WO2023282129A1 - 検証可能なクレームを取得するユーザ装置、当該ユーザ装置を含むシステム及び検証可能なクレームを取得する方法 - Google Patents
検証可能なクレームを取得するユーザ装置、当該ユーザ装置を含むシステム及び検証可能なクレームを取得する方法 Download PDFInfo
- Publication number
- WO2023282129A1 WO2023282129A1 PCT/JP2022/025806 JP2022025806W WO2023282129A1 WO 2023282129 A1 WO2023282129 A1 WO 2023282129A1 JP 2022025806 W JP2022025806 W JP 2022025806W WO 2023282129 A1 WO2023282129 A1 WO 2023282129A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- value
- user device
- origin
- generator
- acquisition request
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 15
- 230000004044 response Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims 3
- 238000007726 management method Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 101100328518 Caenorhabditis elegans cnt-1 gene Proteins 0.000 description 2
- 101100254610 Caenorhabditis elegans rps-3 gene Proteins 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013499 data model Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- Non-Patent Document 1 discloses "Verifiable Credentials". Note that a verifiable credential may also be denoted as a verifiable claim (VC). In the following description, verifiable claims and verifiable credentials are simply referred to as "claims.” The claim contains personal information of its owner. Examples of personal information included in a claim can be the date of birth, education, medical history, assets, etc. of the owner of the claim. Claims are issued by organizations that can guarantee the personal information included in the complaint (CP (Claims Provider), such as local governments, schools, hospitals, and banks.
- CP Cosmetic Application Provider
- the RP can confirm that the owner satisfies the predetermined conditions.Specifically, for example, the RP can It can be confirmed that the owner is over a predetermined age and has assets over a predetermined amount.
- the claim includes, for example, a signature generated with the private key of the CP issuing the claim.
- the RP confirms that the presented claim was issued by the CP and that the content of the presented claim has been tampered with. I can confirm that it is not.
- Claims may also include a Distributed Identifier (DID) for the RP to determine if the person submitting the claim to the RP is the rightful owner of the claim.
- DID is a unique identifier for an owner, whose value can be obtained by becoming an identity provider themselves.
- the CP includes the value of the DID in the claim when issuing the claim. This associates the claim with that DID.
- CPs Since the personal information that a CP can guarantee depends on its content, there can be multiple CPs for each type of personal information (age, educational background, assets, etc.). In addition, there may be multiple RPs because there are various organizations that need to confirm personal information.
- FIG. 1 shows CP#1 to CP#N of number N (where N is an integer of 1 or more) and RP#1 to #M of number M (where M is an integer of 1 or more).
- the user device in FIG. 1 is a device used by a claim owner (hereinafter referred to as a user) who obtains a claim from the CP and presents it to the RP.
- a user device may be, for example, a smart phone, a tablet, a personal computer (PC).
- the user device receives and stores claim VC#n from CP#n (n is an integer from 1 to N). It is assumed that claims VC#1 to VC#N are associated with the same DID. In this case, the user equipment needs to use the same DID for RP#1 to RP#M.
- RP#2 receives VC#2
- RP#M receives VC#1 and VC#N. If the DID used by the user is the same regardless of the RP, RP#2 and RP#M cooperate (collusion) so that RP#2 and RP#M are connected to VC#1, VC#2, and It can be determined that the users who submitted VC#N are the same. In this way, RPs cooperate with each other to specify various complaints from a certain user, so that the RP can unfairly obtain various personal information of the user.
- DID#m DID#m
- VC#n DID#m
- the user equipment acquires two VC#1 (DID#1) and VC#1 (DID#M) from CP#1.
- the user equipment presents VC#1 (DID#1) to RP#1 and presents VC#1 (DID#M) to RP#M.
- DID#M VC#1
- the RP sends a challenge to the user equipment when a claim is presented.
- the user device generates a signature for the challenge with the private key of the public key pair included in the claim and sends it to the RP.
- the RP can determine whether the user is the rightful owner of the claim by verifying the signature with the public key included in the claim.
- the user must make the public key included in the claim different.
- the user device must manage the private key for the public key included in each claim, and the amount of information to be kept secret in the user device increases.
- the present invention provides a technology that makes it difficult to perform name identification, eliminates restrictions on where to submit claims, and reduces the amount of information held by user devices.
