System and method for renewing and extending digitally signed certificates

US 20040193872A1
Filed: 01/08/2004
Published: 09/30/2004
Est. Priority Date: 07/09/2001
Status: Abandoned Application

First Claim

Patent Images

1. A system for generating a new digital certificate for a transaction, comprising:

a communication network;

a first processor connected to the communication network, wherein the first processor is in communication with a first memory for storing a first group of digital certificates;

a second processor connected to the communication network, wherein the second processor is in communication with a second memory for storing a second group of digital certificates;

a third processor connected to the communication network, the third processor for requesting at least one certificate from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the at least one of the first and second processors is for issuing the at least one certificate; and

, a fourth processor connected to the communication network, wherein the fourth processor is in communication with a fourth memory, wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the fourth processor sends the third processor the new certificate for the transaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product is provided for generating new digitally signed statements (certificates). The generated new certificates can be used within a renewal procedure for compromised signatures. The generated new certificates can also be used within an extension procedure for adding new signatures to existing certificates. The system, method, and computer program product can generate new certificates by receiving an initial list of certificates comprising a plurality of certificates, verify the authenticity of each of the plurality of certificates, compute a new certificate using a composition algorithm, sign the new certificate, revise the list of certificates, and attach the list, as revised, to the new certificate.

36 Citations

View as Search Results

51 Claims

1. A system for generating a new digital certificate for a transaction, comprising:
- a communication network;
  
  a first processor connected to the communication network, wherein the first processor is in communication with a first memory for storing a first group of digital certificates;
  
  a second processor connected to the communication network, wherein the second processor is in communication with a second memory for storing a second group of digital certificates;
  
  a third processor connected to the communication network, the third processor for requesting at least one certificate from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the at least one of the first and second processors is for issuing the at least one certificate; and
  
  , a fourth processor connected to the communication network, wherein the fourth processor is in communication with a fourth memory, wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the fourth processor sends the third processor the new certificate for the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the third processor requests the fourth processor to provide the third processor with a new certificate when the at least one certificate is not useable.
  - 3. The system of claim 1, wherein the new certificate is stored within the fourth memory.
  - 4. The system of claim 1, wherein the new certificate is computed by the fourth processor using information associated with the at least one certificate.
  - 5. The system of claim 1, wherein the new certificate is computed by the fourth processor using information associated with the at least one certificate, wherein the fourth processor sends the third processor the new certificate for the transaction, and wherein the a list of the at least one certificate is attached to the new certificate when the fourth processor sends the third processor the new certificate.
  - 6. The system of claim 1, wherein the new certificate is computed on the fly by the fourth processor using information associated with the at least one certificate.
  - 7. The system of claim 1, wherein the third processor requests a plurality of certificates from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the first and second processors issues the plurality of certificates, and wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the fourth processor computes the new certificate based on information associated with each certificate within the plurality of certificates.
  - 8. The system of claim 1, wherein the third processor requests a plurality of certificates from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the first and second processors issues the plurality of certificates, and wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the fourth processor computes the new certificate based on information associated with more than one certificate within the plurality of certificates, but less than every certificate within the plurality of certificates.
  - 9. The system of claim 1, wherein the new certificate is computed by the fourth processor using information relating to an interaction between a user and the third processor.
  - 10. The system of claim 1, wherein the third processor requests a plurality of certificates from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the first and second processors issues the plurality of certificates, and wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the new certificate is added to the plurality of certificates and made a part of the plurality of certificates.
  - 11. The system of claim 1, wherein the third processor requests a plurality of certificates from at least one of the first and second processors within at least one of the first and second groups of certificates, and wherein the first and second processors issues the plurality of certificates, and wherein the third processor requests the fourth processor to provide the third processor with a new certificate, and wherein the new certificate replaces at least one certificate within the plurality of certificates.
  - 12. The system of claim 1, wherein the first, second and fourth processors are servers.
  - 13. The system of claim 1, wherein at least one of the first, second and fourth processors comprise cryptographic co-processors.
  - 14. The system of claim 1, wherein the third processor is a personal computer.
  - 15. The system of claim 1, wherein the communication network is at least one of ethernet, internet, intranet, wide area network, local area network, virtual private network, wireless, asynchronous transmission method, synchronous, dial-up, distributed.
  - 16. The system of claim 1, wherein the new certificate is computed by the fourth processor using information associated with the at least one certificate, wherein the fourth processor verifies the at least one certificate before computing the new certificate.

