Desinated-confirmer signature systems

US 5,373,558 A
Filed: 05/25/1993
Issued: 12/13/1994
Est. Priority Date: 05/25/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method for public-key digital authentication of messages, comprising the steps of:

creating a private key by a signing party;

making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;

creating a private key by a confirming party and keeping the private key substantially unavailable to at least said receiving party;

making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party;

communicating data including a signature between said signing and said receiving parties, where (a) the data is convincing to the receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and (b) where it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic methods and apparatus for signing (101), receiving (102), verifying (103), and confirming (104) designated-confirmer signatures are disclosed. Such a signature (11) convinces the receiver that the confirmer can convince others that the signer issued the signature. Thus, more protection is provided to the recipient of a signature than with prior art zero-knowledge or undeniable signature techniques, and more protection is provided to the signer than with prior art self-authenticating signatures.

A designated confirmer signature is formed in a setting where the signer creates and issues a public key (201) and the confirmer also creates and issues a public key (202). Should the confirmer offer a confirmation (13), the verifier is convinced that the signature was issued by the signer. Such confirmation can itself be, for example, self-authenticating, unconvincing to other parties, or designated confirmer. With plural confirmers, various combinations may be realized, some even including confirmer anonymity.

Citations

24 Claims

1. A method for public-key digital authentication of messages, comprising the steps of:
- creating a private key by a signing party;
  
  making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
  
  creating a private key by a confirming party and keeping the private key substantially unavailable to at least said receiving party;
  
  making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party;
  
  communicating data including a signature between said signing and said receiving parties, where (a) the data is convincing to the receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and (b) where it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. In the method of claim 1, providing said signature to said confirming party.
  - 3. In the method of claim 2, wherein said confirming party confirms that a signature is convincing to the receiving party but where transcripts of associated received data are substantially unconvincing to the receiving party.
  - 4. In the method of claim 2, said confirming party confirming a signature by issuing a self-authenticating signature.
  - 5. In the method of claim 1, said confirming party being able to confirm individual signatures without confirming any others.
  - 6. In the method of claim 1, requiring cooperation of plural confirming parties to confirm a signature.
  - 7. In the method of claim 1, allowing cooperation of alternate confirming parties to confirm a signature.
  - 8. In the method of claim 7, said confirming party not revealing its identity in the confirmation process.

9. Apparatus for public-key digital authentication of messages, comprising:
- means for creating a private key by a signing party;
  
  means for making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
  
  means for creating a private key by a confirming party and for keeping the private key substantially unavailable to at least said receiving party;
  
  means for making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party;
  
  means for communicating data including a signature between said signing and said receiving parties, including (a) means to ensure that the data is convincing to said receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and also including (b) means to ensure that it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. In the apparatus of claim 9, including means for providing said signature to said confirming party.
  - 11. In the apparatus of claim 9, including means for said confirming party to confirm that a received signature is convincing to the receiving party, but where transcripts of associated received data are substantially unconvincing to the receiving party.
  - 12. In the apparatus of claim 9, including means for said confirming party to confirm said signature by creating a self-authenticating signature.
  - 13. In the apparatus of claim 9, including means for said confirming party to confirm individual signatures without confirming any others.
  - 14. In the apparatus of claim 9, including means ensuring cooperation of plural confirming parties to confirm a said signature.
  - 15. In the apparatus of claim 14, including means for said confirming party to conceal its identity in the confirmation.
  - 16. In the apparatus of claim 9, including means allowing cooperation of alternate confirming parties to confirm a said signature.

17. A method for creating a first signature hinged on a second signature, comprising the steps of:
- creating a first private key by a signer party;
  
  making a corresponding first public key known to at least one other party;
  
  forming said second signature, related to a second public key, without knowledge of the corresponding second private key; and
  
  forming said first signature, by said signer party, depending on said second signature, such that validity of said second signature substantially means validity of said first signature and validity of said hinged signature as whole, and substantial unconvincingness of said second signature means substantial unconvincingness of said first signature and unconvincingness of said hinged signature as a whole.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 including the further step of:
    - forming said first signature by replacing the output of a one-way function in a signature scheme by the output of a combining function;
      
      said combining function taking one or more parameters of said second signature as a first input;
      
      said combining function taking the output of said one-way function as a second input; and
      
      said combining function producing an output such that substantial control over said first input gives substantial control over said output of said combining function.
  - 19. The method of claim 17, including the further steps of:
    - issuing, by said signer party, to a receiver party, said hinged signature;
      
      convincing, by said signer party, of said receiver party, that at least one confirmer party, corresponding with said second public key, can separately convince other parties that the hinged signature was formed using said private key; and
      
      said signature and said convincing by said signer party being such that said receiver party is substantially unable to convince other parties knowing said first and said second public keys that said first signature was formed using said first private key.
  - 20. The method of claim 18, including the further steps of:
    - issuing, by said signer party, to a receiver party, said hinged signature;
      
      convincing, by said signer pretty, of said receiver party, that at least one confirmer party, corresponding with said second public key, can separately convince other parties that the hinged signature was formed using said private key; and
      
      said signature and said convincing by said signer party being such that said receiver party is substantially unable to convince other parties knowing said first and said second public keys that said first signature was formed using said first private key.

21. Apparatus for creating a first signature hinged on a second signature, said apparatus comprising:
- means for creating a first private key by a signer party;
  
  means for making a corresponding first public key known to at least one other party;
  
  means for forming said second signature, related to a second public key, without knowledge of the corresponding second private key; and
  
  means for forming said first signature, by said signer party, depending on said second signature, such that validity of said second signature substantially means validity of said first signature and validity of said hinged signature as whole, and substantial unconvincingness of said second signature means substantial unconvincingness of said first signature and unconvincingness of said hinged signature as a whole.
- View Dependent Claims (22, 23, 24)
- - 22. Apparatus as in claim 21 further comprising:
    - means for forming said first signature by replacing the output of a one-way function in a signature scheme by the output of a combining function;
      
      means for causing said combining function to take one or more parameters of said second signature as a first input;
      
      means for causing said combining function to take the output of said one-way function as a second input; and
      
      means for causing said combining function to produce an output such that substantial control over said first input gives substantial control over said output of said combining function.
  - 23. Apparatus as in claim 21 further comprising:
    - means for issuing, by said signer party, to a receiver party, said hinged signature;
      
      means for convincing, by said signer party, of said receiver party, that at least one confirmer party, corresponding with said second public key, can separately convince other parties that the hinged signature was formed using said private key; and
      
      means for causing said signature and said convincing by said signer party to be such that said receiver party is substantially unable to convince other parties knowing said first and said second public keys that said first signature was formed using said first private key.
  - 24. Apparatus as in claim 22 further comprising:
    - means for issuing, by said signer party, to a receiver party, said hinged signature;
      
      means for convincing, by said signer party, of said receiver party, that at least one confirmer party, corresponding with said second public key, can separately convince other parties that the hinged signature was formed using said private key; and
      
      means for causing said signature and said convincing by said signer party to be such that said receiver party is substantially unable to convince other parties knowing said first and said second public keys that said first signature was formed using said first private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Van Detsan Networks LLC (Intellectual Ventures LLC)
Original Assignee
David Chaum
Inventors
Chaum, David
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/066,669
Time in Patent Office

567 Days
Field of Search

380/30, 380/23
US Class Current

713/180
CPC Class Codes

G07F 7/1016 Devices or methods for secu...

H04L 9/3247 involving digital signatures

Desinated-confirmer signature systems

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Desinated-confirmer signature systems

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links