- a user device comprises holding means for holding confidential information, generating means for generating a generator, and calculation for obtaining a commitment corresponding to the generator based on the generator and the secret information. means, and a verifiable claim (VC ), wherein the value of the origin used by the obtaining means to obtain the new VC is the value of the origin used by the obtaining means to obtain the VC in the past. different from the value of
- FIG. 4 is an explanatory diagram when using the same DID for each RP;
- FIG. 4 is an explanatory diagram when using different DIDs for each RP;
- 1 is a configuration diagram of a system according to one embodiment;
- FIG. 4 is a sequence diagram of complaint acquisition processing according to an embodiment;
- FIG. 4 is a sequence diagram of complaint presentation processing according to one embodiment;
- 1 is a functional block diagram of a user device according to one embodiment;
- FIG. 3 is a configuration diagram of the system according to this embodiment.
- a user equipment 1 , a plurality of CPs 2 and a plurality of RPs 3 are connected to a network 4 .
- the user device 1 is configured to be able to communicate with multiple CPs 2 and multiple RPs 3 via the network 4 .
- the number of CP2 is N (N is an integer of 1 or more)
- the number of RP3 is M (M is an integer of 1 or more).
- CP#n n is an integer from 1 to N
- RP#m m is 1 to M.
- the user device 1 acquires and stores the complaint from the CP 2 according to the user's operation. In addition, the user device 1 presents the stored complaint to the RP3 according to the user's operation.
- the number of combinations of CP2 and RP3 is N ⁇ M, and in the following description, as an example, it is assumed that the user device 1 acquires N ⁇ M complaints in advance. Note that the user device acquires M complaints from each CP3.
- FIG. 4 is a sequence diagram of complaint acquisition processing.
- the user device 1 holds confidential information w (S10).
- S11 the user device 1 generates a prime number p.
- all operations in the following description are modulo operations of a prime number p, but to simplify the explanation, the fact that they are modulo operations, that is, the notation of "mod p" (congruent expression) is omitted. do.
- mod p congruent expression
- the present disclosure shows an implementation based on the discrete logarithm problem, those skilled in the art will understand that implementations based on different difficulties, such as the discrete logarithm problem on an elliptic curve, are also possible without replacing the role of the device. It is about to be done.
- the user device 1 In S12, the user device 1 generates N ⁇ M generators g nm equal to the number of complaints to be obtained. Note that all generators g nm have different values. The generator g nm can be generated randomly, for example, without regularity. In addition, the user device 1 may record the generators used in the past and select them without duplication.
- the user device 1 transmits to CP#1 a complaint generation request including the prime number p, the generators g 11 to g 1M , and the comments com 11 to com 1M .
- CP#1 generates a total of M claims VC#11 to VC#1M in response to the claim generation request.
- Claim VC#1m includes a prime number p, a generator g 1m , and a commitment com 1m , in addition to the user's private information guaranteed by CP#1.
- Claim VC#1m may also include a signature generated with CP#1's private key.
- CP#1 transmits the generated claims VC#11 to VC#1M to the user equipment 1 in S15.
- the user device 1 stores the received claims VC#11 to VC#1M.
- the user device 1 transmits a complaint generation request to CP#2 in S16.
- This claim generation request includes a prime number p, generators g 21 to g 2M and comments com 21 to com 2M .
- CP#2 generates a total of M claims VC#21 to VC#2M in response to the claim generation request.
- Claim VC#2m includes a prime number p, a generator g 2m , and a commitment com 2m , in addition to the user's personal information guaranteed by CP#2.
- Claim VC#2m may also include a signature generated with CP#2's private key.
- CP#2 transmits the generated claims VC#21 to VC#2M to the user equipment 1 in S17.
- the user device 1 stores the received claims VC#21 to VC#2M. In the same way, the user device 1 repeatedly transmits a complaint generation request to each CP and obtains M complaints. Therefore, the user device 1 obtains N ⁇ M complaints at the end of S19.
- processing up to S13 in FIG. 4 can be performed at any timing before acquiring the complaint, not when acquiring the complaint.
- the generated value is saved in the user device 1 .
- the user device 1 generates a value r in S20.
