Extended Inter-Device Digital Rights Sharing and Transfer Based on Device-Owner Equality Verification Using Homomorphic Encryption

Yoshihiko OMORI  Takao YAMASHITA  

IEICE TRANSACTIONS on Information and Systems   Vol.E103-D   No.6   pp.1339-1354
Publication Date: 2020/06/01
Publicized: 2020/03/13
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2019EDP7163
Type of Manuscript: PAPER
Category: Information Network
authentication,  authorization,  Internet of things (IoT),  PKI,  digital rights sharing,  digital rights transfer,  FIDO,  biometrics authentication,  

Full Text: PDF>>
Buy this Article

In this paper, we propose homomorphic encryption based device owner equality verification (HE-DOEV), a new method to verify whether the owners of two devices are the same. The proposed method is expected to be used for credential sharing among devices owned by the same user. Credential sharing is essential to improve the usability of devices with hardware-assisted trusted environments, such as a secure element (SE) and a trusted execution environment (TEE), for securely storing credentials such as private keys. In the HE-DOEV method, we assume that the owner of every device is associated with a public key infrastructure (PKI) certificate issued by an identity provider (IdP), where a PKI certificate is used to authenticate the owner of a device. In the HE-DOEV method, device owner equality is collaboratively verified by user devices and IdPs that issue PKI certificates to them. The HE-DOEV method verifies device owner equality under the condition where multiple IdPs can issue PKI certificates to user devices. In addition, it can verify the equality of device owners without disclosing to others any privacy-related information such as personally identifiable information and long-lived identifiers managed by an entity. The disclosure of privacy-related information is eliminated by using homomorphic encryption. We evaluated the processing performance of a server needed for an IdP in the HE-DOEV method. The evaluation showed that the HE-DOEV method can provide a DOEV service for 100 million users by using a small-scale system in terms of the number of servers.