-
公开(公告)号:AT459930T
公开(公告)日:2010-03-15
申请号:AT06842473
申请日:2006-12-13
Applicant: IBM
Inventor: GROSS THOMAS , PFITZMANN BIRGIT
IPC: G06F21/41
Abstract: The invention relates to a method for providing an identity-related information (IRI) to a requesting entity (50) by means of an identity provider (40). The invention comprises: a first authenticity reference part generation step (IVa), comprising the generation of a first authenticity reference part (art 1) by the identity provider (40); a first authenticity reference communication step (IVb, IVd) between the client application (30) and the identity provider (40) comprising the communication of the first authenticity reference part (art 1); a second authenticity reference part generation step (VI), comprising the generation of a second authenticity reference part (art 2) by the identity provider (40); a second authenticity reference communication step (VIII, IX) between the identity provider (40) and the requesting entity (50) by means of the first communication protocol comprising the communication of the second authenticity reference part (art 2) and in the referrer element the communication of the first authenticity reference part (art 1).
-
公开(公告)号:GB2462012B
公开(公告)日:2012-05-16
申请号:GB0915404
申请日:2009-09-04
Applicant: IBM
Inventor: GROSS THOMAS , CAMENISCH JAN
Abstract: An entity (D) is authenticated to a service provider (C) and/or a transaction is authorized with the entity (D) to the service provider (C) over a small bandwidth channel. The entity (D) pre-computes an identity proof (IDP) dependent on an identity information (CERTu) and a policy (Pc) of the service provider (C). The identity proof (IDP) is transmitted to a transaction authorization service (T). Alternatively, the entity (D) pre-computes the identity proof (IDP) interacting with the transaction authorization service (T). A primary transaction code (TAN) is determined and transmitted to the entity (D). With the entity (D), a secondary transaction code (A) is computed dependent on the primary transaction code (TAN) and is transmitted to the service provider (C). The secondary transaction code (A) is transmitted to the transaction authorization service (T). The secondary transaction code (A) is validated dependent on the primary transaction code (TAN). The transaction authorization service (T) transmits the pre-computed identity proof (IDP) and/or a validation information dependent on a validation result of the validation to the service provider (C). The arrangement allows an anonymous authentication with a service provider using zero-knowledge proof.
-
公开(公告)号:GB2462012A
公开(公告)日:2010-01-27
申请号:GB0915404
申请日:2009-09-04
Applicant: IBM
Inventor: GROSS THOMAS , CAMENISCH JAN
Abstract: An entity (D) is authenticated to a service provider (C) and/or a transaction is authorized with the entity (D) to the service provider (C) over a small bandwidth channel. The entity (D) pre-computes an identity proof (IDP) dependent on an identity information (CERTu) and a policy (Pc) of the service provider (C). The identity proof (IDP) is transmitted to a transaction authorization service (T). Alternatively, the entity (D) pre-computes the identity proof (IDP) interacting with the transaction authorization service (T). A primary transaction code (TAN) is determined and transmitted to the entity (D). With the entity (D), a secondary transaction code (A) is computed dependent on the primary transaction code (TAN) and is transmitted to the service provider (C). The secondary transaction code (A) is transmitted to the transaction authorization service (T). The secondary transaction code (A) is validated dependent on the primary transaction code (TAN). The transaction authorization service (T) transmits the pre-computed identity proof (IDP) and/or a validation information dependent on a validation result of the validation to the service provider (C). The arrangement allows an anonymous authentication with a service provider using zero-knowledge proof.
-
-