System and method for generating one-time data signatures
First Claim
1. A method for verifying the authenticity of a digital data set D comprising:
- selecting a plurality T of secret values;
for each secret value, computing a representative value as the output of a randomizing function;
computing a public key from the representative values;
computing a document function value of the digital data set;
compiling a set of T authentication code values by computing each authentication code value as an at least pseudo-randomizing functional combination of the document function value and a respective one of the secret values;
timestamping the set of T authentication code values at a signing time t said timestamping being synchronized with physical time, and compiling a time vector having elements corresponding to binary bits of a digital representation of the signing time;
digitally signing the set of authentication code values at the signing time t to yield a first signature;
compiling a selected key vector having a plurality of elements, each element being a respective one of the secret values when the corresponding respective element of the time vector has a first binary value; and
forming a signature of the digital data set to include the set of authentication code values, the first signature, and the selected key vector.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital signature is created for a data set based on a group of one-time secret keys. Revealable, representative values of the secret keys are computed, for example by cryptographic hashing, and an authentication code vector is also formed having elements that cryptographically combine each secret key with a randomizing function of the data set. The vector is timestamped and signed at a signing time. Bits of a binary representation of the signing time are used to select which of the secret values are included in a selected key vector. A signature of the digital data is then compiled to include the set of authentication code values, the signature of the authentication code vector, and the selected key vector. The secret keys thereby become unusable after the signing time.
23 Citations
7 Claims
-
1. A method for verifying the authenticity of a digital data set D comprising:
-
selecting a plurality T of secret values; for each secret value, computing a representative value as the output of a randomizing function; computing a public key from the representative values; computing a document function value of the digital data set; compiling a set of T authentication code values by computing each authentication code value as an at least pseudo-randomizing functional combination of the document function value and a respective one of the secret values; timestamping the set of T authentication code values at a signing time t said timestamping being synchronized with physical time, and compiling a time vector having elements corresponding to binary bits of a digital representation of the signing time; digitally signing the set of authentication code values at the signing time t to yield a first signature; compiling a selected key vector having a plurality of elements, each element being a respective one of the secret values when the corresponding respective element of the time vector has a first binary value; and forming a signature of the digital data set to include the set of authentication code values, the first signature, and the selected key vector. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeGuardtime SA
-
Original AssigneeGuardtime SA
-
InventorsLakk, Henri
-
Primary Examiner(s)Jamshidi, Ghodrat
-
Application NumberUS16/143,244Time in Patent Office447 DaysField of SearchUS Class CurrentCPC Class CodesH04L 9/006 involving public key infras...H04L 9/0869 involving random numbers or...H04L 9/30 Public key, i.e. encryption...H04L 9/3239 involving non-keyed hash fu...H04L 9/3247 involving digital signaturesH04L 9/3297 involving time stamps, e.g....H04L 9/50 using hash chains, e.g. blo...
