Replacing blinded authentication authority

Description

BACKGROUND

A general purpose device such as a processor based system, for example, a personal or handheld computer, or a dedicated device such as an automated teller machine, may communicate with an entity, such as a server for a service provider, in a secure manner. The device, when interacting in such a manner, may be termed a secure device. In one example, a personal computer user may desire to use the computer, including software such as a browser executing on an operating system, as a secure device to access a stock account on the web.

The interacting entity may require that the device possess specific security related attributes before the entity communicates with the device. In the above example, prior to providing access, the stockbroker's web server may seek reliable information regarding security related characteristics of the user's computer and software executing on the computer. In general, this problem is solved by a certificate such as a digital certificate signed by the manufacturer of the secure device that makes a representation about the attributes of the secure device. In the example under consideration, this may be a signed digital certificate provided by the browser and signed by the manufacturer of the browser, or one provided by the operating system and signed by the manufacturer of the operating system, or provided directly by the computer hardware and signed by the hardware manufacturer, or some other type of certificate that assures the interacting entity, in this case the stockbroker's web server, that the device has certain characteristics or meets certain standards. Such a certificate could represent, for example, the level of encryption supported by the browser, or the existence and type of secure interconnection between the computer and any external peripherals. Such a certificate could also represent a hardware device in the platform that holds a cryptographic key and was manufactured to protect the key using specified protections.

In general, therefore, a manufacturing entity that is either the manufacturer itself or authorized by the manufacturer, may have signed several certificates that provide information about the capabilities of several secure devices provided by the manufacturer.

Occasionally, the signing key of the manufacturer may be compromised, for example, it may become known to an unauthorized party. This consequently prevents any device that subsequently authenticates itself to another entity using the manufacturer's signed certificate from guaranteeing its security related characteristics because the unauthorized party may have signed the certificate and the device certificate may thereby make a false representation about its security characteristics. Thus, bona fide devices that have been provided using the manufacturing entity's certificate prior to the signing key compromise must be issued a new certificate signed by a new uncompromised key that provides the same level of trust in the certificate as before the compromise.

The mechanism by which this may be achieved requires the manufacturing entity to maintain a list of the secure devices to which it has provided a signed certificate, and a secure time stamp recording a time earlier than the time at which the certificate was signed, for each secure device so authenticated. The combination of the signed certificate and the time stamp provides a guaranteed record of the secure device's state at that time of the signing with respect to the attributes represented by the certificate. Once a compromise occurs, a replacement authority, which may be the manufacturing entity itself or a physically separate entity, can then use the record to assign new certificates to the secure devices that are known to have been certified by the manufacturing entity prior to the compromise.

The replacement authority, on being notified, of the compromise generates a replacement signing key. Using the replacement key, the replacement authority then generates a new certificate for every secure device known to have a bona fide certificate previously provided by the manufacturing entity and not created as a result of the compromise. These certificates are then distributed to the bona fide secure devices; in one instance by having the secure devices download them from a distribution server.

The above replacement scenario is complicated when the process of signing certificates for secured devices is blinded. In a blinded signing, a secure device may obtain certificates from a manufacturing entity while keeping its identity hidden from the manufacturing entity. A secure device may in one class of implementations provide a manufacturing entity with information placing it in a known class of trusted devices without revealing its identity. This may be achieved by a protocol such as that described in, for example, Chaum, D. Security without identification: transaction systems to make big brother obsolete. Comm. of the ACM. 28(10):1030-1044; 1985 (Chaum). However, in such a blinded signing scenario, because the identity of the secure device is essentially unknowable to the manufacturing entity, it is not possible for the entity to provide information about the secure devices that have bona fide certificates to a replacement authority in the straightforward manner described earlier if a compromise of the manufacturing entity's signing key occurs.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 Depicts a flowchart of processing in one embodiment of the claimed subject matter.

FIG. 2 Depicts a processor based system in one embodiment of the claimed subject matter.

FIG. 3 Depicts a processor based system including a trusted module in one embodiment of the claimed subject matter.

DETAILED DESCRIPTION

FIG. 1 depicts processing in accordance with one embodiment of the claimed subject matter. In the figure, the processing at three sites is depicted, viz. at a manufacturing entity, at a secure device, and at a replacement authority. The depicted processing can be divided into four phases as shown in the figure. In the first phase, initialization, represented by box 191, a secure device and a manufacturing entity participate to create a signed certificate for the secure device signed by the manufacturing entity using a blinded signing process. In the second phase, compromise detection, represented by box 192, the manufacturing entity detects a compromise and notifies a replacement authority. In the third phase, authentication, represented by box 193, the replacement authority and the secure device communicate in order to establish to the replacement authority that the secure device is bona fide and has been properly certified by the manufacturing authority prior to the compromise. In the final phase, obtain new identity signature, the secure device and the replacement authority interact to create a new signed certificate for the secure device, once again using a blinded signing process.

