A computing device typically identifies itself by exhibiting unique measurable behavior or by proving its knowledge of a secret. In both cases, the identifying device must reveal information to a verifier. Considerable research has focused on protecting identifying entities (provers) and reducing the amount of leaked data. However, little has been done to conceal the fact that the verification occurred. We show how this problem naturally arises in the context of digital emblems, which were recently proposed by the International Committee of the Red Cross to protect digital resources during cyber-conflicts. To address this new and important open problem, we define a new primitive, called an Oblivious Digital Token (ODT) that can be verified obliviously. Verifiers can use this procedure to check whether a device has an ODT without revealing to any other parties (including the device itself) that this check occurred. We demonstrate the feasibility of ODTs and present a concrete construction that provably meets the ODT security requirements, even if the prover device's software is fully compromised. We also implement a prototype of the proposed construction and evaluate its performance, thereby confirming its practicality.

翻译：计算设备通常通过展示独特的可测量行为或证明其掌握某个秘密来标识自身。在这两种情况下，标识设备都必须向验证方披露信息。现有研究大量集中于保护标识实体（证明方）并减少数据泄露量，然而对于隐藏验证行为发生这一事实的关注却很少。我们展示了该问题如何在国际红十字委员会近期为网络冲突期间保护数字资源而提出的数字徽章场景中自然产生。为解决这一重要且新颖的开放性问题，我们定义了一种称为不可感知数字令牌（ODT）的新型密码学原语，该令牌可被不可感知地验证。验证方可利用此流程检查设备是否持有ODT，同时确保任何其他方（包括设备自身）都无法察觉此次验证的发生。我们证明了ODT的可行性，并提出了一种具体构造方案，该方案可证明满足ODT的安全要求，即使证明方设备的软件完全被攻陷仍能保持安全。我们还实现了所提构造的原型系统并评估其性能，从而验证了其实用性。