System and method for implementing digital signature using one time private keys
First Claim
1. A method for implementing transactions from a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:
- a) providing instructions to a receiving entity for performing a transaction;
b) digitally signing the transaction with a digital signature generated by using a private key; and
c) irretrievably deleting the private key;
wherein the private key is used to generate the digital signature only once; and
further wherein the private key never leaves the possession of the signing entity.
1 Assignment
0 Petitions
Accused Products
Abstract
The OTPK module 40 is essential to the present embodiment. It may be considered to be a software module implemented on the signing entity 20. The OTPK module 40 may be dynamically downloaded for use or implemented as a pre-installed client plug-in. The OTPK module 40 may perform its role without significant intervention from a user when operating as the signing entity 20. The OTPK module 40 may be implemented as a PKCS#11 or CAPI DLL or a Java Applet or ActiveX plugin embedded within the Internet Web Browser. It may be automatically executed when performing secure transactions requiring digital signatures. The OTPK module 40 serves to independently and without additional instruction from a user carry out the steps of generating the asymmetric key pairs comprising the public key and the private key. The OTPK module 40 then contacts the authentication and certification server 50 for authenticating the identity of the signing entity 20. At this point, the user of the signing entity 20 may be prompted for a password or the password may have been entered earlier as part of a 2-factor authentication to the authentication and certification server 50. The private key is then automatically used to generate a digital signature for the signing entity 20. At this point onwards, the private key is then irretrievably deleted such that it cannot be re-used or copied for future use.
53 Citations
14 Claims
-
1. A method for implementing transactions from a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:
-
a) providing instructions to a receiving entity for performing a transaction;
b) digitally signing the transaction with a digital signature generated by using a private key; and
c) irretrievably deleting the private key;
wherein the private key is used to generate the digital signature only once; and
further wherein the private key never leaves the possession of the signing entity. - View Dependent Claims (2, 3)
-
-
4. A computer implementable method for implementing transactions by a signing entity over a network to a receiving entity using digital signatures, the method comprising the steps:
-
a) generating a new asymmetric key pair comprising a private key and a public key;
b) generating a certification request containing the public key;
c) generating the digital signature using the private key; and
d) irretrievably deleting the private key;
wherein the private key is used to generate the digital signature only once; and
further wherein the private key never leaves the possession of the signing entity. - View Dependent Claims (5, 6, 7)
-
-
8. A system for implementing transactions over a network using digital signatures comprises:
-
a signing entity desiring to perform transactions over the network with a receiving entity;
an OTPK (One-time Private Key) module residing in the signing entity for generating only new asymmetric key pairs comprising a public key and a private key, the OTPK module for generating a digital signature using the private key and a certification request containing the public key;
an authentication and certification server for authenticating identity of the signing entity, for receiving the certification request and for issuing a digital certificate certifying ownership of the public key by the signing entity;
wherein the private key is used to generate the digital signature only once; and
further wherein the private key never leaves the possession of the signing entity. - View Dependent Claims (9, 10)
-
-
11. A computer implementable method for using a One Time Private Key (OTPK) module to implement transactions by a signing entity over a network with a receiving entity using digital signatures in a newly initiated session, the method comprising the steps:
-
a) generating a new asymmetric key pair comprising a private key and a public key upon notification that a transaction requiring a digital signature is desired;
b) generating a certification request containing the public key;
c) generating at least one digital signature using the private key; and
d) irretrievably deleting the private key;
wherein the private key is used to generate the digital signature only while the newly initiated session is active; and
further wherein the private key never leaves the possession of the signing entity. - View Dependent Claims (12, 13, 14)
-
Specification