 to 424, Springer-Verlag, 1997.
  • a fourth step consists in determining 5 by the first means of calculation as many symmetric secret keys as there are members of the group. This determination may consist of randomly drawing numbers and letters to form a key. Alternatively, the symmetric secret keys can verify a certain distribution. Such a distribution is described in the article by CKWong, MGGouda and SSLam entitled "Secure Group Communications Using Key Graph” - Technical Report TR-97-23, July 28, 1997.
  • a fifth step consists in encrypting 6 by the first means of calculating the common private key with each of the secret keys to obtain as many encrypted forms of the common private key as there are non-revoked members. The encryption is performed using an encryption algorithm such as the AES algorithm.
  • the symmetric secret keys verify a certain distribution which makes it possible not to encrypt the common private key with each of the secret keys but with only some of them.
  • composition of the group can change. 7.
  • a modification consists either of a dismissal within the group, or of the entry of a new member in the group. At each dismissal within the group and optionally upon the arrival of a new member, the process includes the following steps.
  • a sixth step consists in modifying 8 by the first means of calculation the pair of common asymmetric keys to determine a public key and a common private key up to date with the composition of the group. This modification is carried out using typically the same algorithm as that used during the first step.
  • a seventh step consists in encrypting 9 by the first means of calculating the common private key with each of the secret keys to obtain as many encrypted forms of the common private key as there are non-revoked members. This encryption is performed using typically the same algorithm as that used during the fifth step.
  • a group member can undertake to sign a message before forwarding it to a recipient.
  • the process comprises the following steps.
  • An eighth step consists in updating 11 the common private key memorized by the member memorization means only if one of the encrypted values of the common private key is decipherable using the symmetric secret key memorized by the memorization means. member.
  • the decryption is carried out using the same algorithm as that used during the seventh step, that is to say during the encryption.
  • the update is performed if the decryption algorithm makes it possible to decrypt one of the encrypted values of the common private key.
  • a ninth step consists in calculating 12 by the calculation means associated with the member memorization means, a so-called anonymous signature of the message using his group private key.
  • the calculation is performed using an anonymous signature algorithm.
  • Such an algorithm is described in the article by J. Camenisch and M.Stadler who has for reference "Efficient group signature signature schemes for large groups", In B. Kaliski, editor, Advances in Cryptology - CRYPTO97, volume 1296 of LNCS, pages 410 to 424, Springer-Verlag, 1997. Another description is given in the article by J.Camenisch and M.Michels which has for reference "A group signature scheme with improved efficiency. In K.Ohta and D.Pei, editors, Advances in cryptology- ASIACRYPT'98, volume 1514 of LNCS , pages 160-174, Springer-Verlag, 1998.
  • a tenth step consists in calculating 13 by the member calculation means a so-called additional signature of the set composed of the message and the anonymous signature, using the member's private common key.
  • the algorithm used for the tenth step is a public key signature algorithm which may be the RSA algorithm.
  • FIG. 2 is a flow diagram of a particular embodiment of the method according to the invention.
  • the elements already described with reference to FIG. 1 are not re-described. The specific elements are described below.
  • the first step further consists in associating 14 an update date equal to tl with the common private key, by considering that tl is the date of constitution of the group.
  • the third step further consists in storing 15 by the storing means of each member the date of updating of the common private key.
  • the method furthermore consists in modifying 16 by the first means of calculating the update date to determine an update date equal to the date t2.
  • the eighth step consists in updating the common private key memorized by the means of memorization of the member if, in addition, the date update date stored by the member storage means is different from the update date of the common private key updated by the first calculation means.
  • the date memorized by the member memorization means is equal to the date of updating of the updated group private key, there is no update by the member memorization means .
  • the member's calculation means does not update his common private key, he uses the private key common which is stored in the member storage means for calculating the additional signature.
  • FIG. 3 is a diagram of an embodiment of a method according to the invention by means of a system.
  • the system includes at least one calculation means and as many smart cards 211 as there are members in the group.
  • a trusted authority such as a natural person, a legal person, a national or international administration, has a computing means 20 represented by a server in FIG. 3.
  • This computing means 20 is connected by a first communication link 22 to a communication network 23 which may as well be a public network such as the Internet, as a private network such as a LAN network, short for Anglo-Saxon terms Local Area Network.
  • Each member of a group has a 21 card! a chip which comprises in the chip a means 24 for storage and a means 25 for calculation. Each member also holds, or has access to, a reader 26 of this card rehé by a second communication link 27 to a personal computer 28, or any equivalent computer.
  • the personal computer 28 is rehé by a third communication link 29 to the communication network 23.
