METHOD OF GENERATING COMPOUND TYPE COMBINED PUBLIC KEY

US 20110173452A1
Filed: 05/27/2009
Published: 07/14/2011
Est. Priority Date: 05/28/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method of generating a compound type combined public key, including the following steps:

a) a key management center KMC generating an identity private-key isk based on a combining matrix and an entity identity;

b) the key management center KMC defining a system private-key ssk for each entity,c) the key management center KMC combining the identity private-key isk and the system private-key ssk to generate a first-order combined private-key csk′

;

d) the key management center KMC calculating a system public key SPK corresponding to the system private key ssk;

e) the key management center KMC writing the first-order combined private-key csk′

into a ID certificate;

f) a relying party combining an identity public key IPK and the system public key SPK to generate a first-order combined public key CPK'"'"';

g) a user self-defining an updating private key usk and an updating public key UPK;

h) the user combining the first-order combined private key csk′ and

the updating private key usk to generate a second-order combined private key csk″

;

i) the user combining the system public key SPK and the updating public key UPK to generate an accompanying public key APK; and

j) the user combining the identity public key IPK and the accompanying public key APK to generate a second-order combined public key CPK″

.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention constructs a compound type combined public key system on the basis of a combined public key CPK system. The combined key is combined by an identity key and a randomly defined key. The randomly defined key can be defined by a center, called a system key; and can be self-defined, called updating key. Combination of the identity key and the system key generates a first-order combined key. The first-order combined key is then combined with the updating key to generate a second-order combined key. The first-order combined key can be used for centralized digital signature and key exchange. The second-order combined key can be used for distributed digital signature, to provide individual with convenient key exchange and absolute privacy. A combining matrix, as a trust root, provides proof of integrity of identity and key, with no need of third party proof. The present invention can be widely used in fields such as trusted connecting (communication), code authentication (software), e-bank (note), trusted transaction, trusted logistics, and network management.

Citations

19 Claims

1. A method of generating a compound type combined public key, including the following steps:
- a) a key management center KMC generating an identity private-key isk based on a combining matrix and an entity identity;
  
  b) the key management center KMC defining a system private-key ssk for each entity,c) the key management center KMC combining the identity private-key isk and the system private-key ssk to generate a first-order combined private-key csk′
  
  ;
  
  d) the key management center KMC calculating a system public key SPK corresponding to the system private key ssk;
  
  e) the key management center KMC writing the first-order combined private-key csk′
  
  into a ID certificate;
  
  f) a relying party combining an identity public key IPK and the system public key SPK to generate a first-order combined public key CPK'"'"';
  
  g) a user self-defining an updating private key usk and an updating public key UPK;
  
  h) the user combining the first-order combined private key csk′ and
  
  the updating private key usk to generate a second-order combined private key csk″
  
  ;
  
  i) the user combining the system public key SPK and the updating public key UPK to generate an accompanying public key APK; and
  
  j) the user combining the identity public key IPK and the accompanying public key APK to generate a second-order combined public key CPK″
  
  .
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein:
    - the first-order combined public key CPK′
      
      =identity public key IPK+system public key SPK.
  - 3. The method of claim 1 or claim 2, wherein step a) includes:
    - the key management center KMC generating the identity private key isk of an entity based on the entity identity and a private key combining matrix.
  - 4. The method of claim 1 or claim 2, wherein step e) further includes:
    - when the private key of each entity needs to be changed, each entity self-defines or changes the updating private key usk.
  - 5. The method of claim 1 or claim 2, wherein step c) includes:
    - writing the first-order combined private key csk′
      
      into the ID certificate and distributing to the user.
  - 6. The method of claim 1 or claim 2, wherein when signing, the second-order combined private key csk″
    - is used to sign, and the accompanying public key APK is sent to the relying party as a portion of a signature code.
  - 7. The method of claim 6, wherein the signature code is:
    - SIG_csk″(TAG)=sign, APK,wherein SIG is a signature protocol, csk″
      
      is the second-order combined private key used for signature, TAG is entity identity domain, time domain and specified string defined by an international standard, sign is the signature code, and APK is the accompanying public key.
  - 8. The method of claim 6, wherein when verifying the signature, the relying party uses a combining public key matrix to calculate the identity public key IPK, and then uses the accompanying public key APK sent by a signer to calculate the second-order combined public key CPK″
    - of the other party, so as to verify authenticity of the signature.
  - 9. The method of claim 8, wherein the verification code is:
    - SIG^−
      
      1_CPK″(TAG)=sign′
      
      ,wherein SIG^−
      
      1is a verification protocol, CPK″
      
      is a second-order combined public key, TAG is an entity identity domain, time domain and specified string defined by an international standard, and sign′
      
      is a verification code.
  - 10. The method of claim 1 or claim 2, wherein the combined public key is combined by the identity key, the system key and the updating key.
  - 11. The method of claim 1 or claim 2, wherein:
    - second-order combined public key CPK″
      
      =identity public key IPK+accompanying public key APK.
  - 12. The method of claim 10, wherein the identity key is defined by the combining matrix.
  - 13. The method of claim 10, wherein the updating key is self-defined or changed by the user.
  - 14. The method of claim 10, wherein the identity key is generated on the basis of a combined public key CPK system.
  - 15. The method of claim 10, wherein randomly defined key can be generated by a random number generator.
  - 16. The method of claim 10, wherein the combining matrix for generating the identity key is defined by the key management center.
  - 17. The method of claim 16, wherein definition of the combining matrix determines a nature of centralized management of the system.
  - 18. The method of claim 17, wherein the combining matrix implements mapping from an identity to a key variable, to become a “
    - trust root”
      
      of the system.
  - 19. The method of claim 16, wherein the key management center publishes the public key combining matrix as a trust root, for each entity to calculate the identity public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing E-Henxen Authentication Technologies Company Limited
Original Assignee
Beijing E-Henxen Authentication Technologies Company Limited
Inventors
Nan, Xiang-hao, Chen, Huaping

Application Number

US12/995,097
Publication Number

US 20110173452A1
Time in Patent Office

Days
Field of Search
US Class Current

713/179
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/083   involving central third par...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3247   involving digital signatures

METHOD OF GENERATING COMPOUND TYPE COMBINED PUBLIC KEY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF GENERATING COMPOUND TYPE COMBINED PUBLIC KEY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links