Method for certifying public keys in a digital signature scheme
First Claim
1. A method for certifying pieces of data in a secure communications system with at least two levels of authorities, comprising the steps of:
- presenting a piece of data requiring certification to a first-level authority for inspection of a given property;
if the piece of data passes the inspection of the first-level authority, having the first-level authority send to a higher authority a digital signature evidencing that the piece of data has passed the inspection of the first-level authority; and
if the digital signature of the first-level authority is correct, having the higher authority issue a certificate, which does not include a signature of the first level authority, that the piece of data possesses the given property.
8 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
A method for certifying public keys of a digital signature scheme in a secure communications system is provided. The secure communications system in one in which there are authorities with previously-certified public verification keys. The method begins by having a user U present an authority a verification key PKU. The authority then identifies the presenting user as U. Thereafter, the authority verifies that the presenting user knows the secret signing key associated with PKU. If so, the authority computes a digital signature S relative to the authority'"'"'s own public key PKA of its verification that PKU is the public key of user U. The authority then issues a certificate that PKU is the public key of user U, the certificate including both S and a certificate for PKA.
-
Citations
23 Claims
-
1. A method for certifying pieces of data in a secure communications system with at least two levels of authorities, comprising the steps of:
-
presenting a piece of data requiring certification to a first-level authority for inspection of a given property; if the piece of data passes the inspection of the first-level authority, having the first-level authority send to a higher authority a digital signature evidencing that the piece of data has passed the inspection of the first-level authority; and if the digital signature of the first-level authority is correct, having the higher authority issue a certificate, which does not include a signature of the first level authority, that the piece of data possesses the given property. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for certifying public keys of a digital signature scheme where there is at least one authority A with a certified public verification key PKA, comprising the steps of:
-
having a user U present an authority B, having a verification key PKB, a verification key PKU together with a message correctly signed with respect to verification key PKU ; having authority B identify the presenting user as U; having authority B verify that the presented digital signature of U is a correct digital signature of the message with respect to the presented verification key PKU ; having authority B compute a digital signature S relative to PKB of the fact that PKU is a legitimate public key of user U; and having authority A issue a certificate that PKU is the public key of user U, which can be verified without a separate certificate for PKB, the certificate including a certificate for PKA whenever PKA is not certified by virtue of being universally known to users of the signature scheme.
-
-
10. A method for certifying public keys of a digital signature scheme in a secure communications system where there is at least one authority with a certified public verification key PKA, comprising the steps of:
-
having a user U present an authority a verification key PKU ; having the authority identify the presenting user as U; having the authority verify that the presenting user knows the secret signing key associated with PKU ; having the authority compute a digital signature S relative to PKA of the fact that PKU is the public key of user U; and having the authority issue a certificate that PKU is the public key of user U, the certificate including both S and a certificate for PKA. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for certifying public keys of a digital signature scheme where there are a plurality of authorities A1, . . . , An, where each authority Ai has a secret signing key SKi and a matching verification key PKi known to Ai+1, and a verification key of An, PKn, is already certified or universally known to users of a signature scheme, comprising the steps of:
-
having user U present A1 a verification key PKU ; having authority A1 verify, by means of a predetermined procedure, that PKU possesses some properties out of a set of predetermined properties; for i<
n, having authority Ai send authority Ai+1 at least a properly chosen digital signature, with respect to verification key PKi, indicating that PKU has been verified to possess some predetermined properties;having An issue a certificate for PKU which can be verified to be correct given a certificate for PKn, which certificate for PKU does not include at least one certificate for PKi for some i<
n, but which may include a certificate for PKn if PKn is not universally known to the users of the signature scheme. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for certifying public keys of a digital signature scheme where there are a plurality of authorities A1, . . . , An, where each i<
- n authority Ai can send authority Ai+1 authenticated messages so that at least Ai+1 can be sure that these messages genuinely come from Ai, and authority An has a signing key SKn and an associated public key PKn, which is either certified or universally known to users of a signature scheme, comprising the steps of;
having a verification key PKU presented to authority A1 ; having authority A1 verify, by means of a predetermined procedure, that PKU possesses some properties out of a set of predetermined properties; for all i<
n, having authority Ai send authority Ai+1 an authenticated message indicating that PKU has been verified to possess some predetermined properties;having An issue a certificate for PKU which can be verified valid if PKn is known to be the public key of authority An, and which may include a certificate for PKn if PKn is not universally known to the users of the signature scheme, wherein the certificate for PKU does not include any certificate relative to authority Ai for some i<
n.
- n authority Ai can send authority Ai+1 authenticated messages so that at least Ai+1 can be sure that these messages genuinely come from Ai, and authority An has a signing key SKn and an associated public key PKn, which is either certified or universally known to users of a signature scheme, comprising the steps of;
-
23. A method for certifying public keys of a digital signature scheme where there is at least one authority with a certified public verification key PKA, comprising the steps of:
-
having a user U present an authority a verification key PKU together with a message correctly signed with respect to verification key PKU and indicating that U is the owner of verification key PKU ; having the authority identify the presenting user as U; having the authority verify that the presented digital signature of U is a correct digital signature of the message with respect to the presented verification key PKU ; having the authority compute a digital signature S relative to PKU of the fact that PKU is a legitimate public key of user U; and having the authority issue a certificate that PKU is the public key of user U, the certificate including both S and a certificate for PKU.
-
Specification