  • the constitution of the group with the trusted authority results in an interaction between the trusted authority and each member of the group.
  • the server 20 of the trusted authority calculates a pair of asymmetric keys 30, 31 common to the members of the group and a group public key 32 associated with the group.
  • the server 20 of the trusted authority and the means 25 for calculating the member calculate a key 33 ! private group.
  • the group private key 33 ⁇ is stored in the means 24 for storing the member's smart card.
  • the member has his own group private key which is different from the group private key of all the other members.
  • the pair 30, 31 of common asymmetric keys consists of a common public key 30 and a common private key 31. This pair 30, 31 can be associated with an update date D which is initialized on the date tl of calculation of this pair.
  • the group private keys are different for each member of the group and are associated with the group public key 32.
  • the server 20 of the trusted authority determines a key 34 ! symmetrical secret.
  • the server 20 then encrypts the common private key 31 with each of the secret keys 34i to obtain as many encrypted forms of the common private key 31 as of non-revoked members.
  • the server 20 of the trusted authority and the means 25 for calculating the member also calculate an identifier 35i of the member.
  • the chip card 211 stores in its storage means 24 the common private key 31, the member's private group key 33 1 and the secret key 341 assigned to the member.
  • the keys are transferred to a smart card during interaction using conventional methods.
  • the trusted authority keeps a copy of each of the symmetrical and identifying secret keys 34j 35i of each member in a memory space which can be a memory zone of the server 20 or an associated storage means 36.
  • the different public keys and the encrypted values of the common private key 31 are stored in a directory which is stored in a public part of the memory space 20, 36; that is to say directly accessible, in particular, by each member of the group or, in particular, by each recipient of a message and this via the network 23.
  • the group can evolve, either by the entry of a new member in the group, or by the dismissal of a member of the group.
  • the server 20 modifies the pair of common asymmetric keys 30, 31 to determine a pair of asymmetric keys up to date with the composition of the group. This update is performed on a given date known as the update. It can also be carried out when a new member enters the group.
  • the server 20 After determining this pair of up-to-date common asymmetric keys, the server 20 makes available in encrypted form the private key 31 of this pair of asymmetric keys for each of the smart cards 211 of the non-revoked members of the group.
  • the server 20 calculates as many encrypted forms as there are non-revoked members by using the key 34; personal secret to each of these members.
  • the server 20 encrypts the private key 31 of the pair of up-to-date common asymmetric keys 30, 31.
  • Each of the personal secret keys 34 ⁇ introduced as an input argument of the encryption algorithm used corresponds to a result which is the value encrypted of the common private key 31 of the pair of asymmetric keys up to date.
  • the different results and, generally, the date of update are stored in the directory.
  • the means 25 for calculating the card 21 ! smart connects to the memory space 20, 36 in which the directory is stored, via the personal computer 28 and the network 23.
  • the smart card 21 ⁇ reads in the directory the date D to update the common private key.
  • the means 25 for calculating the chip card 211 compares this update date D with that O ⁇ which it holds in its storage means 24. Either these dates are different, or these dates are identical.
  • card 21! chip can, for example, copy into its storage means 24 the various encrypted forms of the common private key 31.
  • the means 25 for calculating the smart card 21. r can then undertake to decrypt each of the encrypted forms of the common private key 31 using the decryption algorithm which is associated with the encryption algorithm previously used.
  • the input arguments include on the one hand, the personal secret key 341 stored in the card 21 ! on the other hand, taken successively, the encrypted forms of the common private key 31. At the first correct decryption result, card 21!
  • Another method consists in placing before each encrypted form of the common private key 31 an identifier of the member concerned.
  • the means 25 for calculating the smart card 21 i can then undertake to test each of the encrypted forms of the common private key 31 using the identifier. When it arrives at a valid test, it then undertakes to decrypt the encrypted form of the common private key 31 which corresponds to it using the decryption algorithm which is associated with the previously used encryption algorithm.
  • the input arguments include on the one hand, the personal secret key 34 ⁇ stored in the card 21 ! on the other hand, the encrypted form of the common private key 31.
  • the smart card does not make a copy in its means 24 of memorizing the different encrypted forms of the common private key 31. This situation arises when no change in the group has taken place since the member's entry into the group; card 21 ! chip holds the latest update of the common private key 31.
  • the means 25 for calculating the smart card 21 1 retrieves the message stored in the computer 28.
  • the means 25 for calculating the smart card 21 1 calculates an anonymous signature of this message to using the signature algorithm.
  • the input arguments comprise on the one hand the message and on the other hand the group private key 33 1 stored in the chip storage means 24.
  • the means 25 for calculating the chip card 211 calculates a second so-called additional signature of the assembly formed of the message and the anonymous signature using the previous signature algorithm.
  • the input arguments comprise on the one hand the assembly formed of the anonymous message and signature and on the other hand the common private key 31 stored in the member storage means.