- the user device 1 can randomly generate the value r. Since it is desirable to select a value that has never been used for RP#m as the value r, the user device 1 may record the used value r and select it so that there is no duplication. Below, the value r is also written as a random value r. Subsequently, in S21, the user device 1 obtains a proof based on the random value r. The proof contains values x and values c.
- Hash( ⁇ ) is an arbitrary hash function assuming a random oracle.
- the user device 1 notifies RP#m of the proof, that is, the value x and the value c together with the claim VC#nm.
- VC#nm includes com nm , g nm and p.
- the hash function used in S23 is the same as the hash function used in S21.
- the hash function used in S21 and S23 is determined by either the user device 1 or RP#m and notified to the other by an arbitrary method.
- RP#m compares Z and x in S24.
- the user device 1 has obtained a total of M claims from CP#1, VC#11 to VC#1M.
- the user device 1 presents the claim obtained from CP#1 to RP#1, the user device 1 can select any one of VC#11 to VC#1M. That is, the user device 1 can present VC#12 or VC#1M instead of VC#11 to CP#1.
- the claim of this embodiment is not associated with the DID, but is associated with the commitment com included in the claim, and the Schnorr protocol that applies the Fiat-Shamir Heuristic based on the commitment com and proofs (x and c), That is, it is for determining whether or not the owner is the rightful owner by non-interactive zero-knowledge proof (NIZK).
- NIZK non-interactive zero-knowledge proof
- the claim acquisition process and the claim presentation process can be made independent of each other.
- the information presented to RP3 for authentication is a value generated based on a different value generator g and a random value r. difficult.
- the information that the user device 1 should hold secret is only the secret information w, and the amount of information is small.
- the user device 1 has acquired N ⁇ M complaints in advance, but this is an example, and the number of complaints that the user device 1 acquires in advance from each CP 2 is arbitrary.
- the user device 1 can determine the number of complaints to be obtained in advance from each CP 2 according to the number (or expected number) of submission destinations of personal information guaranteed by each CP 2 .
- the user device 1 can acquire a total of five complaints in advance, three complaints from CP#1 and two complaints from CP#2. Further, after that, the user device 1 can pre-acquire any number of complaints from each CP 2 as necessary.
- the user device 1 controls the random value r generated in S20 of FIG. 5 so as to be different from the value used in the past. This is because if the random value r is the same, the proof value will also be the same, and spoofing is possible. For this reason, if the random value r generated in S20 is the same as the value used when presenting the same complaint to the same RP3 in the past, the user device 1 generates a value different from the value used in the past. The generation of the random value r is repeated until .
- RP3 is also configured to reject authentication if the same claims submitted in the past are presented and the value of the proof presented is the same as that presented in the past. .
- RP3 can be configured to notify the user device 1 of doubts instead of rejecting authentication even when the same claim presented in the past is presented with the same proof.
- the user device 1 does not need to manage the random value r used in the past, and when questioned by the RP3, selects a different random value r and calculates the proof (S21 in FIG. 5). Then, the proof notification (S22 in FIG. 5) is performed again.
- Such a question can be raised if RP3 has been proven to receive the same value of x in the past for the same VC#nm.
- the interactive zero-knowledge proof procedure in which the RP3 notifies the user device 1 of the challenge value chal may be implemented in place of the processing of S22 to S25 or in addition to the processing of S22 to S25.
- the value corresponding to the same secret information w is used to generate all comments.
- FIG. 6 shows a functional block diagram of the user device 1 of each of the above embodiments.
- the functional block shown in FIG. 6 is a device (device) including one or more processors and one or more memory devices, such as a smartphone, tablet, or PC. It can be realized by letting
- the generator management unit 10 generates the generator g.
- the generation source management unit 10 holds the value of the generation source g that was generated in the past and used for the complaint. Manage so as not to generate the element g.
- the generator management unit 10 generates the generator g randomly, for example, so that the generation of the generator g does not have regularity.
- the generation source management unit 10 generates a random value and determines whether or not the value is the same as the value used for complaints in the past. If the generated value is not the same as the value used in the complaint in the past, the origin management unit 10 sets the generated value as a new origin g. On the other hand, if the generated value is the same as the value used in the complaint in the past, the origin management unit 10 selects a value different from the value used in the complaint in the past.