17. A method of generating a new digital certificate for a transaction, comprising the steps of:
- providing for receiving a request from a user processor to send a user processor at least one certificate from at least one of a first and second group of certificates stored with first and second memory, respectively, connected to first and second processors, respectively;
  
  providing for sending the at least one certificate to the user processor;
  
  providing for receiving the at least one certificate at a fourth processor; and
  
  , providing for sending from the fourth processor to the user processor a new certificate for the transaction.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 18. The method of claim 17 further comprising the steps of:
    - providing for storing the first group of digital certificates in the first memory connected to the first processor; and
      
      , providing for storing the second group of digital certificates is the second memory connected to the second processor.
  - 19. The method of claim 17, wherein the first, second, user, and fourth processors would be connected to a communication network.
  - 20. The method of claim 17, wherein the step of providing for receiving a request for the fourth processor to provide the user processor with a new certificate would be performed when the at least one certificate is not useable.
  - 21. The method of claim 17, wherein the new certificate would be stored within the fourth memory.
  - 22. The method of claim 17 further comprising the step of:
    - providing for computing the new certificate using information associated with the at least one certificate.
  - 23. The method of claim 22, wherein the computing would be performed by the fourth processor.
  - 24. The method of claim 23 further comprising the step of:
    - providing for attaching a list of the at least one certificate to the new certificate when the fourth processor sends the user processor the new certificate.
  - 25. The method of claim 17, wherein the step of providing for receiving a request comprises providing for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the step of providing for sending the at least one certificate comprises providing for sending the plurality of certificates to the user processor, the method further comprising the steps of:
    - providing for receiving a request for the fourth processor to provide the user processor with a new certificate; and
      
      , providing for computing the new certificate based on information associated with each certificate within the plurality of certificates.
  - 26. The method of claim 17, wherein the step of providing for receiving a request comprises providing for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the step of providing for sending the at least one certificate comprises providing for sending the plurality of certificates to the user processor, the method further comprising the steps of:
    - providing for receiving a request for the fourth processor to provide the user processor with a new certificate; and
      
      , providing for computing the new certificate based on information associated with more than one certificate within the plurality of certificates, but less than every certificate within the plurality of certificates.
  - 27. The method of claim 17 further comprising the step of:
    - providing for computing the new certificate using information relating to an interaction between a user and the third processor.
  - 28. The method of claim 17, wherein the step of providing for receiving a request comprises providing for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the step of providing for sending the at least one certificate comprises providing for sending the plurality of certificates to the user processor, the method further comprising the steps of:
    - providing for receiving a request for the fourth processor to provide the user processor with a new certificate;
      
      providing for computing the new certificate; and
      
      , providing for sending the new certificate to the user processor for adding the new certificate to the plurality of certificates.
  - 29. The method of claim 17, wherein the step of providing for receiving a request comprises providing for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the step of providing for sending the at least one certificate comprises providing for sending the plurality of certificates to the user processor, the method further comprising the steps of:
    - providing for receiving a request for the fourth processor to provide the user processor with a new certificate;
      
      providing for computing the new certificate; and
      
      , providing for sending the new certificate to the user processor for replacing at least one certificate within the plurality of certificates.
  - 30. The method of claim 17 further comprising the steps of:
    - providing for verifying the at least one certificate; and
      
      , providing for computing the new certificate using information associated with the at least one certificate.

31. A computer program product for generating a new digital certificate for a transaction, comprising:
- a first code segment for receiving a request from a user processor to send a user processor at least one certificate from at least one of a first and second group of certificates stored with first and second memory, respectively, connected to first and second processors, respectively;
  
  a second code segment for sending the at least one certificate to the user processor;
  
  a third code segment for receiving the at least one certificate at a fourth processor; and
  
  , a fourth code segment for sending from the fourth processor to the user processor a new certificate for the transaction.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 32. The product of claim 31 further comprising:
    - a fifth code segment for storing the first group of digital certificates in the first memory connected to the first processor; and
      
      , a sixth code segment for storing the second group of digital certificates is the second memory connected to the second processor.
  - 33. The product of claim 31 further comprising:
    - a fifth code segment for computing the new certificate using information associated with the at least one certificate.
  - 34. The product of claim 33 further comprising:
    - a sixth code segment for attaching a list of the at least one certificate to the new certificate when the fourth processor sends the user processor the new certificate.
  - 35. The product of claim 31, wherein the first code segment comprises a code segment for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the second code step comprises a code segment for sending the plurality of certificates to the user processor, the method further comprising:
    - a fifth code segment for receiving a request for the fourth processor to provide the user processor with a new certificate; and
      