  • card 21 ! smart transmits to the recipient chosen by the member, the additional signature, the anonymous signature and the message.
  • the recipient can in these conditions verify that the member who signed the message is a non-revoked member. To this end, the recipient verifies each of the two signatures, the additional signature and the anonymous signature, using the common public key, respectively the group public key. To verify, the recipient uses a verification algorithm available for example on a personal computer.
  • the input arguments comprise on the one hand the message and on the other hand the common public key, respectively the group public key.
  • a first application of a method according to the invention is electronic voting.
  • Electronic voting takes place in two phases:
  • the voter obtains a private group key according to a method according to the invention.
  • the anonymous signature that the voter can produce from his group private key is said to be "correlable”. This means that, in the event that the voter attempts to anonymously sign a second ballot by producing an anonymous signature, that ballot will be rejected by the ballot box. Indeed, the anonymous signature being correlable, the ballot box is able to verify that it is a second anonymous signature.
  • a malicious voter cannot claim to have lost their group private key, receive another, and be able to vote twice. Indeed, the implementation of a method according to the invention makes it possible to prohibit the use of the first group private key; this group private key is updated when he declares having lost the first group private key. This loss is managed by the implementation of a process according to the invention such as a revocation of the member.
  • a second application of a method according to the invention is an electronic auction service.
  • the auctions involve three protagonists: an auction server, a trusted authority and a client. All of the clients form a group called the client group.
  • a user wishing to register with the group of clients must contact the trusted authority which provides him with his group private key. He thus obtains the right to produce an anonymous group signature.
  • the trusted authority which provides him with his group private key. He thus obtains the right to produce an anonymous group signature.
  • he can sign each of his auctions anonymously.
  • each member of the client group can bid by signing a message containing in particular the product put up for sale and the amount of their bid.
  • the auction server can verify group membership and therefore the validity of the auction by verifying the anonymous group signature.
  • the winner is the one who gives the last bid before the auction.
  • the last message received by the auction server is therefore that of the winner.
  • the server then addresses this message and the corresponding anonymous group signature to the trusted authority, which is the only one capable of lifting anonymity and
  • the auctions involve dynamic groups: new people can join the group every day, a member can leave the group or be excluded for fraud at any time. It is therefore essential to set up a revocation system to prevent a revoked member from being able to use their signature fraudulently. Indeed, the revoked member could continue to use his private group key to participate in the auctions and distort the smooth running of the latter, for example by increasing the amount. And, if he takes care to withdraw early enough from the process so as not to win the auction in question, then this fraud is not detected since only the identity of the winner is finally revealed.
  • the implementation of a method according to the invention makes it possible to solve the problem of revocation of one or of member (s) of the group.
  • a third application of a method according to the invention is electronic payment. It involves four protagonists: a customer, a merchant, a bank and a trusted authority. Each client must be identified by the system and obtain a group private key before being able to make their first transaction. To make a payment, the customer must withdraw electronic documents from his bank. The pieces he removes are anonymous thanks to the use of a mechanism called blind signature.
  • the expenditure of a C piece at a merchant is done as follows: the chent generates a group signature relating to C pieces and transmits the signature and C pieces set to the merchant. The merchant verifies the signature of the bank attached to each piece C and verifies the group signature. If each of the two signatures is valid, the merchant accepts the transaction.
  • the merchant forwards to his bank the signatures and the documents received in payment for transfer to his account.
  • the bank sends the group signature relating to the disputed document to the trusted authority so that it identifies the indelicate price and sanctions the offender.
  • a reliable mechanism for revoking compromised group private keys is necessary in order to avoid fraud of the following type: a dishonest client reports the loss of his group private key to the trusted authority and therefore declines all responsibility for fraud that could be committed with s. The chent gives his key to his accomplice, who can then use s to sign the coins c he has legitimately withdrawn from the bank, and then spend them as many times as he wishes.
  • a method according to the invention solves the problem of revoking group private keys.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
EP02801132A 2002-01-04 2002-12-13 Verfahren und vorrichtung zur anonymen unterschrift mittels eines gemeinsamen privaten schlüssels Withdrawn EP1461898A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0200107 2002-01-04
FR0200107A FR2834598B1 (fr) 2002-01-04 2002-01-04 Procede et dispositif de signature anonyme au moyen d'une cle privee partagee
PCT/FR2002/004335 WO2003061193A1 (fr) 2002-01-04 2002-12-13 Procede et dispositif de signature anonyme au moyen d'une cle privee partagee