The phases depicted in the figure are meant to teach a specific embodiment of the claimed subject matter. In other embodiments, many variations of the depicted processing are possible. For example, the replacement authority may be identical to the manufacturing entity in some embodiments. A single secure device in some embodiments may interact with multiple manufacturing entities and/or multiple replacement authorities. Conversely, the manufacturing entity may interact with multiple secure devices in some embodiments. In some embodiments, more than one certificate may be provided by a manufacturing entity to a particular secure device.

Next, initialization for this embodiment, as depicted in FIG. 1 at 191, is considered in detail. In this phase, the secure device first generates a secret identity, 100. This may be done, in one embodiment, by a process that generates a randomized sequence of bits to be used as the secret identity. In other embodiments the identity may be pre-provided by the manufacturer of the secure device or by a user, for example by entering a pass-phrase. In order to prevent the manufacturing entity from learning the device's secret identity while obtaining a certificate from the entity, the secure device then computes a blinded identity, 105, using a method such as that described in Chaum. The blinded identity is provided to the manufacturing entity for a signature in order to obtain a certificate. In addition, the secure device also generates a blinded identity ticket at step 110. This identity ticket is generated, in one embodiment, by applying a one-way function to the secret identity of the device. The ticket is transmitted to the manufacturing entity in this step.

The generation of the blinded identity ticket is done in a manner that allows later authentication by a replacement authority that the ticket was generated using the secret identity of the secure device, without requiring the secure device to actually disclose the secret identity. A method to achieve this property for a blinded identity ticket is described in detail in the pending U.S. patent application entitled SYSTEM AND METHOD FOR ESTABLISHING TRUST WITHOUT REVEALING IDENTITY, applicant Ernie F. Brickell, application Ser. No. 10/306,336, and assigned to Intel Corporation (Brickell). This method is termed the Direct Proof method and is used in this embodiment of the claimed subject matter. Specifically, the one-way function referenced above and used to compute the blinded identity ticket for the secure device from the secret identity of the device at step 110 is in accordance with Brickell. The Direct Proof method of Brickell is not detailed further in this application because the referenced co-pending application describes the method in detail. Of course, other methods that allow the creation of a blinded identity ticket that allows a replacement authority to authenticate a secure device without requiring the revelation of the secret identity of the secure device may be used in other embodiments in a step analogous to step 110 of this embodiment. Using the Brickell method, the identity ticket can be created by having the device perform a Direct Proof with a named base provided by the manufacturer or by the replacement authority, as described in the Brickell application.

Once the manufacturing entity has received the blinded identity and the identity ticket, it signs the blinded identity and returns it to the secure device at step 145 and then obtains a secure timestamp on the identity ticket indicating the time of signing and stores the identity ticket and the time stamp at step 150. Using a method such as that described in Chaum, the secure device in 115 then removes the blinding from the signed blinded identity to obtain a signed certificate from the manufacturing entity and stores the certificate for normal authentication of the device as a secure device as described in the Background section above.

The next stage of processing begins when the manufacturing entity detects a compromise of its signing key and in response to the compromise contacts the replacement authority, at 155, to initiate a certificate replacement process for secure devices that have previously received bona fide certificates from the manufacturing entity. The manufacturing entity at this stage has already provided or provides in a communication to the replacement authority the identity tickets of all bona fide secure devices whose certificates are to be replaced. In response to the request from the manufacturing entity, the replacement authority generates a new signing key for the new certificates to be issued at 160.

