Method of establishing secure communications in a digital network using pseudonymic digital identifiers
First Claim
1. A method of establishing a secure communication in a digital communications network having a hierarchical arrangement of certificate servers, comprising the steps of:
- generating a first private/public key pair in a root certificate server;
issuing a digital certificate for a public key portion of said first private/public key pair signed by said root certificate server and identified by a digital identifier associated with said root certificate server;
generating additional private/public key pairs in subordinate entities and associating public key portions of said additional private/public key pairs with pseudonymic digital identifiers associated with said respective subordinate entities; and
, issuing additional digital certificates binding said pseudonymic digital identifiers of said subordinate entities to the public key portion of their respective private/public key pairs from certificate servers that are in parental relationship to said subordinate entities, said additional digital certificates having a digital certificate identifier containing the pseudonymic digital identifier of the certified subordinate entity and the identifier of said certificate server issuing the additional digital certificate.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method of relating a public key to a compact identification string in a digital certificate to enable an entity to construct a certificate chain from a root certificate authority to an end-entity efficiently and further allow a certificate holder to store only its identifier, thus providing privacy protection, and present this in place of a digital certificate for authentication rather than storing and presenting its certificate or a chain of certificates representing the certificate path up to the root certificate authority. In a preferred embodiment, the certificate authority generates unique identifier for each certificate consisting its pseudonym concatenated with the pseudonyms of other sub-certificate authorities in the certificate chain between it and the certificate holder, concatenated with certificate holder'"'"'s pseudonym. The pseudonyms are generated by the entity known by the pseudonym or the entity certifying a binding between the pseudonym and the entity'"'"'s public key.
-
Citations
17 Claims
-
1. A method of establishing a secure communication in a digital communications network having a hierarchical arrangement of certificate servers, comprising the steps of:
-
generating a first private/public key pair in a root certificate server;
issuing a digital certificate for a public key portion of said first private/public key pair signed by said root certificate server and identified by a digital identifier associated with said root certificate server;
generating additional private/public key pairs in subordinate entities and associating public key portions of said additional private/public key pairs with pseudonymic digital identifiers associated with said respective subordinate entities; and
,issuing additional digital certificates binding said pseudonymic digital identifiers of said subordinate entities to the public key portion of their respective private/public key pairs from certificate servers that are in parental relationship to said subordinate entities, said additional digital certificates having a digital certificate identifier containing the pseudonymic digital identifier of the certified subordinate entity and the identifier of said certificate server issuing the additional digital certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of establishing a secure communication in a digital communications network having a hierarchical arrangement of a certificate servers wherein higher level certificate servers issue digital certificates for certificate servers lower in the hierarchy, comprising the steps of:
-
generating a first private/public key pair in a root certificate server;
issuing a digital certificate for a public key portion of said first private/public key pair signed by said root certificate server and identified by a digital identifier associated with said root certificate server;
generating additional private/public key pairs in subordinate certificate servers and associating public key portions of said additional private/public key pairs with pseudonymic digital identifiers associated with said respective subordinate certificate servers; and
,issuing additional digital certificates binding said pseudonymic digital identifiers of said subordinate certificate servers to the public key portion of their respective private/public key pairs from certificate servers that are in parental relationship to said subordinate entities, said additional digital certificates having a digital certificate identifier containing the pseudonymic digital identifier of the certified subordinate entity and the digital identifier the or each higher level certificate server in said hierarchical arrangement up to the root certificate server. - View Dependent Claims (13)
-
-
14. A digital communications network capable of providing secure communication, comprising:
-
a root certificate server associated with a private and public key and a digital certificate signed by said root certificate server certifying the public key thereof, said root certificate server having a memory for storing said digital certificate, and said memory including a register portion for storing a digital identifier associated with said root certificate server;
a plurality of subordinate entities associated with respective pseudonymic digital identifiers and comprising subordinate certificate servers and end users in a hierarchical arrangement with said root certificate server, said subordinate certificate servers issuing digital certificates to lower level entities in said hierarchical arrangement to bind public keys of said lower level entities to their respective pseudonymic digital identifiers; and
,said subordinate certificate servers having memories for storing an identifier for the issued digital certificates, said memories including a first register portion for storing the pseudonymic digital identifier of the issuing certificate server and at least one additional register portion for storing the digital identifier of the or each higher level certificate server in said hierarchical arrangement. - View Dependent Claims (15, 16, 17)
-
Specification