Publications (1)

Publication Number Publication Date
EP1461898A1 true EP1461898A1 (de) 2004-09-29

Family

ID=8871175

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02801132A Withdrawn EP1461898A1 (de) 2002-01-04 2002-12-13 Verfahren und vorrichtung zur anonymen unterschrift mittels eines gemeinsamen privaten schlüssels

Country Status (6)

Country Link
US (1) US7571324B2 (de)
EP (1) EP1461898A1 (de)
JP (1) JP4082717B2 (de)
AU (1) AU2002364839A1 (de)
FR (1) FR2834598B1 (de)
WO (1) WO2003061193A1 (de)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10181953B1 (en) * 2013-09-16 2019-01-15 Amazon Technologies, Inc. Trusted data verification
GB2407948B (en) * 2003-11-08 2006-06-21 Hewlett Packard Development Co Smartcard with cryptographic functionality and method and system for using such cards
US8037314B2 (en) * 2003-12-22 2011-10-11 Intel Corporation Replacing blinded authentication authority
US20080091941A1 (en) * 2004-09-03 2008-04-17 Nec Corporation Group Signature System, Member Status Judging Device, Group Signature Method And Member Status Judging Program
US7516326B2 (en) * 2004-10-15 2009-04-07 Hewlett-Packard Development Company, L.P. Authentication system and method
US20060112271A1 (en) * 2004-11-22 2006-05-25 Murata Kikai Kabushiki Kaisha Cipher mail server device
US8074067B2 (en) * 2005-02-10 2011-12-06 Nec Corporation Member certificate acquiring device, member certificate issuing device, group signing device, and group signature verifying device
JP2007004461A (ja) * 2005-06-23 2007-01-11 Nec Corp サービス提供システム、アウトソーシング業者装置、サービス提供方法およびプログラム
FR2892252B1 (fr) * 2005-10-17 2008-01-25 Oberthur Card Syst Sa Procede et dispositif de creation d'une signature de groupe et procede et dispositif de verification d'une signature de groupe associes.
EP1826979A1 (de) * 2006-02-27 2007-08-29 BRITISH TELECOMMUNICATIONS public limited company System und Verfahren zur Einrichtung einer sicheren Gruppe von Dateneinheiten in einem Computernetzwerk
WO2007099276A1 (en) * 2006-03-02 2007-09-07 British Telecommunications Public Limited Company Message processing methods and systems
US8615801B2 (en) * 2006-08-31 2013-12-24 Microsoft Corporation Software authorization utilizing software reputation
US8090954B2 (en) 2007-03-16 2012-01-03 Microsoft Corporation Prevention of unauthorized forwarding and authentication of signatures
US7958057B2 (en) * 2007-03-28 2011-06-07 King Fahd University Of Petroleum And Minerals Virtual account based new digital cash protocols with combined blind digital signature and pseudonym authentication
EP1975830A1 (de) * 2007-03-30 2008-10-01 British Telecommunications Public Limited Company Verteiltes Computersystem
EP1976220A1 (de) * 2007-03-30 2008-10-01 British Telecommunications Public Limited Company Computernetzwerk
