Method for certifying public keys in a digital signature scheme
First Claim
Patent Images
1. A method for certifying pieces of data in a system having authorities that certify data, comprising the steps of:
- (a) presenting a piece of data requiring certification to a first authority for inspection of a given property;
(b) if the piece of data passes the inspection of the first authority, causing a second authority to receive an indication that the piece of data has passed the inspection of at least the first authority;
(c) having the second authority issue a certificate that the piece of data possesses the given property, the second authority including in the certificate a signature of the second authority and the second authority omitting from the certificate a public key of the first authority; and
(d) storing accountability information that renders at least the first authority accountable for pieces of data that the first authority contributes to certify.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for certifying public keys of a digital signature scheme in a communications system is provided. The secure communications system is one in which there are at least two levels of authorities. A user presents a piece of data to an intermediate level authority who, upon verifying the data, causes an issuing authority to issue a certificate that the piece of data posses a given property. Although the certificate is compacted by not having it contain a pubic key of the intermediate authority, nonetheless, information is stored in order to keep the intermediate authority accountable.
-
Citations
46 Claims
-
1. A method for certifying pieces of data in a system having authorities that certify data, comprising the steps of:
-
(a) presenting a piece of data requiring certification to a first authority for inspection of a given property; (b) if the piece of data passes the inspection of the first authority, causing a second authority to receive an indication that the piece of data has passed the inspection of at least the first authority; (c) having the second authority issue a certificate that the piece of data possesses the given property, the second authority including in the certificate a signature of the second authority and the second authority omitting from the certificate a public key of the first authority; and (d) storing accountability information that renders at least the first authority accountable for pieces of data that the first authority contributes to certify. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for certifying public keys where there are a plurality of authorities A1, . . . , An that certify data, where each i<
- n authority Ai is configured to send authority Ai+1 authenticated messages that are verifiable by Ai+1 as having genuinely come from Ai, and authority An has a signing key SKn and an associated certified public key, PKn, the method comprising the steps of;
(a) having a verification key PKU presented to authority A1 ; (b) having authority A1 verify, by means of a predetermined procedure, that PKU possesses some properties out of a set of given properties; (c) for all i<
n, having authority Ai send authority Ai+1 a message indicating that PKU has been verified to possess the given properties;(d) having An issue a certificate for PKU, An including in the certificate a signature provided using SKn and An omitting from the certificate a public key of at least one authority Aj for some j<
n; and(e) storing accountability information that renders Aj accountable for keys that Aj contributes to certify. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- n authority Ai is configured to send authority Ai+1 authenticated messages that are verifiable by Ai+1 as having genuinely come from Ai, and authority An has a signing key SKn and an associated certified public key, PKn, the method comprising the steps of;
Specification