- the random value management unit 11 generates a random value r to be used when presenting the complaint to RP3 (S20 in FIG. 5). In one example, the random value management unit 11 manages and holds the value of the random value r used when presenting the complaint to RP3. When presenting the complaint to RP3, the random value management unit 11 manages the generation of the random value r so as not to use the random value r used when presenting the complaint to RP3 in the past. As described above, the random value management unit 11 can also be configured to regenerate the random value r when the RP 3 notifies of doubts about the proof.
- the prime number management unit 12 generates and holds a prime number p.
- the complaint acquisition unit 13 performs processing for requesting complaints from each CP 2 and acquiring the complaints. As described above, when acquiring a complaint, the complaint acquiring unit 12 notifies the CP 2 of the prime number p, the generator g, and the commitment com.
- the confidential information holding unit 14 holds confidential information w
- the complaint holding unit 15 stores the complaint obtained from CP2 in a memory device.
- the complaint itself can be stored not only in the memory device inside the user device 1 but also in the memory device of a device external to the user device 1 .
- An external device may be a peripheral device connectable to the user device 1 .
- the external device may be a device that can communicate with the user device 1 via the network 4 .
- the complaint holding unit 15 stores the complaint in the internal or external storage device of the user device 1 .
- the complaint presentation unit 16 presents complaints to RP3. As described above, the complaint presenting section 15 presents the proof (x, c) to RP3 together with the complaint.
- the calculation unit 17 calculates the commitment com and the values x and c. In the case of the second embodiment, the calculation unit 17 also generates derived secret information based on the secret information w and the generator g.
- the communication unit 18 performs communication processing with CP2 and RP3 via the network 4 .
- the user device 1 can be realized by a program that causes the device to operate as the user device 1 when executed by one or more processors of a device having one or more processors.
- These computer programs can be stored on non-transitory computer-readable storage media or distributed via networks.
- the user device 1 is a device independent of the CP2 and RP3 (for example, the functions of the user device 1 are implemented as an application installed in a smartphone or a personal computer).
- the functions of the user device 1 are implemented as an application installed in a smartphone or a personal computer.
- a configuration in which part of the functions of the user device 1 are arranged in CP2 or RP3 is also possible.
