algorithm - Cryptography: Digital Signing of Virtual Good Ownership? -


suppose have multi-user system whereby:

  • a central authority (c) can create , issue virtual (zk) own ownership.
  • the owner (xi) of (zk) can transfer ownership user (xj).
  • a user (xi) can claim own (zk), , should verifiable.

so example:

  1. c creates 2 virtual goods, z1 , z2. (and has never created z3)
  2. c transfers ownership of z1 user x1
  3. x1 transfers ownership of z1 x2

the following claims should test true:

  • x2 claims own z1
  • c claims own z2

the following claims should test false:

  • x2 claims own z2 (not owner)
  • x2 claims own z3 (does not exist)
  • x1 claims own z1 (former owner)

here questions:

  • what sketch of architecture of such system?
  • what cryptographic methods use (digital signatures, pki, etc?) , in arrangement?
  • what keys created , given to?
  • what algorithm c uses create zk?
  • what algorithm xi , xj uses transfer ownership?
  • what algorithm xi use generate claim own zk?
  • what algorithm xi use verify claim xj own zk?

digital signatures used verifying message generated sender indeed generated sender. in case use digital signatures verifying generator of product indeed central authority. in case product have digital signature generated ca using there private key, have use ca's public key verification.

transference, gets difficult. party going doing verification. going ca, or party 2 knows party 1 true (and rightful) owner prior purchasing item, or both?

ok, based on comment. think answer have ca in mix. in case have virtual encrypted via symmetric alforithm aes on owner's system until time of use. key decrypt virtual shall never stored (long term) on owners system, rather, passed down ca when requested. ca can hold keys current valid users. how keys stored or calculated talk later.

for user xj verifying item z1 belongs user xi, simple ca signing message made of owners' user id , encrypted copy of item ca private key. since user name included in message, when user xj verifies signature using cas public key, user xj knows valid , owned user xi.

setting of keys: ca should have asymmetric key pair (private , public). each user should have asymmetric key pair. ca share it's public key users, , each user share / public key ca (this can part of account setup of form). user log in ca encrypting unique user id encrypted , signed using user's private key appending public key message. ca decrypts using public key provided (all of processed within ssl setup, or second layer of encryption better protect unique ids). when purchase occurs, ca can create key lets performing hash of users unique id, virtual item's serial number, , ca's private key use symmetric algorithm's input key. ca encrypts item new calculated key, , signs (ca) private asymmetric key. newly encrypted item sent users' system. ca doesnt have store key because know how calculate it, cas private key still protected taking hash of plus other things, , item uniquely encrypted each user.

now decrypt valid item, user logged in, , ca know valid owner of item, key can calculated , ssled down user live decrypt. key never stored on machine though.

now if user doesnt own item tries use copy of valid user's item, 1 of 2 things happen, non-owner user log in , incorrect key item calculated, , item decrypt improperly, of ca can perform auto recognition user doesnt infact own item , there lock item accounts, let valid user's account know trying use there item, etc...

transference: valid user log in , state want transfer item user. @ point item de-associated owner 1, , re-associated owner 2. since ca owns key generation, owner 1 no longer able decrypt item. , indeed @ point of transference, software delete copy on local system of owner 1.

sorry long winded, these types of problems are.


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more