GENERATING DIGITAL SIGNATURES USING EPHEMERAL CRYPTOGRAPHIC KEY

US 20060153371A1
Filed: 08/08/2005
Published: 07/13/2006
Est. Priority Date: 01/07/2005
Status: Active Grant

First Claim

Patent Images

1. An invention comprising a method of generating a digital signature utilizing a cryptographic key, the method comprising the steps of:

(a) receiving into a computer system input data from a user;

(b) generating within the computer system a cryptographic key as a deterministic function of said received input of said step (a);

(c) following said step (b) of generating the cryptographic key, clearing from the computer system said received data of said step (a) so that said received data is no longer available for generating the cryptographic key;

(d) generating within the computer system a digital signature as a function of said generated cryptographic key of said step (b); and

(e) following said step (d) of generating the digital signature, clearing said generated cryptographic key of said step (b) from the computer system so that said generated cryptographic key is no longer available for generating a digital signature within the computer system.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Generating a digital signature utilizing a cryptograph key includes: receiving into a computer system input data from a user (UID); generating within the computer system a cryptographic key as a deterministic function of the UID; clearing from the computer system the UID; generating within the computer system a digital signature as a function of the generated cryptographic key; and clearing the generated cryptographic key from the computer system following generation of the digital signature. The digital signature further may be generated as a function of whether a digital signature has yet been generated using the generated cryptographic key following receipt of the UID. Neither the received UID nor the generated cryptographic key is exported from the computer system.

110 Citations

View as Search Results

32 Claims

1. An invention comprising a method of generating a digital signature utilizing a cryptographic key, the method comprising the steps of:
- (a) receiving into a computer system input data from a user;
  
  (b) generating within the computer system a cryptographic key as a deterministic function of said received input of said step (a);
  
  (c) following said step (b) of generating the cryptographic key, clearing from the computer system said received data of said step (a) so that said received data is no longer available for generating the cryptographic key;
  
  (d) generating within the computer system a digital signature as a function of said generated cryptographic key of said step (b); and
  
  (e) following said step (d) of generating the digital signature, clearing said generated cryptographic key of said step (b) from the computer system so that said generated cryptographic key is no longer available for generating a digital signature within the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The invention of claim 1, wherein neither said received data of said step (a) nor said generated cryptographic key of said step (b) is exported from the computer system.
  - 3. The invention of claim 1, wherein, following said step (c) of clearing said received data from the computer system, the input data received from the user in said step (a) must be received again within the computer system in order to regenerate the cryptographic key within the computer system using the deterministic function of said step (b).
  - 4. The invention of claim 1, wherein said generated cryptographic key of said step (b) comprises a private key of an asymmetric public-private key pair.
  - 5. The invention of claim 1, wherein said step (d) of generating the digital signature utilizes an elliptical curve digital signature algorithm (ECDSA).
  - 6. The invention of claim 1, wherein said step (c) of clearing said received data is performed prior to performance of said step (d) of generating the digital signature.
  - 7. The invention of claim 1, further comprising the step of exporting said generated digital signature of said step (d) from the computer system.
  - 8. The invention of claim 7, wherein said step (c) of clearing said received data is performed prior to said step of exporting said generated digital signature from the computer system.
  - 9. The invention of claim 7, wherein said step (e) of clearing said generated cryptographic key is performed prior to said step of exporting said generated digital signature from the computer system.
  - 10. The invention of claim 1, wherein the function of said step (d) further comprises a function of whether a digital signature has yet been generated using said generated cryptographic key of said step (b) following receipt of the user input data in step (a).
  - 11. The invention of claim 1, wherein said step (c) of clearing said received data occurs upon performance of said step (b) of generating the cryptographic key.
  - 12. The invention of claim 1, wherein said step (c) of clearing said received data occurs immediately upon performance of said step (b) of generating the cryptographic key.
  - 13. The invention of claim 1, wherein said step (e) of clearing said generated cryptographic key occurs upon performance of said step (d) of generating the digital signature.
  - 14. The invention of claim 1, wherein said step (e) of clearing said generated cryptographic key occurs immediately upon performance of said step (d) of generating the digital signature.
  - 15. The invention of claim 1, wherein said step (e) of clearing said generated cryptographic key occurs following expiration of a predetermined period of time.
  - 16. The invention of claim 1, wherein the period of time comprises the time period beginning with said step of generating the cryptographic key and ending with a predetermined event.
  - 17. The invention of claim 1, wherein the predetermined period of time comprises the lesser of the time period beginning with said step of generating the cryptographic key and ending with a predetermined event, and a predetermined fixed amount of time.
  - 18. The invention of claim 1, wherein the period of time comprises the time period in which a predetermined number of digital signatures are generated using said generated cryptographic key of said step (b).
  - 19. The invention of claim 1, wherein the period of time comprises the time period beginning with said step (b) of generating the cryptographic key, and ending with the termination of a communications session of the computer system.
  - 20. The invention of claim 1, wherein said step (d) of generating the digital signature is performed in response to a digital signature request that is received from a program, and wherein the period of time comprises the time period beginning with said step (b) of generating the cryptographic key, and ending with receipt of a subsequent digital signature request from a different program.
  - 21. The invention of claim 1, wherein the predetermined period of time consists of a predetermined fixed amount of time.
  - 22. The invention of claim 1, wherein said step (c) of clearing said received data comprises overwriting said received data in a computer-readable medium of the computer system so that said received data from the user no longer exists within the computer system.
  - 23. The invention of claim 1, wherein the deterministic function of said step (b) outputs a large integer value.
  - 24. The invention of claim 1, wherein the deterministic function of said step (b) comprises hashing said received data.
  - 25. The invention of claim 1, wherein the method further comprises, prior to said step (d) of generating the digital signature, receiving elliptical curve parameters defining an elliptical curve over a finite field, and receiving a generating point on the elliptical curve defined by said received elliptical curve parameters.
  - 26. The invention of claim 1, further comprising a computer-readable medium having computer-executable instructions for performing the method.

27. An invention comprising a method of generating digital signatures utilizing a cryptographic key, the method comprising the steps of:
- (a) receiving into a computer system input data from a user;
  
  (b) generating within the computer system a cryptographic key as a deterministic function of said received data of said step (a);
  
  (c) following said step (b) of generating the cryptographic key, clearing from the computer system said received data of said step (a) so that said received data is no longer available for generating the cryptographic key within the computer system;
  
  (d) maintaining an indicator to indicate whether a digital signature has yet been generated using said generated cryptographic key of said step (b);
  
  (e) generating within the computer system a digital signature as a function of said generated cryptographic key of said step (b) and said maintained indicator of said step (d); and
  
  (f) following said step (e) of generating the digital signature, clearing from the computer system said generated cryptographic key of said step (b) so that said generated cryptographic key is no longer available within the computer system for generating a digital signature.
- View Dependent Claims (28, 29, 30, 31, 32)
- - 28. The invention of claim 27, wherein said step (e) comprises appending a value of the indicator to an electronic message prior to digitally signing the electronic message in generating the digital signature.
  - 29. The invention of claim 27, further comprising repeating said step (e) using said generated cryptographic key of said step (b) to thereby generate additional digital signatures within the computer system.
  - 30. The invention of claim 29, wherein said step of repeating said step (e) is performed prior to said step (f) of clearing said generated cryptographic key.
  - 31. The invention of claim 29, wherein said step (d) of maintaining the indicator is performed prior to each respective performance of said step (e).
  - 32. The invention of claim 27, further comprising a computer-readable medium having computer-executable instructions for performing the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Beeson, Curtis Linn

Granted Patent

US 7,693,277 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04L 9/3073 involving pairings, e.g. id...

H04L 9/3252 using DSA or related signat...

GENERATING DIGITAL SIGNATURES USING EPHEMERAL CRYPTOGRAPHIC KEY

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

GENERATING DIGITAL SIGNATURES USING EPHEMERAL CRYPTOGRAPHIC KEY

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links