Method for securely using digital signatures in a commercial cryptographic system

US 5,659,616 A
Filed: 07/16/1996
Issued: 08/19/1997
Est. Priority Date: 07/19/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method of enforcing a policy in a cryptographic communication system comprising the steps of:

receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;

receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;

receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data;

verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid; and

accepting said transaction based on said outcome of said verifying,wherein said attribute data includes a timestamp indicating when said transaction was formed and wherein said rules specify allowed times at which transactions can be formed and wherein said step of verifying includes a step of determining whether said timestamp indicates one of said specified allowed times, andwherein said allowed times are certain days of the week, and wherein said step of verifying includes a step of determining whether said timestamp indicates that said transaction was formed on one of said certain days of the week.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securely using digital signatures in a commercial cryptographic system that allows industry-wide security policy and authorization information to be encoded into the signatures and certificates by employing attribute certificates to enforce policy and authorization requirements. In addition to value limits, cosignature requirements and document type restrictions that can be placed on transactions, an organization can enforce with respect to any transaction geographical and temporal controls, age-of-signature limitations, preapproved counterparty limitations and confirm-to requirements by using attribute certificates for the transacting user. Restrictions on distribution of certificates can be set using attribute certificates. Certificates can be used also to ensure key confinement and non-decryption requirements of smartcards in this system.

701 Citations

37 Claims

1. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid; and
  
  accepting said transaction based on said outcome of said verifying,wherein said attribute data includes a timestamp indicating when said transaction was formed and wherein said rules specify allowed times at which transactions can be formed and wherein said step of verifying includes a step of determining whether said timestamp indicates one of said specified allowed times, andwherein said allowed times are certain days of the week, and wherein said step of verifying includes a step of determining whether said timestamp indicates that said transaction was formed on one of said certain days of the week.

2. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid; and
  
  accepting said transaction based on said outcome of said verifying,wherein said attribute data includes a timestamp indicating when said transaction was formed and wherein said rules specify allowed times at which transactions can be formed and wherein said step of verifying includes a step of determining whether said timestamp indicates one of said specified allowed times, andwherein said allowed times are certain times of day, and wherein said step of verifying includes a step of determining whether said timestamp indicates that said transaction was formed at said certain times of day.

3. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid; and
  
  accepting said transaction based on said outcome of said verifying,wherein said attribute data includes a timestamp indicating when said transaction was formed and wherein said rules specify a time period after said transaction was formed within which said user signature is valid, and wherein said transaction is invalid if said signature is not verified within said specified time period, and wherein said step of verifying said transaction comprises the steps of;
  
  verifying said signature anddetermining whether said verifying of said signature took place within said specified time period.

4. A method A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid; and
  
  accepting said transaction based on said outcome of said verifying,wherein said attribute data includes a role said user is exercising by performing said transaction and wherein said rules specify roles which said user may exercise, and wherein said step of verifying includes a step of determining whether said role is one of said specified roles.

5. A method A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data, wherein said rules specify a list of at least one recipient of said transaction considered acceptable by said sponsor;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid, said step of verifying by a recipient including the step of determining whether said recipient is in said list; and
  
  accepting said transaction based on said outcome of said verifying,said method further comprising the steps of, after said step of verifying;
  
  forming a digital recipient signature based on said user transaction and on a private key of said recipient;
  
  combining said digital recipient signature and said user transaction to form a verified transaction;
  
  providing to said sponsor said verified transaction.

6. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and attribute data, and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital identifying certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user;
  
  receiving a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, and authorizing transactions by said user, said authorizing certificate containing rules specifying conditions under which said digital transaction is valid, said rules specifying that said sponsor must be notified of and must approve said transaction, said rules to be applied to said attribute data;
  
  verifying said transaction based on information in said identifying certificate and in said authorizing certificate, said step of verifying including applying said rules to said attribute data in order to verify that said transaction is valid;
  
  accepting said transaction based on said outcome of said verifying;
  
  notifying said sponsor of said transaction; and
  
  awaiting a reply from said sponsor.
- View Dependent Claims (7)
- - 7. A method as in claim 6, wherein said step of notifying includes the steps of:
    - sending said user transaction to said sponsor, and wherein said sponsor indicates approval of said transaction by returning to said recipient a confirmation transaction formed by said sponsor digitally signing said sent user transaction; and
      
      wherein said step of verifying further comprises the steps of;
      
      receiving from said sponsor a reply and determining whether said reply is a confirmation transaction signed by said sponsor.

8. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, said digital transaction containing attribute data including a timestamp indicating when said transaction was formed;
  
  combining with said digital user transaction a digital identifying certificate issued by a certifying authority, said identifying certificate having a plurality of digital fields, at least one of said fields identifying said user; and
  
  combining with said digital transaction a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, for authorizing transactions by said user, wherein said digital authorizing certificate contains rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data in order to determine whether said transaction is valid,wherein said rules specify allowed times at which transactions can be formed, and wherein said transaction is invalid if said timestamp does not indicate one of said specified allowed times, andwherein said allowed times are certain days of the week, and wherein said transaction is invalid if said timestamp indicates that said transaction was not formed on one of said certain days of the week.

9. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, said digital transaction containing attribute data including a timestamp indicating when said transaction was formed;
  
  combining with said digital user transaction a digital identifying certificate issued by a certifying authority, said identifying certificate having a plurality of digital fields, at least one of said fields identifying said user; and
  
  combining with said digital transaction a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, for authorizing transactions by said user, wherein said digital authorizing certificate contains rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data in order to determine whether said transaction is valid,wherein said rules specify allowed times at which transactions can be formed, and wherein said transaction is invalid if said timestamp does not indicate one of said specified allowed times, andwherein said allowed times are certain times of day and wherein said transaction is invalid if said timestamp indicates that said transaction was not formed at said certain times of day.

10. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, said digital transaction containing attribute data;
  
  combining with said digital user transaction a digital identifying certificate issued by a certifying authority, said identifying certificate having a plurality of digital fields, at least one of said fields identifying said user; and
  
  combining with said digital transaction a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, for authorizing transactions by said user, wherein said digital authorizing certificate contains rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data in order to determine whether said transaction is valid,wherein said attribute data includes a role said user is exercising by performing said transaction and wherein said rules specify roles which said user may exercise and wherein said transaction is invalid if said role is not one of said specified roles.

11. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, said digital transaction containing attribute data;
  
  combining with said digital user transaction a digital identifying certificate issued by a certifying authority, said identifying certificate having a plurality of digital fields, at least one of said fields identifying said user; and
  
  combining with said digital transaction a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, for authorizing transactions by said user, wherein said digital authorizing certificate contains rules specifying conditions under which said digital transaction is valid, said rules to be applied to said attribute data in order to determine whether said transaction is valid, wherein said rules specify that said sponsor must be notified of and must approve said transaction and wherein said transaction is invalid unless said sponsor is notified of said transaction.
- View Dependent Claims (36)
- - 36. A method as in claim 11, wherein said transaction is invalid unless, upon notification of said transaction, said sponsor approves said transaction.

12. A method of enforcing a policy in a cryptographic communication system comprising:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction;
  
  combining with said digital user transaction a digital identifying certificate issued by a certifying authority, said identifying certificate having a plurality of digital fields, at least one of said fields identifying said user; and
  
  combining with said digital transaction a digital authorizing certificate, separate from said identifying certificate and issued by a sponsor of said user, for authorizing transactions by said user,wherein said digital authorizing certificate contains rules identifying conditions under which said digital transaction is valid, said rules to be applied to said digital message in order to determine whether said transaction is valid.

13. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, wherein said transaction contains attribute data including a document type of said message;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies allowed document types for messages, and wherein said transaction is invalid if said document type is not one of said specified allowed document types.

14. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a document type of said message;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies allowed document types for messages;
  
  verifying said transaction based on information in said certificate, including determining whether said document type is one of said specified allowed document types; and
  
  accepting said transaction based on said outcome of said verifying.

15. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, wherein said transaction contains attribute data including a location at which said transaction was formed;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies allowed locations at which transactions may be formed, and wherein said transaction is invalid if said location is not one of said specified allowed locations.

16. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a location at which said transaction was formed;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies allowed locations at which transactions may be formed;
  
  verifying said transaction based on information in said certificate, including determining whether said location is one of said specified allowed locations; and
  
  accepting said transaction based on said outcome of said verifying.

17. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, wherein said transaction contains attribute data including a timestamp indicating when said transaction was formed;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies allowed times at which transactions may be formed, and wherein said transaction is invalid if said timestamp does not indicate one of said specified allowed times.
- View Dependent Claims (18, 19)
- - 18. A method as in claim 17, wherein said allowed times are certain days of the week, and wherein said transaction is invalid if said timestamp indicates that said transaction was not formed on one of said certain days of the week.
  - 19. A method as in claim 17, wherein said allowed times are certain times of day and wherein said transaction is invalid if said timestamp indicates that said transaction was not formed at said certain times of day.

20. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a timestamp indicating when said transaction was formed;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies allowed times at which transactions may be formed;
  
  verifying said transaction based on information in said certificate, including determining whether said timestamp indicates one of said specified allowed times; and
  
  accepting said transaction based on said outcome of said verifying.
- View Dependent Claims (21, 22)
- - 21. A method as in claim 20, wherein said allowed times are certain days of the week, and wherein said step of verifying includes a step of determining whether said timestamp indicates that said transaction was formed on one of said certain days of the week.
  - 22. A method as in claim 20, wherein said allowed times are certain times of day, and wherein said step of verifying includes a step of determining whether said timestamp indicates that said transaction was formed at said certain times of day.

23. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, wherein said transaction contains attribute data including a timestamp indicating when said transaction was formed;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies a time period within which said signature is valid, and wherein said transaction is invalid if said signature is not verified within said specified time period.
- View Dependent Claims (24)
- - 24. A method as in claim 23, wherein said specified time period specifies a maximum allowable age of said user signature, and wherein said transaction is invalid if said user signature is not verified before said user signature reaches said maximum allowable age.

25. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a timestamp indicating when said transaction was formed;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies a time period within which said signature is valid;
  
  verifying said transaction based on information in said certificate; and
  
  accepting said transaction based on said outcome of said verifying,wherein said step of verifying includes the steps of;
  
  verifying said signature; and
  
  determining whether said verifying of said signature took place within said specified time period.
- View Dependent Claims (26)
- - 26. A method as in claim 25, wherein said specified time period specifies a maximum allowable age of said user signature, and wherein said transaction is invalid if said user signature is not verified before said user signature reaches said maximum allowable age.

27. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction, wherein said transaction contains attribute data including a role said user is exercising by performing said transaction;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies allowed roles which said user may exercise, and wherein said transaction is invalid if said role is not one of said specified allowed roles.

28. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a role said user is exercising by performing said transaction;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies allowed roles which said user may exercise;
  
  verifying said transaction based on information in said certificate, including determining whether said role is one of said specified allowed roles; and
  
  accepting said transaction based on said outcome of said verifying.

29. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies that a specified entity must be notified of said transaction and wherein said transaction is invalid unless said specified entity is notified of and approves said transaction.

30. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies that a specified entity must be notified of said transaction;
  
  verifying said transaction based on information in said certificate;
  
  accepting said transaction based on said outcome of said verifying;
  
  notifying said specified entity of said transaction; and
  
  awaiting a reply from said specified entity.
- View Dependent Claims (31, 33)
- - 31. A method as in claim 30, wherein said step of notifying includes the step of:
    - sending said user transaction to said specified entity, and wherein said specified entity indicates approval of said transaction by returning to said recipient a confirmation transaction formed by said specified entity digitally signing said sent user transaction; and
      
      wherein said step of verifying further comprises the steps of;
      
      receiving from said specified entity a reply and determining whether said reply is a confirmation transaction signed by said specified entity.
  - 33. A method as in claim 31, wherein said transaction is invalid unless said certifying authority determines that said recipient is in said list.

32. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- forming a digital message by a user;
  
  forming a digital user signature based on said digital message and a private key of said user;
  
  combining said digital message and said digital user signature to form a digital user transaction;
  
  combining with said digital user transaction a digital certificate issued by a certifying authority, said certificate having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, said rule to be applied to said attribute data in order to determine whether said transaction is valid, and wherein said rule specifies a list of at least one recipient of said transaction considered acceptable by said certifying authority and wherein said transaction is invalid if it is acted on by a recipient not in said list.

34. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies a list of at least one recipient of said transaction considered acceptable by said certifying authority;
  
  verifying said transaction based on information in said certificate, including determining whether a recipient is in said list, andaccepting said transaction based on said outcome of said verifying.
- View Dependent Claims (35)
- - 35. A method as in claim 34, wherein said transaction is invalid unless said certifying authority determines that said recipient is in said list, said method further comprising the steps of, after said step of verifying:
    - forming a digital recipient signature based on said user transaction and on a private key of said recipient;
      
      combining said digital recipient signature and said user transaction to form a verified transaction;
      
      providing to said certifying authority said verified transaction.

37. A method of enforcing a policy in a cryptographic communication system comprising the steps of:
- receiving a digital user transaction including a digital message and a digital user signature based on said digital message and on a private key of a user, wherein said transaction contains attribute data including a timestamp indicating when said transaction was formed;
  
  receiving a digital certificate issued by a certifying authority and having a plurality of digital fields, at least one of said fields identifying said user and at least one other of said fields containing a rule specifying a condition under which said digital transaction is valid according to said certifying authority, and wherein said rule specifies a time period after said transaction was formed within which said user signature is valid, and wherein said transaction is invalid if said signature is not verified within said specified time period,verifying said transaction based on information in said certificate; and
  
  accepting said transaction based on said outcome of said verifying,wherein said step of verifying includes the steps of;
  
  verifying said signature; and
  
  determining whether said verifying of said signature took place after said specified time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certco
Original Assignee
Certco
Inventors
Sudia, Frank Wells
Primary Examiner(s)
Cain, David C.

Application Number

US08/682,071
Time in Patent Office

399 Days
Field of Search

380/23, 380/25, 380/24, 380/4, 380/3, 380/49, 380/29, 380/30
US Class Current

705/76
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3821   Electronic credentials

G06Q 20/4015   using location information

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Method for securely using digital signatures in a commercial cryptographic system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

701 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securely using digital signatures in a commercial cryptographic system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

701 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links