The first step in the certificate replacement process, box 193, is for the replacement authority to authenticate any secure device which is seeking a replacement for its original certificate. The replacement authority initiates a zero knowledge protocol with the secure device using, for example, the Direct Proof techniques of Brickell, and authenticates it using the information contained in the identity ticket, at 165 and 120. Once the secure device is authenticated as a possessor of the secret identity that was used to create the identity ticket using, for example, Direct Proof techniques, the replacement authority then checks to ensure that the secure device had a bona fide certificate provided by the manufacturing entity prior to the compromise by comparing the time stamp associated with the identity ticket with the estimated time of compromise, 170. The estimated time of compromise in general is no later than the time at which the compromise is detected. Once the time stamp has been validated to have been created earlier than the estimated time of compromise, the replacement authority and secure device in box 194 repeat a process similar to the previously described initialization process (box 191) to generate a new certificate using the new signing key. The difference is that in this instance the replacement authority is providing the certificate to the secure device instead of the manufacturing entity (though in practice the replacement authority may in some embodiments be identical to the manufacturing entity). As before, this process includes the secure device computing a blinded identity and generating an identity ticket at 130 and 135; the replacement authority signing the blinded identity and storing the identity ticket and the time of signing of the identity as a time stamp on the identity ticket at 175 and 180; and the secure device obtaining a certificate by removing the blinding from the signed blinded identity at 140. The secure device may also optionally choose to generate an entirely new secret identity at the start of the process at 125; or alternatively it may continue to use its former secret identity because the secrecy of that identity is uncompromised in the scenario described here.

FIGS. 2 and 3 depict two embodiments of a system including a secure device. In FIG. 2, the system is a processor based system including a processor 200, a memory 260 to store data and programs executable by the processor, a communication interface such as the network interface 280 that allows the system to communicate with other devices on a network, and a storage unit such as a disk 240 all interconnected by a bus system 220. In this system the secure device is embodied as a software program that is stored in the storage unit and loaded into memory and executed by the processor to perform the protocols described above, relating to the generation of certificates and their replacement. FIG. 3 represents another system including a secure device, however in this system the secure device is at least in part implemented as a hardware module termed a trusted module 310. As before the system includes a processor 300, interface 330, memory 350 and disk 340, but additionally includes the trusted module 310 implemented in hardware. In the system of FIG. 3, the operation of the secure device is performed at least in part by the trusted module and optionally by software loaded from the disk and stored in the memory to be executed by the processor. In an exemplary system, the trusted module may generate secret identities, provide security attribute information regarding the system and perform blinding and one way function generation to generate blinded identities; while the software portion of the secure device might initiate communication with outside entities and call upon the trusted module only for the functions listed above.

Many other implementations are, of course, possible, including in one instance an embodiment where the secure device is implemented entirely as a logic circuit and does not have an architecture as depicted in FIGS. 2 and 3.

While certain exemplary embodiments of the invention have been described above and shown in the accompanying drawings, it is to be understood that such embodiments are merely illustrative of and not restrictive on the broad aspects of various embodiments of the invention, and that these embodiments not be limited to the specific constructions and arrangements shown and described, since various other modifications are possible. It is possible to implement the embodiments of the invention or some of their features in hardware, programmable devices, firmware, software or a combination thereof.

Embodiments in accordance with the claimed subject matter may be provided as a computer program product that may include a machine-readable medium having stored thereon data which when accessed by a machine may cause the machine to perform a process according to the claimed subject matter. The machine-readable storage medium may include, but is not limited to, floppy diskettes, optical disks, DVD-ROM disks, DVD-RAM disks, DVD-RW disks, DVD+RW disks, CD-R disks, CD-RW disks, CD-ROM disks, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, magnet or optical cards, flash memory, or other type of media/machine-readable storage medium suitable for storing electronic instructions. Moreover, embodiments of the claimed subject matter may also be downloaded as a computer program product, wherein the program may be transferred from a remote computer to a requesting computer by way of data signals embodied in a carrier wave or other propagation medium via a communication link (e.g., a modem or network connection).

Many of the methods are described in their most basic form but steps can be added to or deleted from any of the methods and information can be added or subtracted from any of the described messages without departing from the basic scope of the claimed subject matter. It will be apparent to those skilled in the art that many further modifications and adaptations can be made. The particular embodiments are not provided to limit the invention but to illustrate it. The scope of the claimed subject matter is not to be determined by the specific examples provided above but only by the claims below.

