FACILITATING DIGITAL SIGNATURE BASED ON EPHEMERAL PRIVATE KEY

US 20060156012A1
Filed: 08/08/2005
Published: 07/13/2006
Est. Priority Date: 01/07/2005
Status: Active Grant

First Claim

Patent Images

1. An invention comprising a method for facilitating communication using a digital signature, the method comprising the steps of:

(a) first, (i) receiving into a first computer system input data from a first user, (ii) generating within the first computer system a first key as a deterministic function of said received data of said step (a)(i), (iii) following said step (a)(ii) of generating the first key, clearing said received data of said step (a)(i) so that said received data is no longer available within the first computer system for generating the first key within the first computer system, (iv) generating within the first computer system a second key as a deterministic function of said generated first key of said step (a)(ii), said generated first key comprising a private key of an asymmetric public-private key pair and said generated second key comprising a public key of the asymmetric public-private key pair, (v) following said step (a)(iv) of generating said second key, clearing said generated first key from the first computer system so that said generated first key is no longer available within the first computer system, and (vi) exporting said generated second key from the first computer system; and

(b) thereafter, generating a digital signature by, (i) receiving into a second computer system input data from a second user, (ii) regenerating within the second computer system the first key using the deterministic function of said step (a)(ii) and said received data of said step (b)(i), (iii) following said step (b)(ii) of regenerating said first key, clearing from the second computer system said received data of said step (b)(i) so that said received data is no longer available within the second computer system for regenerating the first key within the second computer system, (iv) generating within the second computer system a digital signature as a function of said regenerated first key of said step (b)(ii), (v) following said step (b)(iv) of generating the digital signature, clearing said regenerated first key from the second computer system so that said regenerated first key is no longer available within the second computer system, and (vi) exporting said generated digital signature of said step (b)(iv) from the second computer.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Facilitating communication using a digital signature includes: receiving user input data (UID); generating a first key as a deterministic function of the UID; clearing the UID; generating a second key as a deterministic function of the first key; clearing the first key following generation of the second key; and exporting the second key. Neither the UID nor the first key is exported. Thereafter, a digital signature is generated by again receiving the UID; regenerating the first key using the deterministic function and the UID; clearing the UID; generating a digital signature as a function of the regenerated first key; clearing the regenerated first key following generation of the digital signature; and exporting the generated digital signature.

186 Citations

View as Search Results

46 Claims

1. An invention comprising a method for facilitating communication using a digital signature, the method comprising the steps of:
- (a) first, (i) receiving into a first computer system input data from a first user, (ii) generating within the first computer system a first key as a deterministic function of said received data of said step (a)(i), (iii) following said step (a)(ii) of generating the first key, clearing said received data of said step (a)(i) so that said received data is no longer available within the first computer system for generating the first key within the first computer system, (iv) generating within the first computer system a second key as a deterministic function of said generated first key of said step (a)(ii), said generated first key comprising a private key of an asymmetric public-private key pair and said generated second key comprising a public key of the asymmetric public-private key pair, (v) following said step (a)(iv) of generating said second key, clearing said generated first key from the first computer system so that said generated first key is no longer available within the first computer system, and (vi) exporting said generated second key from the first computer system; and
  