      , a sixth code segment for computing the new certificate based on information associated with each certificate within the plurality of certificates.
  - 36. The product of claim 31, wherein the first code segment comprises a code segment for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the second code step comprises a code segment for sending the plurality of certificates to the user processor, the method further comprising:
    - a fifth code segment for receiving a request for the fourth processor to provide the user processor with a new certificate; and
      
      , a sixth code segment for computing the new certificate based on information associated with more than one certificate within the plurality of certificates, but less than every certificate within the plurality of certificates.
  - 37. The product of claim 31 further comprising:
    - a fifth code segment for computing the new certificate using information relating to an interaction between a user and the third processor.
  - 38. The product of claim 31, wherein the first code segment comprises a code segment for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the second code step comprises a code segment for sending the plurality of certificates to the user processor, the method further comprising:
    - a fifth code segment for receiving a request for the fourth processor to provide the user processor with a new certificate;
      
      a sixth code segment for computing the new certificate; and
      
      , a seventh code segment for sending the new certificate to the user processor for adding the new certificate to the plurality of certificates.
  - 39. The product of claim 31, wherein the first code segment comprises a code segment for receiving a request for a plurality of certificates from at least one of the first and second processors, from within at least one of the first and second groups of certificates, wherein the second code step comprises a code segment for sending the plurality of certificates to the user processor, the method further comprising:
    - a fifth code segment for receiving a request for the fourth processor to provide the user processor with a new certificate;
      
      a sixth code segment for computing the new certificate; and
      
      , a seventh code segment for sending the new certificate to the user processor for replacing at least one certificate within the plurality of certificates.
  - 40. The product of claim 31 further comprising:
    - a fifth code segment for verifying the at least one certificate; and
      
      , a sixth code segment for computing the new certificate using information associated with the at least one certificate.

41. A method of generating a new digital certificate for a transaction, comprising the steps of:
- providing for receiving a request from a user processor to send a user processor at least one certificate from at least one of a first and second group of certificates stored with first and second memory, respectively, connected to first and second processors, respectively;
  
  providing for sending the at least one certificate to the user processor;
  
  providing for receiving the at least one certificate at a fourth processor; and
  
  , providing for sending from the fourth processor to the user processor a new certificate for the transaction.

42. A method for generating a new certificate for a transaction comprising the steps of:
- providing for receiving an initial list of certificates comprising a plurality of certificates;
  
  providing for verifying the authenticity of each of the plurality of certificates;
  
  providing for computing a new certificate using a composition algorithm;
  
  providing for signing the new certificate;
  
  providing for revising the list of certificates; and
  
  , providing for attaching the list, as revised, to the new certificate.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 43. The method of claim 42, wherein the plurality of certificates are digital time stamps.
  - 44. The method of claim 42, wherein the plurality of certificates are public key certificates.
  - 45. The method of claim 42, wherein the plurality of certificates are signed statements issued by a digital signature service, wherein the plurality of certificates each have at least one user identification and a cryptographic digest of a document.
  - 46. The method of claim 42, wherein the plurality of certificates are signed statements issued by an electronic notary service, wherein the plurality of certificates each have at least one user identification, a cryptographic digest of a document, and time stamp.
  - 47. The method of claim 42, wherein the new certificate comprises a digital time stamp the numerical value of which is the minimum of the corresponding values of the plurality of certificates from which the new certificate is calculated.
  - 48. The method of claim 42, wherein the new certificate comprises a digital time stamp the numerical value of which is the maximum of the corresponding values of the plurality of certificates from which the new certificate is calculated.
  - 49. The method of claim 42, wherein the new certificate comprises a digital time stamp the numerical value of which is the k-th smallest of the corresponding values of the plurality of certificates from which the new certificate is calculated.
  - 50. The method of claim 42, wherein the new certificate comprises a digital time stamp the numerical value of which is the k-th largest of the corresponding values of the plurality of certificates from which the new certificate is calculated.
  - 51. The method of claim 42, wherein the composition algorithm is deterministic and the output of which depends on deterministic data that the list of received certificates does not directly comprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Guardtime SA
Original Assignee
Linuxprobe Co.
Inventors
Buldas, Ahto, Saarepera, Mart

Application Number

US10/483,216
Publication Number

US 20040193872A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2221/2151   Time stamp

G06Q 20/38215   Use of certificates or encr...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

System and method for renewing and extending digitally signed certificates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

51 Claims

Specification

Use Cases

Quick Links

Others

System and method for renewing and extending digitally signed certificates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

51 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others