Claims

1. At a manufacturing entity, a method comprising: providing a blinded identity signature to a secure device;obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the blinded identity signature; andin response to a compromise of a signing key used to create the blinded identity signature, the method further comprising: providing a time of the compromise of the signing key to a replacement authority; andproviding the time stamp on the blinded identity ticket to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the blinded identity signature.
2. The method of claim 1 wherein providing the time stamp on the blinded identity ticket to the replacement authority comprises: providing access to the time stamp of the blinded identity ticket to the replacement authority.
3. The method of claim 1, further comprising: receiving a blinded identity and the blinded identity ticket from the secure device; andsigning the blinded identity using the signing key, creating the blinded identity signature.
4. At a replacement authority, a method comprising: receiving from a manufacturing entity a time of compromise of a signing key and each blinded identity ticket of one or more authenticated secure devices that each require a replacement of respective blinded identity signatures;determining whether a time stamp on each blinded identity ticket is prior to the time of compromise, wherein each time stamp is a time of creation of the respective blinded identity signature of each respective authenticated secure device; andproviding a new blinded identity signature to each authenticated secure device in response to a determination that the respective time stamp is prior to the time of compromise.
5. The method of claim 4, further comprising authenticating each authenticated secure device in accordance with a zero knowledge protocol.
6. The method of claim 4, wherein the signing key is a first signing key, wherein each blinded identity ticket is a respective first blinded identity ticket, and wherein providing the new blinded identity signature to each authenticated secure device comprises: receiving a blinded identity and a second blinded identity ticket from each authenticated secure device;signing each blinded identity using a second signing key, creating the respective new blinded identity signature for each authenticated secure device; andsending each new blinded identity signature to each respective authenticated secure device.
7. The method of claim 6, wherein each time stamp is a respective first time stamp, and wherein providing the new blinded identity signature to each authenticated secure device further comprises: obtaining and storing a respective second time stamp on each second blinded identity ticket from each authenticated secure device, wherein each second fixed time stamp is a time of creation of the respective new blinded identity signature.
8. At a secure device, a method comprising: receiving a first blinded identity signature from a manufacturing entity; andin response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising: authenticating the secure device to a replacement authority; andreceiving a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key.
9. The method of claim 8, wherein authenticating the secure device to the replacement authority comprises: authenticating the secure device to the replacement authority in accordance with a zero knowledge protocol.
10. The method of claim 8, wherein receiving the new blinded identity signature from the replacement authority comprises: sending a blinded identity and a blinded identity ticket to the replacement authority; andreceiving the new blinded identity signature from the replacement authority, wherein the new blinded identity signature is created by signing the blinded identity ticket using a replacement signing key of the replacement authority.
11. The method of claim 8, wherein receiving the first blinded identity signature from the manufacturing entity comprises: sending a blinded identity and a blinded identity ticket to the manufacturing entity, wherein the first blinded identity signature received from the manufacturing entity is created by signing the blinded identity ticket using the signing key of the manufacturing entity.
12. A method comprising: a manufacturing entity sending a first blinded identity signature to a secure device;the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; andin response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising: the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to a replacement authority, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature;the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket;the replacement authority determining whether the time stamp is prior to the time of compromise; andthe replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise.
13. The method of claim 12, further comprising: the manufacturing entity receiving a blinded identity and the blinded identity ticket from the secure device; andthe manufacturing entity signing the blinded identity using the signing key, creating the first blinded identity signature.
14. The method of claim 12, further comprising the replacement authority authenticating the secure device in accordance with a zero knowledge protocol.
15. The method of claim 12, wherein the signing key is a first signing key, wherein the blinded identity ticket is a first blinded identity ticket, and wherein the replacement authority providing the new blinded identity signature to the secure device comprises: the replacement authority receiving a blinded identity and a second blinded identity ticket from the secure device;the replacement authority signing the blinded identity using a second signing key, creating the new blinded identity signature; andthe replacement authority sending the new blinded identity signature to the secure device.
16. The method of claim 15, wherein the time stamp is a first time stamp, and wherein the replacement authority providing the new blinded identity signature to the secure device further comprises: the replacement authority obtaining and storing a second time stamp on the second blinded identity ticket, wherein the second time stamp is a time of creation of the new blinded identity signature.
17. A system comprising: a processor to execute programs of the system;a storage unit, communicatively coupled to the processor, to store programs of the system;a communication interface, communicatively coupled to the processor, to communicate with a network;and a trusted program stored in the storage unit and executable on the processor of the system, wherein the trusted program is configured to:receive a first blinded identity signature from a manufacturing entity using the communication interface; andin response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the trusted program is further configured to: authenticate the system to a replacement authority; andreceive a new blinded identity signature from the replacement authority responsive to a determination by the replacement authority that a time of creation of the first blinded identity signature is earlier than a time of the compromise of the signing key.
18. The system of claim 17, wherein the trusted program is further configured to send a blinded identity and a blinded identity ticket to the manufacturing entity using the communication interface.
19. The system of claim 17, wherein the trusted program is further configured to authenticate the system to the replacement authority in accordance with a zero knowledge protocol.
20. The system of claim 17, wherein the trusted program is further configured to send a blinded identity and a blinded identity ticket to the replacement authority.
21. A non-transitory computer readable storage medium having instructions stored thereon which, when executed, cause a manufacturing entity and a replacement authority to perform the following method: the manufacturing entity sending a first blinded identity signature to a secure device;the manufacturing entity obtaining and storing a time stamp on a blinded identity ticket of the secure device, wherein the time stamp is a time of creation of the first blinded identity signature; andin response to a compromise of a signing key of the manufacturing entity, wherein the signing key is used to create the first blinded identity signature, the method further comprising: the manufacturing entity providing a time of the compromise of the signing key and the time stamp on the blinded identity ticket to the replacement authority;the replacement authority receiving the time of the compromise of the signing key and the time stamp on the blinded identity ticket, wherein the time stamp on the blinded identity ticket is provided to the replacement authority in response to a determination by the replacement authority that the secure device is an authenticated secure device that requires a replacement of the first blinded identity signature;the replacement authority determining whether the time stamp is prior to the time of compromise; andthe replacement authority providing a new blinded identity signature to the secure device in response to a determination that the time stamp is prior to the time of compromise.
22. The medium of claim 21, wherein the method performed by the execution of the stored instructions further comprises: the manufacturing entity receiving a blinded identity and the blinded identity ticket from the secure device; andthe manufacturing entity signing the blinded identity using the signing key, creating the first blinded identity signature.
23. The medium of claim 21, wherein the method performed by the execution of the stored instructions further comprises: the replacement authority authenticating the secure device in accordance with a zero knowledge protocol.
24. The medium of claim 21, wherein the signing key is a first signing key, wherein the blinded identity ticket is a first blinded identity ticket, and wherein the replacement authority providing the new blinded identity signature to the secure device comprises: the replacement authority receiving a blinded identity and a second blinded identity ticket from the secure device;the replacement authority signing the blinded identity using a second signing key, creating the new blinded identity signature; andthe replacement authority sending the new blinded identity signature to the secure device.
25. The medium of claim 24, wherein the time stamp is a first time stamp, and wherein the replacement authority providing the new blinded identity signature to the secure device further comprises: the replacement authority obtaining and storing a second time stamp on the second blinded identity ticket, wherein the second time stamp is a time of creation of the new blinded identity signature.