  (b) thereafter, generating a digital signature by, (i) receiving into a second computer system input data from a second user, (ii) regenerating within the second computer system the first key using the deterministic function of said step (a)(ii) and said received data of said step (b)(i), (iii) following said step (b)(ii) of regenerating said first key, clearing from the second computer system said received data of said step (b)(i) so that said received data is no longer available within the second computer system for regenerating the first key within the second computer system, (iv) generating within the second computer system a digital signature as a function of said regenerated first key of said step (b)(ii), (v) following said step (b)(iv) of generating the digital signature, clearing said regenerated first key from the second computer system so that said regenerated first key is no longer available within the second computer system, and (vi) exporting said generated digital signature of said step (b)(iv) from the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 2. The invention of claim 1, wherein neither said received data of said step (a)(i) nor said generated first key of said step (a)(ii) is exported from the first computer system.
  - 3. The invention of claim 1, wherein neither said received data of said step (b)(i) nor said regenerated first key of said step (b)(ii) is exported from the second computer system.
  - 4. The invention of claim 1, wherein, following said step (a)(iii) of clearing said received data from the first computer system, the user input data received in said step (a)(i) must be received again within the first computer system in order to regenerate the first key within the first computer system using the deterministic function of said step (a)(ii).
  - 5. The invention of claim 1, wherein, following said step (b)(iii) of clearing said received data from the second computer system, the user input data received in said step (b)(i) must be received again within the second computer system in order to regenerate the first key within the second computer system using the deterministic function of said step (b)(ii).
  - 6. The invention of claim 1, wherein the first computer system is the second computer system.
  - 7. The invention of claim 1, wherein the first computer system is not the second computer system.
  - 8. The invention of claim 1, wherein the first user is the second user.
  - 9. The invention of claim 8, wherein the input data from the user represents a biometric.
  - 10. The invention of claim 1, wherein the first user is not the second user.
  - 11. The invention of claim 10, wherein the input data from both the first and second users represents a passphrase.
  - 12. The invention of claim 10, wherein the input data from both the first and second users represents a password.
  - 13. The invention of claim 10, wherein the input data from both the first and second users represents a PIN.
  - 14. The invention of claim 1, wherein the function of said step (b)(iv) of generating the digital signature further is a function of whether a digital signature has yet been generated using said regenerated first key of said step (b)(ii).
  - 15. The invention of claim 1, wherein said generated digital signature of said step (b)(iv) is for a message, and wherein the method further comprises communicating both said exported second key of said step (a)(vi) and said exported digital signature of said step (b)(vi) to a recipient of the message.
  - 16. The invention of claim 1, wherein said step (a)(iii) of clearing said received data is performed prior to performance of said step (a)(iv) of generating the second key.
  - 17. The invention of claim 1, wherein said step (a)(iii) of clearing said received data is performed after performance of said step (a)(iv) of generating the second key.
  - 18. The invention of claim 1, wherein said step (b)(iii) of clearing said received data is performed prior to performance of said step (b)(iv) of generating the digital signature.
  - 19. The invention of claim 1, wherein said step (b)(iii) of clearing said received data is performed after performance of said step (b)(iv) of generating the digital signature.
  - 20. The invention of claim 1, wherein the deterministic function of said step (a)(ii) outputs a large integer value.
  - 21. The invention of claim 1, wherein the deterministic function of said step (a)(ii) comprises hashing said received data of said step (a)(i).
  - 22. The invention of claim 21, wherein the deterministic function of said step (a)(ii) comprises hashing multiple times said received data of said step (a)(i).
  - 23. The invention of claim 21, wherein the deterministic function of said step (a)(ii) comprises hashing multiple times said received data of said step (a)(i) while folding interim hashes together.
  - 24. The invention of claim 1, wherein the deterministic function of said step (a)(ii) comprises a strong hash function.
  - 25. The method of claim 1, wherein said step (b)(iv) of generating the digital signature utilizes an elliptical curve digital signature algorithm (ECDSA).
  - 26. The invention of claim 1, wherein the method further comprises, prior to said step (a)(ii) of generating the first key, the step of receiving elliptical curve parameters.
  - 27. The invention of claim 26, wherein said received elliptical curve parameters define an elliptical curve over a finite field.
  - 28. The invention of claim 1, further comprising the steps of, prior to said step (a)(ii) of generating the first key, receiving elliptical curve parameters defining an elliptical curve over a finite field, and receiving a generating point on the elliptical curve defined by said received elliptical curve parameters.
  - 29. The invention of claim 1, wherein said step (a)(iii) of clearing said received data of said step (a)(i) occurs upon performance of said step (a)(ii) of generating the first key.
  - 30. The invention of claim 1, wherein said step (a)(iii) of clearing said received data of said step (a)(i) occurs immediately upon performance of said step (a)(ii) of generating the first key.
  - 31. The invention of claim 1, wherein said step (b)(iii) of clearing said received data of said step (b)(i) occurs upon performance of said step (b)(ii) of regenerating the first key.
  - 32. The invention of claim 1, wherein said step (b)(iii) of clearing said received data of said step (b)(i) occurs immediately upon performance of said step (b)(ii) of regenerating the first key.
  - 33. The invention of claim 1, wherein said step (a)(v) of clearing said generated first key occurs upon performance of said step (a)(iv) of generating the second key.
  - 34. The invention of claim 1, wherein said step (a)(v) of clearing said generated first key occurs immediately upon performance of said step (a)(iv) of generating the second key.
  - 35. The invention of claim 1, wherein said step (b)(v) of clearing said regenerated first key occurs upon performance of said step (b)(iv) of generating the digital signature.
  - 36. The invention of claim 1, wherein said step (b)(v) of clearing said regenerated first key occurs immediately upon performance of said step (b)(iv) of generating the digital signature.
  - 37. The invention of claim 1, wherein said step (b)(v) of clearing said regenerated first key occurs following expiration of a predetermined period of time.
  - 38. The invention of claim 1, wherein said step (b)(v) of clearing said regenerated first key occurs immediately upon expiration of a predetermined period of time.
  - 39. The invention of claim 38, wherein the predetermined period of time comprises the time period in which a predetermined number of digital signatures are generated using said regenerated first key.
  - 40. The invention of claim 38, wherein the predetermined period of time comprises the time period beginning with said step (b)(ii) of regenerating the first key, and ending with the termination of a communications session of the second computer system.
  - 41. The invention of claim 38, wherein said step (b)(iv) of generating the digital signature is performed in response to a digital signature request from a program, and wherein the predetermined period of time comprises the time period beginning with said step (b)(iv) of regenerating the first key and ending with a subsequent digital signature request from a different program.
  - 42. The invention of claim 38, wherein the predetermined period of time consists of a predetermined fixed amount of time.
  - 43. The invention of claim 1, wherein said steps of clearing each comprises overwriting data.
  - 44. The invention method of claim 43, wherein said overwriting comprises wiping.
  - 45. The invention of claim 43, wherein said overwriting comprises writing pseudo random bit strings.
  - 46. The invention of claim 1, further comprising a computer-readable medium having computer-executable instructions for performing the method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Beeson, Curtis Linn

Granted Patent

US 7,490,239 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/180
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3066   involving algebraic varieti...

H04L 9/3226   using a predetermined code,...

H04L 9/3252   using DSA or related signat...

FACILITATING DIGITAL SIGNATURE BASED ON EPHEMERAL PRIVATE KEY

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

FACILITATING DIGITAL SIGNATURE BASED ON EPHEMERAL PRIVATE KEY

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links