System and method for implementing digital signature using one time private keys

US 20060020811A1
Filed: 07/11/2005
Published: 01/26/2006
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for implementing transactions from a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:

a) providing instructions to a receiving entity for performing a transaction;

b) digitally signing the transaction with a digital signature generated by using a private key; and

c) irretrievably deleting the private key;

wherein the private key is used to generate the digital signature only once; and

further wherein the private key never leaves the possession of the signing entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The OTPK module 40 is essential to the present embodiment. It may be considered to be a software module implemented on the signing entity 20. The OTPK module 40 may be dynamically downloaded for use or implemented as a pre-installed client plug-in. The OTPK module 40 may perform its role without significant intervention from a user when operating as the signing entity 20. The OTPK module 40 may be implemented as a PKCS#11 or CAPI DLL or a Java Applet or ActiveX plugin embedded within the Internet Web Browser. It may be automatically executed when performing secure transactions requiring digital signatures. The OTPK module 40 serves to independently and without additional instruction from a user carry out the steps of generating the asymmetric key pairs comprising the public key and the private key. The OTPK module 40 then contacts the authentication and certification server 50 for authenticating the identity of the signing entity 20. At this point, the user of the signing entity 20 may be prompted for a password or the password may have been entered earlier as part of a 2-factor authentication to the authentication and certification server 50. The private key is then automatically used to generate a digital signature for the signing entity 20. At this point onwards, the private key is then irretrievably deleted such that it cannot be re-used or copied for future use.

53 Citations

View as Search Results

14 Claims

1. A method for implementing transactions from a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:
- a) providing instructions to a receiving entity for performing a transaction;
  
  b) digitally signing the transaction with a digital signature generated by using a private key; and
  
  c) irretrievably deleting the private key;
  
  wherein the private key is used to generate the digital signature only once; and
  
  further wherein the private key never leaves the possession of the signing entity.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the step b) further comprises:
    - b1) generating a new asymmetric key pair comprising the private key and a public key by an One Time Private Key (OTPK) module;
      
      b2) generating the digital signature using the private key;
      
      b3) generating a certification request containing the public key;
      
      b4) sending the certification request to an authentication and certification server;
      
      b5) receiving a digital certificate from the authentication and certification server certifing ownership of the public key;
      
      b6) sending the digital signature together with the digital certificate to the receiving entity.
  - 3. The method of claim 1, wherein the step b) further comprises:
    - b1) generating a new asymmetric key pair comprising the private key and a public key by an One Time Private Key (OTPK) module;
      
      b2) generating a certification request containing the public key;
      
      b3) sending the certification request to an authentication and certification server;
      
      b4) receiving a digital certificate from the authentication and certification server certifing ownership of the public key;
      
      b5) generating the digital signature using the private key;
      
      b6) sending the digital signature together with the digital certificate to the receiving entity.

4. A computer implementable method for implementing transactions by a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:
- a) generating a new asymmetric key pair comprising a private key and a public key;
  
  b) generating a certification request containing the public key;
  
  c) generating the digital signature using the private key; and
  
  d) irretrievably deleting the private key;
  
  wherein the private key is used to generate the digital signature only once; and
  
  further wherein the private key never leaves the possession of the signing entity.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, further comprising the steps:
    - e) establishing communications with an authentication and certification server for authenticating the identity of the signing entity;
      
      f) sending the certification request containing the public key to the authentication and certification server;
      
      g) receiving from the authentication and certification server a digital certificate certifying the ownership of the public key; and
      
      h) sending the digital signature and the digital certificate to the receiving entity.
  - 6. The method of claim 4, further comprising the steps after step b) and before step c):
    - b1) establishing communications with an authentication and certification server for authenticating the identity of the signing entity;
      
      b2) sending the certification request containing the public key-to the authentication and certification server; and
      
      b3) receiving from the authentication and certification server a digital certificate certifing the ownership of the public key.
  - 7. The method of claim 6, further comprising the step after d):
    - e) sending the digital signature and the digital certificate to the receiving entity.

8. A system for implementing transactions over a network using digital signatures comprises:
- a signing entity desiring to perform transactions over the network with a receiving entity;
  
  an OTPK (One-time Private Key) module residing in the signing entity for generating only new asymmetric key pairs comprising a public key and a private key, the OTPK module for generating a digital signature using the private key and a certification request containing the public key;
  
  an authentication and certification server for authenticating identity of the signing entity, for receiving the certification request and for issuing a digital certificate certifying ownership of the public key by the signing entity;
  
  wherein the private key is used to generate the digital signature only once; and
  
  further wherein the private key never leaves the possession of the signing entity.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein the OTPK module automatically sends the digital signature and the digital certificate to the secured server.
  - 10. The system of claim 8, wherein the OTPK module performs its functions without additional interference or instruction from the signing entity.

11. A computer implementable method for using a One Time Private Key (OTPK) module to implement transactions by a signing entity over a network with a receiving entity using digital signatures in a newly initiated session, the method comprising the steps:
- a) generating a new asymmetric key pair comprising a private key and a public key upon notification that a transaction requiring a digital signature is desired;
  
  b) generating a certification request containing the public key;
  
  c) generating at least one digital signature using the private key; and
  
  d) irretrievably deleting the private key;
  
  wherein the private key is used to generate the digital signature only while the newly initiated session is active; and
  
  further wherein the private key never leaves the possession of the signing entity.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising the steps:
    - e) establishing communications with an authentication and certification server for authenticating the identity of the signing entity;
      
      f) sending the certification request containing the public key to the authentication and certification server;
      
      g) receiving from the authentication and certification server a digital certificate certifying the ownership of the public key; and
      
      h) sending the digital signature and the digital certificate to the receiving entity.
  - 13. The method of claim 11, further comprising the steps after step b) and before step c):
    - b1) establishing communications with an authentication and certification server for authenticating the identity of the signing entity;
      
      b2) sending the certification request containing the public key to the authentication and certification server; and
      
      b3) receiving from the authentication and certification server a digital certificate certifying the ownership of the public key.
  - 14. The method of claim 11, further comprising the step after d):
    - e) sending the digital signature and the digital certificate to the receiving entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Data Security Systems Solutions Pte Ltd. (Thales SA)
Original Assignee
Data Security Systems Solutions Pte Ltd. (Thales SA)
Inventors
Tan, Telk Guan

Granted Patent

US 7,689,828 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

H04L 63/067   using one-time keys cryptog...

H04L 63/126   the source of the received ...

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method for implementing digital signature using one time private keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing digital signature using one time private keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links