US Referenced Citations (262)

Number	Name	Date	Kind
3699532	Schaffer et al.	Oct 1972	A
3996449	Attanasio et al.	Dec 1976	A
4037214	Birney et al.	Jul 1977	A
4162536	Morley	Jul 1979	A
4207609	Luiz et al.	Jun 1980	A
4247905	Yoshida et al.	Jan 1981	A
4276594	Morley	Jun 1981	A
4278837	Best	Jul 1981	A
4307447	Provanzano et al.	Dec 1981	A
4319233	Matsuoka et al.	Mar 1982	A
4319323	Ermolovich et al.	Mar 1982	A
4347565	Kaneda et al.	Aug 1982	A
4366537	Heller et al.	Dec 1982	A
4403283	Myntti et al.	Sep 1983	A
4419724	Branigin et al.	Dec 1983	A
4430709	Schleupen et al.	Feb 1984	A
4521852	Guttag	Jun 1985	A
4529870	Chaum	Jul 1985	A
4571672	Hatada et al.	Feb 1986	A
4621318	Maeda	Nov 1986	A
4759064	Chaum	Jul 1988	A
4795893	Ugon	Jan 1989	A
4802084	Ikegaya et al.	Jan 1989	A
4825052	Chemin et al.	Apr 1989	A
4843541	Bean et al.	Jun 1989	A
4907270	Hazard	Mar 1990	A
4907272	Hazard	Mar 1990	A
4910774	Barakat	Mar 1990	A
4974159	Hargrove et al.	Nov 1990	A
4975836	Hirosawa et al.	Dec 1990	A
5007082	Cummins	Apr 1991	A
5022077	Bealkowski et al.	Jun 1991	A
5075842	Lai	Dec 1991	A
5079737	Hackbarth	Jan 1992	A
5187802	Inoue et al.	Feb 1993	A
5230069	Brelsford et al.	Jul 1993	A
5237616	Abraham et al.	Aug 1993	A
5255379	Melo	Oct 1993	A
5287363	Wolf et al.	Feb 1994	A
5293424	Hotley et al.	Mar 1994	A
5295251	Wakui et al.	Mar 1994	A
5317705	Gannon et al.	May 1994	A
5319760	Mason et al.	Jun 1994	A
5361375	Ogi	Nov 1994	A
5386552	Garney	Jan 1995	A
5421006	Jablon et al.	May 1995	A
5434999	Goire et al.	Jul 1995	A
5437033	Inoue et al.	Jul 1995	A
5442645	Ugon et al.	Aug 1995	A
5455909	Blomgren et al.	Oct 1995	A
5459867	Adams et al.	Oct 1995	A
5459869	Spilo	Oct 1995	A
5469557	Salt et al.	Nov 1995	A
5473692	Davis	Dec 1995	A
5479509	Ugon	Dec 1995	A
5488716	Schneider et al.	Jan 1996	A
5504922	Seki et al.	Apr 1996	A
5506975	Onodera	Apr 1996	A
5511121	Yacobi	Apr 1996	A
5511217	Nakajima et al.	Apr 1996	A
5522075	Robinson et al.	May 1996	A
5528231	Patarin	Jun 1996	A
5533126	Hazard et al.	Jul 1996	A
5555385	Osisek	Sep 1996	A
5555414	Hough et al.	Sep 1996	A
5560013	Scalzi et al.	Sep 1996	A
5564040	Kubala	Oct 1996	A
5566323	Ugon	Oct 1996	A
5568552	Davis	Oct 1996	A
5574936	Ryba et al.	Nov 1996	A
5582717	Di Santo	Dec 1996	A
5604805	Brands	Feb 1997	A
5606617	Brands	Feb 1997	A
5615263	Takahashi	Mar 1997	A
5628022	Ueno et al.	May 1997	A
5628023	Bryant et al.	May 1997	A
5633929	Kaliski, Jr.	May 1997	A
5657445	Pearce	Aug 1997	A
5668971	Neufeld	Sep 1997	A
5680547	Chang	Oct 1997	A
5684948	Johnson et al.	Nov 1997	A
5706469	Kobayashi	Jan 1998	A
5717903	Bonola	Feb 1998	A
5720609	Pfefferle	Feb 1998	A
5721222	Bernstein et al.	Feb 1998	A
5729760	Poisner	Mar 1998	A
5737604	Miller et al.	Apr 1998	A
5737760	Grimmer, Jr. et al.	Apr 1998	A
5740178	Jacks et al.	Apr 1998	A
5752046	Oprescu et al.	May 1998	A
