Public key/signature cryptosystem with enhanced digital signature certification
First Claim
1. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said users having a public key and an associated private key, a method for controlling authority in a message digitally signed by a first party comprising the steps of:
- specifying a digital authority defining data structure including;
a first digital field indicative of the public key of the first party,a second digital field indicative of the public key of a second party whose digital signature, in addition to the signature of the first party, must also be associated with the signed message in order for the signed message to be treated as properly authorized, anddigitally signing the message such that the message is related to the digital authority defining data structure as part of the signature process, whereby message recipients may determine the digitally authority defining data structure during a signature verification process.
0 Assignments
0 Petitions
Accused Products
Abstract
A public key cryptographic system is disclosed with enhanced digital signature certification which authenticates the identity of the public key holder. A hierarchy of nested certifications and signatures are employed which indicate the authority and responsibility levels of the individual whose signature is being certified. The certifier in constructing a certificate generates a special message that includes fields identifying the public key which is being certified, and the name of the certifiee. The certificate is constructed by the certifier to define the authority which is being granted and which may relate to a wide range of authorizations, delegation responsibilities or restrictions given to, or placed on the certifiee. Methodology is also disclosed by which multiple objects such as, for example, a cover letter, an associated enclosed letter, an associated graphics file, etc., are signed together. Methodology is also disclosed for digitally signing documents in which a digital signature is generated for both computer verification and for reverification if a document needs to be reconfirmed by reentering from a paper rendition.
-
Citations
15 Claims
-
1. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said users having a public key and an associated private key, a method for controlling authority in a message digitally signed by a first party comprising the steps of:
-
specifying a digital authority defining data structure including; a first digital field indicative of the public key of the first party, a second digital field indicative of the public key of a second party whose digital signature, in addition to the signature of the first party, must also be associated with the signed message in order for the signed message to be treated as properly authorized, and digitally signing the message such that the message is related to the digital authority defining data structure as part of the signature process, whereby message recipients may determine the digitally authority defining data structure during a signature verification process. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said users having a public key and an associated private key, a method for controlling authority in a hierarchial manner comprising the steps of:
-
formulating at least a portion of a digital message, digitally signing at least said portion of said digital message; and indicating within said message a digital authority defining data structure having a plurality of digital fields created by a a certifier, said authorizing digital authority defining data structure being created by the steps of; specifying by the certifier in at least one of said digital fields, the authority which is vested in the certifier limiting the authority which has been delegated to the signer of said message, by including sufficient digital information to enable a recipient of said message to verify, by electronically analyzing said message, that the authority exercised by the signer in signing the content of said message created by the signer was properly exercised by the signer in accordance with the authority delegated by the certifier; and identifying the certifier in other of said digital fields by including sufficient digital information for said recipient of the message to determine by electronically analyzing said message that the certifier possesses the authority to grant said delegated authority. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification