Public key/signature cryptosystem with enhanced digital signature certification
First Claim
1. In a communication system having a plurality of terminal devices coupled to a channel over which users of said terminal devices may exchange messages, at least some users having a public key and an associated key, an improved method for managing authority by digitally signing and certifying a message to be transmitted to an independent recipient comprising the steps of:
- formulating at least a portion of a digital message;
digitally signing at least said portion of said message; and
including within said message an authorizing digital certificate having a plurality of digital fields created by a certifier, said authorizing certificate being created by the steps of;
specifying by the certifier in at least one of said digital fields, the authority which is vested in the certifier and which has been delegated to the signer of said message, by including sufficient digital information to enable said independent recipient of said message to verify, be electronically analyzing said message in accordance with a predetermined validation algorithm, that the authority exercised by the signer in signing the content of said message created by the signer was properly exercised by the signer in accordance with the authority delegated by the certifier; and
identifying the certifier who has created the signer,s certificate in other of said digital fields by including sufficient digital information for said recipient of the message to determine by electronically analyzing said message that the certifier has been granted the authority to grant said delegated authority.
0 Assignments
0 Petitions
Accused Products
Abstract
A public key cryptographic system is disclosed with enhanced digital signature certification which authenticates the identity of the public key holder. A hierarchy of nested certifications and signatures are employed which indicate the authority and responsibility levels of the individual whose signature is being certified. The present invention enhances the capabilities of public key cryptography so that it may be employed in a wider variety of business transactions, even those where two parties may be virtually unknown to each other. Counter-signature and joint-signature requirements are referenced in each digital certification to permit business transactions to take place electronically, which heretofore often only would take place after at least one party physically winds his way through a corporate bureaucracy. The certifier in constructing a certificate generates a special message that includes fields indentifying the public key which is being certified, and the name of the certifiee. In addition, the certificate constructed by the certifier includes the authority which is being granted including information which reflects issues of concern to the certifier such as, for example, the monetary limit for the certifiee and the level of trust which is granted to the certifiee. The certificate may also specify cosignature requirements which are being imposed upon the certifiee.
699 Citations
46 Claims
-
1. In a communication system having a plurality of terminal devices coupled to a channel over which users of said terminal devices may exchange messages, at least some users having a public key and an associated key, an improved method for managing authority by digitally signing and certifying a message to be transmitted to an independent recipient comprising the steps of:
-
formulating at least a portion of a digital message; digitally signing at least said portion of said message; and including within said message an authorizing digital certificate having a plurality of digital fields created by a certifier, said authorizing certificate being created by the steps of; specifying by the certifier in at least one of said digital fields, the authority which is vested in the certifier and which has been delegated to the signer of said message, by including sufficient digital information to enable said independent recipient of said message to verify, be electronically analyzing said message in accordance with a predetermined validation algorithm, that the authority exercised by the signer in signing the content of said message created by the signer was properly exercised by the signer in accordance with the authority delegated by the certifier; and identifying the certifier who has created the signer,s certificate in other of said digital fields by including sufficient digital information for said recipient of the message to determine by electronically analyzing said message that the certifier has been granted the authority to grant said delegated authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. In a communications system having a plurality of terminal devices coupled to a communications channel over which users of said terminal devices may exchange messages, at least some of said users having a public key and an associated private key, an improved method of digitally signing and certifying a message to be transmitted for managing authority comprising the steps of:
-
formulating at least a portion of a digital message; digitally signing at least said portion of said message; including within said message an authorizing digital certificate having a plurality of digital fields created for the signer by a certifier, said authorizing certificate being created by the steps of; specifying by the certifier in at least one of said digital fields at least one party whose digital signature, in addition to the signer'"'"'s signature, is required to be transmitted with said message in order for said signer'"'"'s signature to be treated as properly authorized; and identifying the certifier who has created the signer,s certificate in other of said digital fields by including sufficient digital information to enable the recipient of said message to determine by electronically analyzing said message that the certifier has been granted the authority to certify the signer'"'"'s certificate. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method of digitally signing and certifying a sender'"'"'s message to enable a recipient to determine that the send-r is properly authorized comprising the steps of:
-
specifying in at least one digital field in an authorizing digital certificate created by a certifier the delegated authority which has been granted to the sender, said authorizing certificate including a plurality of digital fields; identifying in other of said digital fields in said certificate the identity of the certifier by including sufficient digital information for said recipient to determine that the certifier has been granted the authority to grant the delegated authority; transmitting a message to said recipient having at least one digital signature, said message including said digital certificate which specifies the authority which has been granted to the sender; receiving said message by said recipient and validating the identity of the sender by electronically analyzing the at least one digital signature; and determining the authority which has been granted to the sender by analyzing the delegated authority information specified in said authorizing certificate and determining by electronically analyzing said digital fields that said certifier has been granted the authority to grant said delegated authority. - View Dependent Claims (41, 42, 43, 44, 45, 46)
-
Specification