5757919	Herbert et al.	May 1998	A
5764969	Kahle	Jun 1998	A
5796835	Saada	Aug 1998	A
5796845	Serikawa et al.	Aug 1998	A
5805712	Davis	Sep 1998	A
5809546	Greenstein et al.	Sep 1998	A
5815665	Teper et al.	Sep 1998	A
5825875	Ugon	Oct 1998	A
5825880	Sudia et al.	Oct 1998	A
5832089	Kravitz et al.	Nov 1998	A
5835594	Albrecht et al.	Nov 1998	A
5844986	Davis	Dec 1998	A
5852717	Bhide et al.	Dec 1998	A
5854913	Goetz et al.	Dec 1998	A
5867577	Patarin	Feb 1999	A
5872844	Yacobi	Feb 1999	A
5872994	Akiyama et al.	Feb 1999	A
5890189	Nozue et al.	Mar 1999	A
5900606	Rigal	May 1999	A
5901225	Ireton et al.	May 1999	A
5901229	Fujisaki et al.	May 1999	A
5903752	Dingwall et al.	May 1999	A
5919257	Trostle	Jul 1999	A
5935242	Madany et al.	Aug 1999	A
5935247	Pai et al.	Aug 1999	A
5937063	Davis	Aug 1999	A
5944821	Angelo	Aug 1999	A
5953422	Angelo et al.	Sep 1999	A
5953502	Helbig, Sr.	Sep 1999	A
5956408	Arnold	Sep 1999	A
5970147	Davis et al.	Oct 1999	A
5978475	Schneier et al.	Nov 1999	A
5978481	Ganesan et al.	Nov 1999	A
5987557	Ebrahim	Nov 1999	A
6014745	Ashe	Jan 2000	A
6035374	Panwar et al.	Mar 2000	A
6044478	Green	Mar 2000	A
6055637	Hudson et al.	Apr 2000	A
6058478	Davis	May 2000	A
6061794	Angelo	May 2000	A
6075938	Bugnion et al.	Jun 2000	A
6085296	Karkhanis et al.	Jul 2000	A
6088262	Nasu	Jul 2000	A
6092095	Maytal	Jul 2000	A
6093213	Favor et al.	Jul 2000	A
6101584	Satou et al.	Aug 2000	A
6108644	Goldschlag et al.	Aug 2000	A
6115816	Davis	Sep 2000	A
6125430	Noel et al.	Sep 2000	A
6131166	Wong-Isley	Oct 2000	A
6138239	Veil	Oct 2000	A
6148379	Schimmel	Nov 2000	A
6158546	Hanson et al.	Dec 2000	A
6173417	Merrill	Jan 2001	B1
6175924	Arnold	Jan 2001	B1
6175925	Nardone et al.	Jan 2001	B1
6178509	Nardone	Jan 2001	B1
6182089	Ganapathy et al.	Jan 2001	B1
6188257	Buer	Feb 2001	B1
6192455	Bogin et al.	Feb 2001	B1
6199152	Kelly et al.	Mar 2001	B1
6205550	Nardone et al.	Mar 2001	B1
6212635	Reardon	Apr 2001	B1
6222923	Schwenk	Apr 2001	B1
6249872	Wildgrube et al.	Jun 2001	B1
6252650	Nakaumra	Jun 2001	B1
6269392	Cotichini et al.	Jul 2001	B1
6272533	Browne et al.	Aug 2001	B1
6272637	Little et al.	Aug 2001	B1
6275933	Fine et al.	Aug 2001	B1
6282650	Davis	Aug 2001	B1
6282651	Ashe	Aug 2001	B1
6282657	Kaplan et al.	Aug 2001	B1
6292874	Barnett	Sep 2001	B1
6301646	Hostetter	Oct 2001	B1
6308270	Guthery et al.	Oct 2001	B1
6314409	Schneck et al.	Nov 2001	B2
6321314	Van Dyke	Nov 2001	B1
6327652	England et al.	Dec 2001	B1
6330670	England et al.	Dec 2001	B1
6339815	Feng	Jan 2002	B1
6339816	Bausch	Jan 2002	B1
6357004	Davis	Mar 2002	B1
6363485	Adams	Mar 2002	B1
6374286	Gee et al.	Apr 2002	B1
6374317	Ajanovic et al.	Apr 2002	B1
6378068	Foster	Apr 2002	B1
6378072	Collins et al.	Apr 2002	B1
6389537	Davis et al.	May 2002	B1
6397242	Devine et al.	May 2002	B1
6397379	Yates, Jr. et al.	May 2002	B1
6412035	Webber	Jun 2002	B1
