Masked digital signatures
First Claim
1. A method of signing and authenticating a message m in a public key data communication system, comprising the steps of:
- in a secure computer system;
(a) generating a first short term private key k;
(b) computing a first short term public key derived from said first short term private key k;
(c) computing a first signature component r by using said first short term public key k;
(d) generating a second short term private key t;
(e) computing a second signature component s by using said second short term private key t on said message m, said long term private key and said first signature component r;
(f) computing a third signature component c using said first and second short term private keys t and k respectively, and sending said signature components (r, s, c) as a masked digital signature of said message m to a receiver computer system;
in said receiver system;
(g) using said second and third signature components (s, c) computing a normal signature component {overscore (s)} and sending said signature components ({overscore (s)}, r) as a normal digital signature to a receiver verifer computer system; and
in said verifier system (h) verifying said normal signature.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to digital signature operations using public key schemes in a secure communications system and in particular for use with processors having limited computing power such as ‘smart cards’. This invention describes a method for creating and authenticating a digital signature comprising the steps of selecting a first session parameter k and generating a first short term public key derived from the session parameter k, computing a first signature component r derived from a first mathematical function using the short term public key, selecting a second session parameter t and computing a second signature component s derived from a second mathematical function using the second session parameter t and without using an inverse operation, computing a third signature component using the first and second session parameters and sending the signature components (s, r, c) as a masked digital signature to a receiver computer system. In the receiver computer system computing a recovered second signature component s'"'"' by combining a third signature component with the second signature component to derive signature components (s′, r) as an unmasked digital signature. Verifying these signature components as in a usual ElGamal or ECDSA type signature verification.
76 Citations
11 Claims
-
1. A method of signing and authenticating a message m in a public key data communication system, comprising the steps of:
-
in a secure computer system;
(a) generating a first short term private key k;
(b) computing a first short term public key derived from said first short term private key k;
(c) computing a first signature component r by using said first short term public key k;
(d) generating a second short term private key t;
(e) computing a second signature component s by using said second short term private key t on said message m, said long term private key and said first signature component r;
(f) computing a third signature component c using said first and second short term private keys t and k respectively, and sending said signature components (r, s, c) as a masked digital signature of said message m to a receiver computer system;
in said receiver system;
(g) using said second and third signature components (s, c) computing a normal signature component {overscore (s)} and sending said signature components ({overscore (s)}, r) as a normal digital signature to a receiver verifer computer system; and
in said verifier system(h) verifying said normal signature. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of generating a digital signature S of a message in a data communication system, wherein the signor of the message has a private key d and a public key y derived from an element g and said private key d, said method comprising the steps of:
-
(a) generating a short term private key k;
(b) computing a first short term public key derived from said short term private key k;
(c) computing a first signature component r by using said first short term public key k;
(d) generating a second short term private key t;
(e) computing a second signature component s by using said second short term private key t on said message m, said long term private key and first signature component r;
(f) computing a third signature component c using said first and second short term private keys t and k respectively;
(g) sending said signature components (r, s, c) as a masked digital signature of said message m to a receiver computer system. - View Dependent Claims (8, 9)
-
-
10. A processing means for assigning a message m without performing inversion operations and including a long term private key contained within a secure boundary and a long term public key derived from said private key and a generator of predetermined order in a field, said processing means comprising:
-
within said secure boundary;
means for generating a first short term private key;
means for generating a second short term private key;
means for generating a first signature component using at least said second short term session key; and
generating a masked signature component using said first and second short term session keys to produce masked signature components of said message m. - View Dependent Claims (11)
-
Specification
-
- Resources
-
Current AssigneeCerticom Corporation (Blackberry Limited)
-
Original AssigneeCerticom Corporation (Blackberry Limited)
-
InventorsJohnson, Donald B., Vanstone, Scott A., Ou, Minghua
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/170
-
CPC Class CodesG06Q 20/341 Active cards, i.e. cards in...G06Q 20/40975 using encryption thereforG07F 7/1008 Active credit-cards provide...H04L 2209/04 Masking or blindingH04L 9/3066 involving algebraic varieti...H04L 9/3247 involving digital signaturesH04L 9/3252 using DSA or related signat...
