Pseudonymized authentication

摘要

An OT or Oblivious Transfer protocol is used to output pseudonym tokens from a list of pseudonym tokens to user entities such that it is possible to obtain pseudonymized authentication by a preceding verification of proof of identity of the respective user entities and marking pseudonym tokens as used as soon as the same are used for authentication by means of the OT protocol after the output.

主权项

1. A system for pseudonymized authentication of user entities, comprising:
a registration location implemented to verify a proof of identity of a user entity and, if the proof of identity of the user entity is successfully verified, to select a pseudonym token out of a subset of unused pseudonym tokens of a set of pseudonym tokens and to issue the selected pseudonym token to the user entity, and a log-on location implemented to perform, with the user entity, an authentication process to authenticate the user entity based on the pseudonym token and, in response to the authentication process of the user entity, to mark the pseudonym token as used, such that the subset of unused pseudonym tokens is reduced by the pseudonym token; wherein the registration location is implemented to select and issue the pseudonym token according to an Oblivious Transfer protocol so that any association between the identity of the user and the selected pseudonym token is unknown to the registration location, the log-on location is implemented to verify, within the authentication process of the user entity based on the pseudonym token, whether the pseudonym token belongs to the subset of unused pseudonym tokens of the set of pseudonym tokens, the log-on location is implemented to not complete the authentication process if the result of the verification is that the pseudonym token does not belong to the subset of unused pseudonym tokens, the log-on location is implemented to complete the authentication process if the result of the verification is that the pseudonym token belongs to the subset of unused pseudonym tokens, so that the subset of unused pseudonym tokens is reduced by the pseudonym token, during a next verification, selection, and issuance of a further pseudonym token with respect to another user and according to the Oblivious Transfer protocol, the registration location is implemented to select the further pseudonym token from the reduced subset of unused pseudonym tokens of the set of pseudonym tokens so that any association between an identity of the another user and the selected further pseudonym token is unknown to the registration location, a computer is programmed to implement the registration location, and at least one computer or a computer network is programmed to implement the log-on location; and the log-on location is implemented to, in order to complete the authentication process, agree with the user entity on access data for future log-on processes.