6421702	Gulick	Jul 2002	B1
6435416	Slassi	Aug 2002	B1
6445797	McGough et al.	Sep 2002	B1
6463535	Drews et al.	Oct 2002	B1
6463537	Tello	Oct 2002	B1
6473508	Young et al.	Oct 2002	B1
6473800	Jerger et al.	Oct 2002	B1
6496847	Bugnion et al.	Dec 2002	B1
6499123	McFarland et al.	Dec 2002	B1
6505279	Phillips et al.	Jan 2003	B1
6507904	Ellison et al.	Jan 2003	B1
6529909	Bowman-Amuah	Mar 2003	B1
6535988	Poisner	Mar 2003	B1
6557104	Vu et al.	Apr 2003	B2
6560627	McDonald et al.	May 2003	B1
6609199	DeTreville	Aug 2003	B1
6615278	Curtis	Sep 2003	B1
6615347	de Silva et al.	Sep 2003	B1
6633963	Ellison et al.	Oct 2003	B1
6633981	Davis	Oct 2003	B1
6651171	England et al.	Nov 2003	B1
6678825	Ellison et al.	Jan 2004	B1
6684326	Cromer et al.	Jan 2004	B1
6795966	Lim et al.	Sep 2004	B1
6804630	Lee et al.	Oct 2004	B2
6871276	Simon	Mar 2005	B1
6988250	Proudler et al.	Jan 2006	B1
6990579	Herbert et al.	Jan 2006	B1
6996710	Ellison et al.	Feb 2006	B1
7013481	Ellison et al.	Mar 2006	B1
7028149	Grawrock et al.	Apr 2006	B2
7103529	Zimmer	Sep 2006	B2
7103771	Grawrock	Sep 2006	B2
7133990	Link et al.	Nov 2006	B2
7165181	Brickell	Jan 2007	B2
7167564	Asano et al.	Jan 2007	B2
7272831	Cota-Robles et al.	Sep 2007	B2
7287030	Margolus et al.	Oct 2007	B2
7356701	Margolus et al.	Apr 2008	B2
7370196	Simon	May 2008	B2
7463739	Couillard	Dec 2008	B2
7571324	Canard et al.	Aug 2009	B2
20010021969	Burger et al.	Sep 2001	A1
20010027511	Wakabayashi et al.	Oct 2001	A1
20010027527	Khidekel et al.	Oct 2001	A1
20010037450	Metlitski et al.	Nov 2001	A1
20020004900	Patel	Jan 2002	A1
20020007456	Peinado et al.	Jan 2002	A1
20020023032	Pearson et al.	Feb 2002	A1
20020147916	Strongin et al.	Oct 2002	A1
20020154782	Chow et al.	Oct 2002	A1
20020166061	Falik et al.	Nov 2002	A1
20020169717	Challener	Nov 2002	A1
20030002668	Graunke et al.	Jan 2003	A1
20030018892	Tello	Jan 2003	A1
20030037089	Cota-Robles et al.	Feb 2003	A1
20030037246	Goodman et al.	Feb 2003	A1
20030074548	Cromer et al.	Apr 2003	A1
20030093687	Westhoff et al.	May 2003	A1
20030112008	Hennig	Jun 2003	A1
20030115453	Grawrock	Jun 2003	A1
20030126442	Glew et al.	Jul 2003	A1
20030126453	Glew et al.	Jul 2003	A1
20030159056	Cromer et al.	Aug 2003	A1
20030188156	Yasala et al.	Oct 2003	A1
20030188179	Challener et al.	Oct 2003	A1
20030196085	Lampson et al.	Oct 2003	A1
20030226040	Challener et al.	Dec 2003	A1
20030231328	Chapin et al.	Dec 2003	A1
20030235175	Naghian et al.	Dec 2003	A1
20040103281	Brickell	May 2004	A1
20040117539	Bennett et al.	Jun 2004	A1
20040128345	Robinson et al.	Jul 2004	A1
20040128670	Robinson et al.	Jul 2004	A1
20040193888	Wiseman et al.	Sep 2004	A1
20050021968	Zimmer	Jan 2005	A1
20050069135	Brickell	Mar 2005	A1
20050071677	Khanna et al.	Mar 2005	A1
20050132202	Dillaway et al.	Jun 2005	A1
20050137889	Wheeler	Jun 2005	A1

