US 12,170,721 B2
Method for controlling validity of an attribute
Mourad Faher, Marly le Roi (FR); and Gérald Maunier, Sanary (FR)
Assigned to THALES DIS FRANCE SAS, Meudon (FR)
Appl. No. 17/768,239
Filed by THALES DIS FRANCE SAS, Meudon (FR)
PCT Filed Sep. 28, 2020, PCT No. PCT/EP2020/077039
§ 371(c)(1), (2) Date Apr. 12, 2022,
PCT Pub. No. WO2021/073855, PCT Pub. Date Apr. 22, 2021.
Claims priority of application No. 19306364 (EP), filed on Oct. 18, 2019.
Prior Publication US 2024/0121078 A1, Apr. 11, 2024
Int. Cl. H04L 9/06 (2006.01); H04L 9/00 (2022.01); H04L 9/32 (2006.01)
CPC H04L 9/0643 (2013.01) [H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] 14 Claims
OG exemplary drawing
 
1. A computer-implemented method for controlling validity of an attribute allocated to a user, a first device comprising a memory that stores a hash tree including a reference root node,
characterized in that an issuing authority having agreed to generate a signature of said reference root node after having successfully checked that the attribute is valid, in that a first hash computed by applying a hash algorithm to said attribute is stored in a leaf node belonging to said hash tree, in that the structure of said hash tree is defined in a template stored in said memory, said template specifying what attribute is used to build the hash comprised in each leaf node of the hash tree, in that said attribute and the signature are stored in said memory and in that the method comprises the steps:
the first device identifies a subset of nodes by using said template, said subset comprising, for all paths of the hash tree that do not comprise said leaf node, the node which is the closest to the reference root node and which does not belong to the path comprising said leaf node,
the first device provides a verifier device with said reference root node, said signature, said attribute and said subset,
the verifier device computes a test hash by using said attribute then computes a test root node by applying a preset rule to said test hash and said subset, and
the verifier device performs a verification by checking that said test root node and reference root node are equal and that the signature is valid using a data whose authenticity is certified by the issuing authority and considers the attribute as being valid only in case of successful verification.