IMPLICITLY CERTIFIED PUBLIC KEYS

US 20120314856A1
Filed: 05/04/2012
Published: 12/13/2012
Est. Priority Date: 06/10/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accessing an implicit certificate associated with an entity and generated by a certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;

accessing certificate authority public key information associated with the certificate authority;

generating a first value based on evaluating a hash function, wherein the hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity; and

generating a public key value of the entity based on the first value.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer programs for using an implicit certificate are described. In some aspects, an implicit certificate is accessed. The implicit certificate is associated with an entity and generated by a certificate authority. The implicit certificate includes a public key reconstruction value of the entity. Certificate authority public key information is accessed. The certificate authority public key information is associated with the certificate authority that issued the implicit certificate. A first value is generated based on evaluating a hash function. The hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity. A public key value of the entity can be generated or otherwise used based on the first value.

22 Citations

View as Search Results

21 Claims

1. A method comprising:
- accessing an implicit certificate associated with an entity and generated by a certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing certificate authority public key information associated with the certificate authority;
  
  generating a first value based on evaluating a hash function, wherein the hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the certificate authority comprises a root certificate authority, and the entity comprises a second certificate authority that is subordinate to the root certificate authority.
  - 3. The method of claim 1, wherein the certificate authority comprises an intermediate certificate authority that is subordinate to a root certificate authority, the entity comprises a second certificate authority that is subordinate to the intermediate certificate authority, and the implicit certificate is based on a chain of implicit certificates.
  - 4. The method of claim 1, wherein the certificate authority comprises a root certificate authority and the entity comprises a correspondent.
  - 5. The method of claim 1, wherein generating the public key value comprises at least one of:
    - validating the public key value;
      
      orusing the public key value to verify a digital signature from the entity.
  - 6. The method of claim 1, wherein generating the public key value comprises evaluating a cryptographic function that uses the public key value.
  - 7. The method of claim 6, wherein evaluating the cryptographic function does not explicitly compute the public key value.
  - 8. The method of claim 1, wherein the first value and the public key value are generated by the entity.
  - 9. The method of claim 1, wherein the first value and the public key value are generated by the certificate authority.
  - 10. The method of claim 1, wherein the first value and the public key value are generated by a second, different entity that relies on the public key value.
  - 11. The method of claim 1, wherein the certificate authority public key information comprises at least one of a public key value of the certificate authority or a public key reconstruction value of the certificate authority.
  - 12. The method of claim 1, wherein the certificate authority comprises a subordinate certificate authority, the method further comprises accessing additional certificate authority public key information associated with a root certificate authority, and the first value is generated based on evaluating the hash function based on:
    - the certificate authority public key information of the subordinate certificate authority;
      
      the additional certificate authority public key information of the root certificate authority; and
      
      the public key reconstruction value of the entity.

13. A non-transitory computer-readable storing instructions that are operable when executed by data processing apparatus to perform operations comprising:
- accessing an implicit certificate associated with an entity and generated by a certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing certificate authority public key information associated with the certificate authority;
  
  generating a first value based on evaluating a hash function, wherein the hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer-readable medium of claim 13, wherein the certificate authority comprises an intermediate certificate authority that is subordinate to a root certificate authority, the entity comprises a second certificate authority that is subordinate to the intermediate certificate authority, and the implicit certificate is based on a chain of implicit certificates.
  - 15. The computer-readable medium of claim 13, wherein generating the public key value comprises at least one of:
    - validating the public key value;
      
      orusing the public key value to verify a digital signature generated by the entity.
  - 16. The computer-readable medium of claim 13, wherein generating the public key value comprises evaluating a cryptographic function that uses the public key value, and evaluating the cryptographic function does not explicitly compute the public key value.
  - 17. The computer-readable medium of claim 13, wherein the certificate authority comprises a subordinate certificate authority, the operations further comprise accessing additional certificate authority public key information associated with a root certificate authority, and the first value is generated based on evaluating the hash function based on:
    - the certificate authority public key information of the subordinate certificate authority;
      
      the additional certificate authority public key information of the root certificate authority; and
      
      the public key reconstruction value of the entity.

18. A computing system comprising a cryptographic module operable to perform operations, the operations comprising:
- accessing an implicit certificate associated with an entity and generated by a certificate authority, wherein the implicit certificate includes a public key reconstruction value of the entity;
  
  accessing certificate authority public key information associated with the certificate authority;
  
  generating a first value based on evaluating a hash function, wherein the hash function is evaluated based on the certificate authority public key information and the public key reconstruction value of the entity; and
  
  generating a public key value of the entity based on the first value.
- View Dependent Claims (19, 20, 21)
- - 19. The computing system of claim 18, wherein the cryptographic module includes a signature generation module.
  - 20. The computing system of claim 18, wherein the cryptographic module includes a signature verification module.
  - 21. The computing system of claim 18, wherein the cryptographic module includes a certificate generation module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Zaverucha, Gregory Marc, Kravitz, David William, Brown, Daniel Richard L.

Granted Patent

US 10,148,422 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/007   involving hierarchical stru...

H04L 9/3066   involving algebraic varieti...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

IMPLICITLY CERTIFIED PUBLIC KEYS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

IMPLICITLY CERTIFIED PUBLIC KEYS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links