Foreign Referenced Citations (47)

Number	Date	Country
4217444	Dec 1992	DE
0473913	Mar 1992	EP
0600112	Jun 1994	EP
0602867	Jun 1994	EP
0892521	Jan 1999	EP
0930567	Jul 1999	EP
0961193	Dec 1999	EP
0965902	Dec 1999	EP
1030237	Aug 2000	EP
1055989	Nov 2000	EP
1056014	Nov 2000	EP
1085396	Mar 2001	EP
1146715	Oct 2001	EP
1209563	May 2002	EP
1271277	Jan 2003	EP
2620248	Mar 1989	FR
2700430	Jul 1994	FR
2714780	Jul 1995	FR
2742618	Jun 1997	FR
2752122	Feb 1998	FR
2763452	Nov 1998	FR
2830147	Mar 2003	FR
2000076139	Mar 2000	JP
200694114	Apr 2006	JP
WO9524696	Sep 1995	WO
WO9729567	Aug 1997	WO
WO9812620	Mar 1998	WO
WO9834365	Aug 1998	WO
WO9844402	Oct 1998	WO
WO9905600	Feb 1999	WO
WO9918511	Apr 1999	WO
WO9957863	Nov 1999	WO
WO9965579	Dec 1999	WO
WO0021238	Apr 2000	WO
WO0062232	Oct 2000	WO
WO0127723	Apr 2001	WO
WO0127821	Apr 2001	WO
WO0163994	Aug 2001	WO
WO0175564	Oct 2001	WO
WO0175565	Oct 2001	WO
WO0175595	Oct 2001	WO
WO0201794	Jan 2002	WO
WO9909482	Jan 2002	WO
WO0217555	Feb 2002	WO
WO02060121	Aug 2002	WO
WO02086684	Oct 2002	WO
WO03058412	Jul 2003	WO

Related Publications (1)

	Number	Date	Country
	20050137898 A1	Jun 2005	US

Replacing blinded authentication authority

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

US Classifications

Field of Search

US

International Classifications

Term Extension

Abstract

Description

Claims

US Referenced Citations (262)

Foreign Referenced Citations (47)

Related Publications (1)