- CP2 when CP2 is implemented as a system including a web application server, all the functions of the user device 1 are also implemented on the CP2 side, and the processes of the functions of the user device 1 implemented on the CP2 side and the original A configuration may be adopted in which the processes of the functions implemented by the CP2 are executed independently in an inaccessible state, and the information on the user device 1 and the generated information are stored by the CP2 as information for each user. It should be noted that if some functions remain on the user side, they can be implemented as plug-ins for web browsers.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
図3は、本実施形態によるシステムの構成図である。ユーザ装置1、複数のCP2及び複数のRP3は、ネットワーク4に接続される。ユーザ装置1は、複数のCP2及び複数のRP3と、ネットワーク4を介して通信可能な様に構成される。図1において、CP2の数はN(Nは1以上の整数)であり、RP3の数はM(Mは1以上の整数)である。なお、以下の説明において個々のCP2を区別する場合には、CP#n(nは1からNまでの整数)と表記し、個々のRP3を区別する場合には、RP#m(mは1からMまでの整数)と表記する。ユーザ装置1は、そのユーザの操作に応じてCP2からクレームを取得して保存する。また、ユーザ装置1は、そのユーザの操作に応じて保存しているクレームをRP3に提示する。図3において、CP2とRP3との組み合わせ数はN×Mであり、以下の説明では、一例として、ユーザ装置1がN×M個のクレームを事前に取得するものとする。なお、ユーザ装置は、各CP3からM個のクレームを取得する。
Z=gnm c*cоmnm Hash(x)
=gnm r-w*Hash(x)*gnm w*Hash(x)
=gnm r
=x
となる。
続いて、第二実施形態について第一実施形態との相違点を中心に説明する。第一実施形態において、ユーザ装置1は、コミットメントcоmnmをcоmnm=gnm wとして生成していた。つまり、総てのコメントメントの生成に同じ秘密情報wに対応する値を使用していた。本実施形態では、コミットメントcоmnmを生成するために、ユーザ装置1は、まず、秘密情報wに基づき派生秘密情報w#nmを、w#nm=Hash(w;gnm)として求める。なお、このハッシュ関数は、図5の処理で使用するハッシュ関数とは異なり得る。そして、ユーザ装置1は、コミットメントcоmnmをcоmnm=gnm w#nmで求める。したがって、ユーザ装置1は、図5の値cの計算においても秘密情報wの代わりに派生秘密情報w#nmを使用する。生成元gnmの値は総て異なるため、派生秘密情報w#nmの値も異なる。これにより、秘密情報wの値を乱雑にし、名寄せを行うことをより難しくすることができる。
上記各実施形態のユーザ装置1の機能ブロック図を図6に示す。図6に示す機能ブロックは、1つ以上のプロセッサと、1つ以上のメモリデバイスと、を備えたスマートフォン、タブレット、PC等の装置(デバイス)の前記1つ以上のプロセッサに適切なプログラムを実行させることで実現され得る。
Claims (8)
- 秘密情報を保持する保持手段と、
生成元を生成する生成手段と、
前記生成元と前記秘密情報とに基づき前記生成元に対応するコミットメントを求める演算手段と、
前記生成元と前記生成元に対応するコミットメントとを含む取得要求を第1外部装置に送信することで、前記生成元と前記生成元に対応するコミットメントとを含む検証可能なクレーム(VC)を取得する取得手段と、
を備え、
前記取得手段が新しい前記VCを取得するために使用する前記生成元の値は、前記取得手段が過去に前記VCを取得するために使用した前記生成元の値とは異なる、ユーザ装置。 - 前記演算手段は、前記生成元の値と前記秘密情報に対応する値とを入力とするハッシュ関数の出力値を求め、当該出力値と当該生成元の値とに基づき当該生成元に対応するコミットメントを求める、請求項1に記載のユーザ装置。
- 前記取得手段が取得した前記VCと共に当該VCのプルーフを第2外部装置に提示する提示手段をさらに備え、
前記VCのプルーフは、第1の値と第2の値とを含み、
前記演算手段は、前記提示手段が提示する前記VCに含まれる前記生成元と第3の値とに基づき前記第1の値を求め、前記第1の値のハッシュ値と、前記第3の値と、前記秘密情報に対応する値と、に基づき前記第2の値を求め、
前記演算手段は、前記提示手段が第1VCを前記第2外部装置に提示する場合において、前記提示手段が前記第1VCを前記第2外部装置に過去に提示していた場合、前記第1の値及び前記第2の値を求めるために使用する前記第3の値を、前記第1VCを前記第2外部装置に過去に提示した際に使用した前記第3の値とは異ならせる、請求項1又は2に記載のユーザ装置。 - ユーザ装置と、1つ以上の第1外部装置と、を含むシステムであって、
前記ユーザ装置は、
秘密情報を保持する保持手段と、
生成元を生成する生成手段と、
前記生成元と前記秘密情報とに基づき前記生成元に対応するコミットメントを求める演算手段と、
前記1つ以上の第1外部装置の内の少なくとも1つの第1外部装置に、1つ以上の生成元と前記1つ以上の生成元それぞれに対応するコミットメントとを含む取得要求を送信する第1送信手段と、
を備え、
前記1つ以上の第1外部装置は、
前記取得要求を受信したことに応答して、前記ユーザ装置に、受信した前記取得要求に含まれる前記1つ以上の生成元それぞれに対応する検証可能なクレーム(VC)を送信する第2送信手段であって、前記生成元に対応するVCは、当該生成元と、当該生成元に対応するコミットメントと、を含む、前記第2送信手段を、
備え、
