Implicitly certified public keys

US 10,148,422 B2
Filed: 05/04/2012
Issued: 12/04/2018
Est. Priority Date: 06/10/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing an implicit certificate associated with an entity and generated by a subordinate certificate authority that is subordinate to a root certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;

accessing subordinate certificate authority public key information associated with the subordinate certificate authority;

accessing root certificate authority public key information associated with the root certificate authority;

generating a first value based on evaluating a hash function, wherein evaluating the hash function produces a hash function output from hash function inputs comprising the subordinate certificate authority public key information, the root certificate authority public key information, and the public key reconstruction value of the entity; and

generating a public key value of the entity based on the first value.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value.

18 Citations

18 Claims

1. A method comprising:
- accessing an implicit certificate associated with an entity and generated by a subordinate certificate authority that is subordinate to a root certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing subordinate certificate authority public key information associated with the subordinate certificate authority;
  
  accessing root certificate authority public key information associated with the root certificate authority;
  
  generating a first value based on evaluating a hash function, wherein evaluating the hash function produces a hash function output from hash function inputs comprising the subordinate certificate authority public key information, the root certificate authority public key information, and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the subordinate certificate authority comprises a first subordinate certificate authority that is intermediate the root certificate authority and a second certificate authority, the entity comprises the second subordinate certificate authority, and the implicit certificate is based on a chain of implicit certificates.
  - 3. The method of claim 1, wherein the entity comprises a correspondent.
  - 4. The method of claim 1, wherein generating the public key value comprises at least one of:
    - validating the public key value;
      
      orusing the public key value to verify a digital signature from the entity.
  - 5. The method of claim 1, wherein generating the public key value comprises evaluating a cryptographic function that uses the public key value.
  - 6. The method of claim 5, wherein evaluating the cryptographic function does not explicitly compute the public key value.
  - 7. The method of claim 1, wherein the first value and the public key value are generated by the entity.
  - 8. The method of claim 1, wherein the first value and the public key value are generated by the subordinate certificate authority.
  - 9. The method of claim 1, wherein the first value and the public key value are generated by a second, different entity that relies on the public key value.
  - 10. The method of claim 1, wherein the subordinate certificate authority public key information comprises at least one of a public key value of the subordinate certificate authority or a public key reconstruction value of the subordinate certificate authority.

11. A non-transitory computer-readable medium storing instructions that are operable when executed by data processing apparatus to perform operations comprising:
- accessing an implicit certificate associated with an entity and generated by a subordinate certificate authority that is subordinate to a root certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing subordinate certificate authority public key information associated with the subordinate certificate authority;
  
  accessing root certificate authority public key information associated with the root certificate authority;
  
  generating a first value based on evaluating a hash function, wherein evaluating the hash function produces a hash function output from hash function inputs comprising the subordinate certificate authority public key information, the root certificate authority public key information, and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (12, 13, 14)
- - 12. The computer-readable medium of claim 11, wherein the subordinate certificate authority comprises a first subordinate certificate authority that is intermediate the root certificate authority and a second certificate authority, the entity comprises the second subordinate certificate authority, and the implicit certificate is based on a chain of implicit certificates.
  - 13. The computer-readable medium of claim 11, wherein generating the public key value comprises at least one of:
    - validating the public key value;
      
      orusing the public key value to verify a digital signature generated by the entity.
  - 14. The computer-readable medium of claim 11, wherein generating the public key value comprises evaluating a cryptographic function that uses the public key value, and evaluating the cryptographic function does not explicitly compute the public key value.

15. A computing system comprising:
- memory; and
  
  one or more processors operable to perform operations, the operations comprising;
  
  accessing an implicit certificate associated with an entity and generated by a subordinate certificate authority that is subordinate to a root certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing subordinate certificate authority public key information associated with the subordinate certificate authority;
  
  accessing root certificate authority public key information associated with the root certificate authority;
  
  generating a first value based on evaluating a hash function, wherein evaluating the hash function produces a hash function output from hash function inputs comprising the subordinate certificate authority public key information, the root certificate authority public key information, and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (16, 17, 18)
- - 16. The computing system of claim 15, wherein the one or more processors are operable to perform the operations of a signature generation module.
  - 17. The computing system of claim 15, wherein the one or more processors are operable to perform the operations of a signature verification module.
  - 18. The computing system of claim 15, wherein the one or more processors are operable to perform the operations of certificate generation module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Zaverucha, Gregory Marc, Kravitz, David William, Brown, Daniel Richard L.
Primary Examiner(s)
Wang, Harris C

Application Number

US13/463,965
Publication Number

US 20120314856A1
Time in Patent Office

2,405 Days
Field of Search

713155-159, 713176
US Class Current
CPC Class Codes

H04L 9/007   involving hierarchical stru...

H04L 9/3066   involving algebraic varieti...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Implicitly certified public keys

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Implicitly certified public keys

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links