JP5186790B2 (ja) 2007-04-06 2013-04-24 日本電気株式会社 電子マネー取引方法、及び電子マネーシステム
US20080301433A1 (en) * 2007-05-30 2008-12-04 Atmel Corporation Secure Communications
JP4971917B2 (ja) * 2007-09-11 2012-07-11 日本放送協会 署名生成装置、署名検証装置、グループ管理装置、およびそれらのプログラム
US8464058B1 (en) 2008-04-08 2013-06-11 Hewlett-Packard Development Company, L.P. Password-based cryptographic method and apparatus
WO2010013699A1 (ja) * 2008-07-28 2010-02-04 日本電気株式会社 署名システム
FR2950213A1 (fr) * 2009-09-11 2011-03-18 France Telecom Procede de generation d'un certificat numerique
US9806890B2 (en) * 2010-05-19 2017-10-31 Koninklijke Philips N.V. Attribute-based digital signature system
GB2490483B (en) 2011-04-26 2019-05-29 Hewlett Packard Entpr Dev Lp Digital signature method and system
ES2400895B1 (es) * 2011-05-13 2014-03-24 Telefónica, S.A. Método para realizar una firma digital de grupo
FR2979044B1 (fr) * 2011-08-09 2013-08-30 Morpho Procede de gestion et de controle de donnees de differents domaines d'identite organises en ensemble structure
KR101543711B1 (ko) * 2011-10-11 2015-08-12 한국전자통신연구원 짧은 서명을 제공하는 경량 그룹서명 방법 및 장치
US10038679B2 (en) * 2012-12-24 2018-07-31 Intel Corporation Centralized secure device pairing
CN103208151B (zh) * 2013-04-03 2016-08-03 天地融科技股份有限公司 处理操作请求的方法及***
WO2015105479A1 (en) * 2014-01-07 2015-07-16 Empire Technology Development Llc Anonymous signature scheme
US20170288866A1 (en) * 2016-03-30 2017-10-05 AVAST Software s.r.o. Systems and methods of creating a distributed ring of trust
US10776772B2 (en) 2016-09-30 2020-09-15 Middleware, Inc. Automated digital method and system of providing or sharing access
US11257066B2 (en) 2016-09-30 2022-02-22 Middleware, Inc. Automated digital method and system of providing or sharing access
US20220051314A1 (en) * 2018-09-12 2022-02-17 Nec Corporation Information processing apparatus, information processing system, member identification method, and non-transitory computer readable medium storing program
FR3091107A1 (fr) * 2018-12-24 2020-06-26 Orange Procédé et système de génération de clés pour un schéma de signatures anonymes
US10735205B1 (en) * 2019-03-08 2020-08-04 Ares Technologies, Inc. Methods and systems for implementing an anonymized attestation chain
US10790990B2 (en) 2019-06-26 2020-09-29 Alibaba Group Holding Limited Ring signature-based anonymous transaction
US11576037B2 (en) * 2019-10-18 2023-02-07 Huawei Technologies Co., Ltd. Issuing offline PKI certificates in distributed V2X network
US11398916B1 (en) 2019-12-18 2022-07-26 Wells Fargo Bank, N.A. Systems and methods of group signature management with consensus
US11483162B1 (en) 2019-12-18 2022-10-25 Wells Fargo Bank, N.A. Security settlement using group signatures
US11611442B1 (en) 2019-12-18 2023-03-21 Wells Fargo Bank, N.A. Systems and applications for semi-anonymous communication tagging

