Desinated-confirmer signature systems
First Claim
1. A method for public-key digital authentication of messages, comprising the steps of:
- creating a private key by a signing party;
making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party;
creating a private key by a confirming party and keeping the private key substantially unavailable to at least said receiving party;
making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party;
communicating data including a signature between said signing and said receiving parties, where (a) the data is convincing to the receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and (b) where it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party.
19 Assignments
0 Petitions
Accused Products
Abstract
Cryptographic methods and apparatus for signing (101), receiving (102), verifying (103), and confirming (104) designated-confirmer signatures are disclosed. Such a signature (11) convinces the receiver that the confirmer can convince others that the signer issued the signature. Thus, more protection is provided to the recipient of a signature than with prior art zero-knowledge or undeniable signature techniques, and more protection is provided to the signer than with prior art self-authenticating signatures.
A designated confirmer signature is formed in a setting where the signer creates and issues a public key (201) and the confirmer also creates and issues a public key (202). Should the confirmer offer a confirmation (13), the verifier is convinced that the signature was issued by the signer. Such confirmation can itself be, for example, self-authenticating, unconvincing to other parties, or designated confirmer. With plural confirmers, various combinations may be realized, some even including confirmer anonymity.
-
Citations
24 Claims
-
1. A method for public-key digital authentication of messages, comprising the steps of:
-
creating a private key by a signing party; making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party; creating a private key by a confirming party and keeping the private key substantially unavailable to at least said receiving party; making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party; communicating data including a signature between said signing and said receiving parties, where (a) the data is convincing to the receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and (b) where it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus for public-key digital authentication of messages, comprising:
-
means for creating a private key by a signing party; means for making a public key, corresponding to said private key of said signing party, verifiable by at least a receiving party; means for creating a private key by a confirming party and for keeping the private key substantially unavailable to at least said receiving party; means for making a public key, corresponding to said private key of said confirming party, verifiable by at least said receiving party; means for communicating data including a signature between said signing and said receiving parties, including (a) means to ensure that the data is convincing to said receiving party that, by use of said private key corresponding to said public key of said confirming party, other parties can be convinced that the signature was made by the signing party, and also including (b) means to ensure that it is substantially infeasible for the receiving party, for so long as the private key corresponding to the public key of the confirming party is unavailable to the receiving party, to convince other parties of the signature by the signing party. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for creating a first signature hinged on a second signature, comprising the steps of:
-
creating a first private key by a signer party; making a corresponding first public key known to at least one other party; forming said second signature, related to a second public key, without knowledge of the corresponding second private key; and forming said first signature, by said signer party, depending on said second signature, such that validity of said second signature substantially means validity of said first signature and validity of said hinged signature as whole, and substantial unconvincingness of said second signature means substantial unconvincingness of said first signature and unconvincingness of said hinged signature as a whole. - View Dependent Claims (18, 19, 20)
-
-
21. Apparatus for creating a first signature hinged on a second signature, said apparatus comprising:
-
means for creating a first private key by a signer party; means for making a corresponding first public key known to at least one other party; means for forming said second signature, related to a second public key, without knowledge of the corresponding second private key; and means for forming said first signature, by said signer party, depending on said second signature, such that validity of said second signature substantially means validity of said first signature and validity of said hinged signature as whole, and substantial unconvincingness of said second signature means substantial unconvincingness of said first signature and unconvincingness of said hinged signature as a whole. - View Dependent Claims (22, 23, 24)
-
Specification