前記第1送信手段が前記少なくとも1つの第1外部装置に送信する前記取得要求に含まれる前記1つ以上の生成元の値は互いに異なり、かつ、前記第1送信手段が過去に送信した前記取得要求に含まれていた前記1つ以上の生成元の値とは異なる、システム。 - 1つ以上の第2外部装置をさらに備え、
前記ユーザ装置は、
前記少なくとも1つの第1外部装置に送信した前記取得要求の応答として取得したVCと共に、第1の値及び第2の値を含む当該VCのプル―プを前記1つ以上の第2外部装置の内の1つの第2外部装置に提示する提示手段をさらに備え、
前記1つ以上の第2外部装置は、
前記ユーザ装置から前記VCと共に前記VCのプルーフが提示された場合、前記VCに含まれる前記生成元及び前記コミットメントと、前記プルーフとに基づき、前記ユーザ装置のユーザが当該VCの所有者であるか否かを判定する判定手段を備え、
前記第1の値は、前記1つの第2外部装置に提示する前記VCに含まれる前記生成元と第3の値とに基づく値であり、前記第2の値は、前記第1の値のハッシュ値と、前記第3の値と、前記秘密情報に対応する値と、に基づく値である、請求項4に記載のシステム。 - ユーザ装置における方法であって、
第1外部装置に、1つ以上の生成元と前記1つ以上の生成元それぞれに対応するコミットメントとを含む取得要求を送信することであって、生成元に対応するコミットメントは、当該生成元と前記ユーザ装置が保持する秘密情報とに基づき生成されている、前記取得要求を送信することと、
前記取得要求を送信したことの応答として、前記第1外部装置から、前記1つ以上の生成元それぞれに対応する検証可能なクレーム(VC)を受信することであって、前記生成元に対応するVCは、当該生成元と、当該生成元に対応するコミットメントと、を含む、前記VCを受信することと、
を含み、
前記取得要求に含まれる前記1つ以上の生成元それぞれの値は互いに異なり、かつ、前記ユーザ装置が過去に送信した前記取得要求に含まれていた前記1つ以上の生成元の値とは異なる、方法。 - 前記1つ以上の生成元それぞれに対応するVCの内の1つのVCと、当該1つのVCに対応するプルーフと、を第2外部装置に送信することをさらに含み、
前記1つのVCに対応するプルーフは、当該1つのVCに含まれる前記生成元及びランダム値に基づく第1の値と、前記第1の値のハッシュ値、前記ランダム値及び前記秘密情報に対応する値に基づく第2の値と、を含む、請求項6に記載の方法。 - ユーザ装置が、第1外部装置に、1つ以上の生成元と前記1つ以上の生成元それぞれに対応するコミットメントとを含む取得要求を送信することであって、生成元に対応するコミットメントは、当該生成元と前記ユーザ装置が保持する秘密情報とに基づき生成されている、前記取得要求を送信することと、
前記取得要求を受信したことに応答して、前記第1外部装置が、前記ユーザ装置に、前記1つ以上の生成元それぞれに対応する検証可能なクレーム(VC)を送信することであって、前記生成元に対応するVCは、当該生成元と、当該生成元に対応するコミットメントと、を含む、前記VCを送信することと、
前記ユーザ装置が、前記1つ以上の生成元それぞれに対応するVCの内の1つのVCと、当該1つのVCに対応するプルーフと、を第2外部装置に送信することと、
前記第2外部装置が、前記1つのVCに含まれる前記生成元及び前記コミットメントと、前記1つのVCに対応するプルーフとに基づき、前記ユーザ装置のユーザが当該1つのVCの所有者であるか否かを判定することと、を含み、
前記取得要求に含まれる前記1つ以上の生成元それぞれの値は互いに異なり、かつ、前記ユーザ装置が過去に送信した前記取得要求に含まれていた前記1つ以上の生成元の値とは異なり、
前記1つのVCに対応するプルーフは、当該1つのVCに含まれる前記生成元及びランダム値に基づく第1の値と、前記第1の値のハッシュ値、前記ランダム値及び前記秘密情報に対応する値に基づく第2の値と、を含む、方法。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202280047786.5A CN117643011A (zh) | 2021-07-06 | 2022-06-28 | 一种获取可验证声明的用户装置、包含该用户装置的系统以及获取可验证声明的方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021112290A JP2023008607A (ja) | 2021-07-06 | 2021-07-06 | 検証可能なクレームを取得するユーザ装置、当該ユーザ装置を含むシステム及び検証可能なクレームを取得する方法 |
JP2021-112290 | 2021-07-06 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023282129A1 true WO2023282129A1 (ja) | 2023-01-12 |
Family
ID=84801593
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2022/025806 WO2023282129A1 (ja) | 2021-07-06 | 2022-06-28 | 検証可能なクレームを取得するユーザ装置、当該ユーザ装置を含むシステム及び検証可能なクレームを取得する方法 |
Country Status (3)
Country | Link |
---|---|
JP (1) | JP2023008607A (ja) |
CN (1) | CN117643011A (ja) |
WO (1) | WO2023282129A1 (ja) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150319164A1 (en) * | 2012-03-01 | 2015-11-05 | Certicom Corp. | System and method for connecting client devices to a network |
US20170357816A1 (en) * | 2016-06-12 | 2017-12-14 | Apple Inc. | Hierarchical Encryption of Data |
WO2021033262A1 (ja) * | 2019-08-20 | 2021-02-25 | 日本電信電話株式会社 | ユーザクレデンシャル制御システムおよびユーザクレデンシャル制御方法 |
CN113065868A (zh) * | 2021-04-01 | 2021-07-02 | 湖南大学 | 供应链企业金融数字身份管理方法及系统、设备、介质 |
-
2021
- 2021-07-06 JP JP2021112290A patent/JP2023008607A/ja active Pending
-
2022
- 2022-06-28 CN CN202280047786.5A patent/CN117643011A/zh active Pending
- 2022-06-28 WO PCT/JP2022/025806 patent/WO2023282129A1/ja active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150319164A1 (en) * | 2012-03-01 | 2015-11-05 | Certicom Corp. | System and method for connecting client devices to a network |
US20170357816A1 (en) * | 2016-06-12 | 2017-12-14 | Apple Inc. | Hierarchical Encryption of Data |
WO2021033262A1 (ja) * | 2019-08-20 | 2021-02-25 | 日本電信電話株式会社 | ユーザクレデンシャル制御システムおよびユーザクレデンシャル制御方法 |
CN113065868A (zh) * | 2021-04-01 | 2021-07-02 | 湖南大学 | 供应链企业金融数字身份管理方法及系统、设备、介质 |
Also Published As
Publication number | Publication date |
---|---|
JP2023008607A (ja) | 2023-01-19 |
CN117643011A (zh) | 2024-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20200349252A1 (en) | Program execution and data proof scheme using multiple key pair signatures | |
CN113098838B (zh) | 一种可信分布式身份认证方法、系统、存储介质及应用 | |
Guo et al. | Outsourced dynamic provable data possession with batch update for secure cloud storage | |
KR102267735B1 (ko) | 영지식 증명을 이용한 탈중앙화 신원증명 시스템 및 방법 | |
CN101981890B (zh) | 安全工作组管理和通信的系统和方法 | |
JP4639084B2 (ja) | セキュア認証の暗号方法および暗号装置 | |
US20210243026A1 (en) | Password based threshold token generation | |
US20080091941A1 (en) | Group Signature System, Member Status Judging Device, Group Signature Method And Member Status Judging Program | |
US9882890B2 (en) | Reissue of cryptographic credentials | |
Hohenberger et al. | ANONIZE: A large-scale anonymous survey system | |
CN110365662B (zh) | 业务审批方法及装置 | |
WO2019047418A1 (zh) | 数字签名方法、装置和系统 | |
CN107248997B (zh) | 多服务器环境下基于智能卡的认证方法 | |
Abe et al. | Universally composable adaptive oblivious transfer (with access control) from standard assumptions | |
CN112332980B (zh) | 一种数字证书签发和验签方法、设备及存储介质 | |
Mandal | Provably secure certificateless protocol for wireless body area network | |
CN113112268A (zh) | 匿名多重签名方法、计算机设备和存储介质 | |
WO2023282129A1 (ja) | 検証可能なクレームを取得するユーザ装置、当該ユーザ装置を含むシステム及び検証可能なクレームを取得する方法 | |
Wang et al. | Anonymous single sign-on schemes transformed from group signatures | |
CN111314059B (zh) | 账户权限代理的处理方法、装置、设备及可读存储介质 | |
EP4252384B1 (en) | Methods, devices and system related to a distributed ledger and user identity attribute | |
CN115622812A (zh) | 基于区块链智能合约的数字身份验证方法及系统 | |
CN113112269B (zh) | 多重签名方法、计算机设备和存储介质 | |
Ohtake et al. | An efficient strong key-insulated signature scheme and its application | |
Frederiksen et al. | Attribute-based single sign-on: Secure, private, and efficient |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22837545 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202280047786.5 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18576945 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 22837545 Country of ref document: EP Kind code of ref document: A1 |