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6298153B1 (en) * 1998-01-16 2001-10-02 Canon Kabushiki Kaisha Digital signature method and information communication system and apparatus using such method
JP2000124887A (ja) * 1998-10-14 2000-04-28 Fuji Xerox Co Ltd グループ単位の暗号化・復号方法および署名方法ならびに装置
JP2000148012A (ja) * 1998-11-12 2000-05-26 Fuji Xerox Co Ltd 認証装置および方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO03061193A1 *

Also Published As

Publication number Publication date
FR2834598B1 (fr) 2004-02-20
FR2834598A1 (fr) 2003-07-11
WO2003061193A1 (fr) 2003-07-24
AU2002364839A1 (en) 2003-07-30
US20050169461A1 (en) 2005-08-04
US7571324B2 (en) 2009-08-04
JP4082717B2 (ja) 2008-04-30
JP2005525721A (ja) 2005-08-25

Similar Documents

Publication Publication Date Title
WO2003061193A1 (fr) Procede et dispositif de signature anonyme au moyen d'une cle privee partagee
EP2441207B1 (de) Kryptografisches verfahren für anonyme authentifizierung und separate identifizierung eines benutzers
EP1459479A2 (de) Kryptographisches system für eine gruppensignatur
EP0055986B1 (de) Sicherheitsverfahren und -vorrichtung zur Dreieckkommunikation von vertraulichen Daten
EP1612991B1 (de) Elektronisches Wahlverfahren und -system in einem Hochsicherheitskommunikationsnetz
WO2005122466A1 (fr) Abrege descriptif procede et systeme de signature de liste
FR2625636A1 (fr) Systeme pour acheminer des informations pour une authentification fiable d'une multitude de documents
FR2625013A1 (fr) Systeme et procede fiables d'authentification de document
WO2011117486A1 (fr) Infrastructure non hierarchique de gestion de bi-cles de securite de personnes physiques
WO2007012584A1 (fr) Procédé de contrôle de transactions sécurisées mettant en oeuvre un dispositif physique unique à bi-clés multiples, dispositif physique, système et programme d'ordinateur correspondants
EP2345202A2 (de) Digitalsignaturverfahren in zwei schritten
WO2007045745A1 (fr) Procede et dispositif de creation d'une signature de groupe et procede et dispositif de verification d'une signature de groupe associes
WO2007012583A1 (fr) Procede de controle de transactions securisees mettant en oeuvre un dispositif physique unique, dispositif physique, systeme, et programme d'ordinateur correspondants
EP1523824B1 (de) Verfahren zur listenunterschrift und anwendung bei einer elektronischen wahl
EP3965361B1 (de) Datenaustausch zwischen einem client und einem fernen gerät, z.b. ein geschützten modul
WO2003060841A1 (fr) Procede cryptographique de revocation a l'aide d'une carte a puce
FR2720209A1 (fr) Procédé de réalisation d'une transaction électronique sécurisée.
CA2831167C (fr) Infrastructure non hierarchique de gestion de bi-cles de securite de personnes physiques ou d'elements (igcp/pki)
EP1989819B1 (de) Verfahren zum zertifizieren eines öffentlichen schlüssels durch einen nicht zertifizierten anbieter
WO2008081151A2 (fr) Procede de signature de liste anonyme et correlable
FR2813467A1 (fr) Procede de generation de signatures non-repudiables, notamment par un systeme embarque, et systeme embarque pour la mise en oeuvre du procede
FR2949932A1 (fr) Procede cryptographique d'abonnement anonyme a un service

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20040702

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK RO

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20120605