Method and apparatus for public key cryptosystem

US 20030163701A1
Filed: 02/26/2003
Published: 08/28/2003
Est. Priority Date: 02/27/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for operating a cryptosystem having a user, a registration station, and an authentication station, the user having been assigned an active key pair, the active key pair including a private key and a public key, the method comprising:

generating an at least one new security key for the user upon receiving a request to generate the at least one new security key;

storing the generated new security key in a storage area without activating the new security key, the new security key being stored as an auxiliary key for the user;

receiving a request to activate the new security key that is stored in the storage area from the user; and

activating the new security key for the user after receiving the activation request from the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for operating a cryptosystem having a user, a registration station, and an authentication station is disclosed. The user has been assigned an active key pair. The active key pair includes a private key and a public key. The method includes generating an at least one new security key for the user upon receiving a request to generate the at least one new security key. The generated new security key is stored in a storage area without activating the new security key, the new security key being stored as an auxiliary key for the user. A request to activate the new security key that is stored in the storage area is received from the user. The new security key for the user is activated after receiving the activation request from the user.

88 Citations

View as Search Results

21 Claims

1. A method for operating a cryptosystem having a user, a registration station, and an authentication station, the user having been assigned an active key pair, the active key pair including a private key and a public key, the method comprising:
- generating an at least one new security key for the user upon receiving a request to generate the at least one new security key;
  
  storing the generated new security key in a storage area without activating the new security key, the new security key being stored as an auxiliary key for the user;
  
  receiving a request to activate the new security key that is stored in the storage area from the user; and
  
  activating the new security key for the user after receiving the activation request from the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12)
- - 2. The method of claim 1, wherein the at least one new security key that is generated is a new key pair including a new private key and a new public key.
  - 3. The method of claim 1, further comprising:
    - submitting a request for issuance of a registration certificate for the new security key to the authentication station upon receipt of the activation request from the user; and
      
      generating the registration certificate for the new security key at the authentication station in response to the submitted request.
  - 4. The method of claim 3, wherein the submitting-a-request step and the generating-the-the registration-certificate step are performed by the same entity.
  - 5. The method of claim 3, wherein the submitting-a-request step is performed by the registration station and the generating-the-the registration-certificate step is performed by the authentication station, the registration and authentication stations being a first server and a second server.
  - 6. The method of claim 5, further comprising:
    - transmitting the registration certificate received from the authentication station to the user from the registration station;
      
      storing the registration certificate in a storage location controlled by the registration station; and
      
      deactivating the active key pair of the user.
  - 7. The method of claim 3, further comprising:
    - transmitting the registration certificate received to the user from the registration station with a private key corresponding to the at least one new security key.
  - 8. The method of claim 1, wherein the new security key is generated at the registration station and the request to generate the at least one new security key is sent by the user to the registration station.
  - 9. The method of claim 1, wherein the at least one new security key is generated in a user device in response to the request to generate the at least one security key and the generated at least one security key is stored in the user device.
  - 12. The method of claim 11, further comprising:
    - storing the first request upon validating the first request based on the authenticating step.

10. A method for operating a cryptosystem having a user, a registration station, and an authentication station, the user having been assigned an active key pair, the active key pair including a private key and a public key, the method comprising:
- receiving a first request to initiate registration of an auxiliary key for the user at the registration station at a first point in time, the first request not providing an authority to proceed with obtaining a registration certificate of the auxiliary key; and
  
  receiving a second request at the registration station at a second point in time that is subsequent to the first point in time, the second request providing the authority to obtain the registration certificate of the auxiliary key.
- View Dependent Claims (11, 13, 14, 15)
- - 11. The method of claim 10, further comprising:
    - authenticating the first request upon receiving the first request.
  - 13. The method of claim 10, further comprising:
    - generating the auxiliary key; and
      
      submitting a third request for issuance of a registration certificate for the generated auxiliary key to the authentication station upon receipt of the second request; and
      
      generating the registration certificate for the auxiliary key at the authentication station in response to the third request.
  - 14. The method of claim 13, wherein the auxiliary key is generated at the registration key upon receipt of the second request, wherein the first and second requests are from the user to the registration station, wherein the generating auxiliary key step includes generating an auxiliary private key and an auxiliary public key.
  - 15. The method of claim 10, further comprising:
    - monitoring use of the active key pair by the user; and
      
      alerting the user of a security risk of continued use of the active key pair if a predetermined condition is met based;
      
      wherein the first request is transmitted by the user to the registration station upon receipt of the security risk alert, wherein the registration station is a registration apparatus and an authentication station is an authentication apparatus.

16. A registration apparatus provided in a cryptosystem, the cryptosystem including a plurality of user terminals and a network coupling the user terminals to the registration apparatus, the apparatus comprising:
- a network interface coupled to the network;
  
  a database including information about a plurality of users and a plurality of key pairs assigned to the plurality of users;
  
  a computer readable medium including;
  
  code for receiving a first request to initiate registration of an auxiliary key for one of the users at the registration station at a first point in time, the first request not providing an authority to proceed with obtaining a registration certificate of the auxiliary key; and
  
  code for receiving a second request at the registration station at a second point in time that is subsequent to the first point in time, the second request providing the authority to obtain the registration certificate of the auxiliary key.
- View Dependent Claims (17, 18)
- - 17. The registration apparatus of claim 16, wherein registration apparatus is a server, the computer readable medium further includes:
    - code for generating the auxiliary key; and
      
      code for submitting a third request for issuance of a registration certificate for the generated auxiliary key to an authentication station upon receipt of the second request.
  - 18. The registration apparatus of claim 16, wherein the computer readable medium further includes:
    - code for alerting the user of a security risk of continued use of the active key pair upon determining that a predetermined condition has been met.

19. A computer readable medium for use in a cryptosystem including a user, a registration station, and a authentication station, the user having been assigned an active key pair, the active key pair including a private key and a public key, the medium comprising:
- code for receiving a first request to initiate registration of an auxiliary key for one of the users at the registration station at a first point in time, the first request not providing an authority to proceed with obtaining a registration certificate of the auxiliary key; and
  
  code for receiving a second request at the registration station at a second point in time that is subsequent to the first point in time, the second request providing the authority to obtain the registration certificate of the auxiliary key.
- View Dependent Claims (20)
- - 20. The computer readable medium of claim 19, further comprising:
    - code for generating the auxiliary key for the user upon receiving the first request;
      
      code storing the generated auxiliary key in a storage area without activating the auxiliary key; and
      
      code for activating the new security key for the user after receiving the second request.

21. A computer readable medium for use in a cryptosystem including a user, a registration station, and an authentication station, the user having been assigned a first key pair, the first key pair including a private key and a public key and having been activated, the medium comprising:
- code for transmitting a first request to initiate registration of a second key for one of the users at the registration station at a first point in time while the first key pair is still active, the first request not providing an authority to proceed with obtaining a registration certificate of the second key; and
  
  code for transmitting a second request at the registration station at a second point in time that is subsequent to the first point in time, the second request providing the authority to obtain the registration certificate of the second key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Ochi, Yasushi, Tsuchiya, Hiroyoshi

Application Number

US10/376,651
Publication Number

US 20030163701A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Method and apparatus for public key cryptosystem

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

88 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for public key cryptosystem

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

88 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links