Method for certifying public keys in a digital signature scheme

US 5,717,759 A
Filed: 01/31/1997
Issued: 02/10/1998
Est. Priority Date: 04/23/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for certifying a user public key in a system having a first authority with a first public key of a digital signature scheme and a second authority with a second public key of a digital signature scheme, the method comprising the steps of:

(a) presenting the user public key to the first authority for inspection of a given property;

(b) if the user public key passes inspection of the first authority, causing the second authority to receive an indication that the user public key has passed inspection of the first authority;

(c) having the second authority issue a compact certificate that indicates that the user public key possesses the given property, the compact certificate including a signature of the second authority but not including a public key of the first authority, wherein the compact certificate is equivalent to a conventional certificate containing the signature of the first authority, the public key of the first authority, and the public key of the second authority; and

(d) storing information in order to keep at least the first authority accountable for pieces of data that the first authority contributes to certify.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for certifying public keys of a digital signature scheme in a communications system is provided. The secure communications system is one in which there are at least two levels of authorities. A user presents a piece of data to an intermediate level authority who, upon verifying the data, causes an issuing authority to issue a certificate that the piece of data posses a given property. Although the certificate is compacted by not having it contain a pubic key of the intermediate authority, nonetheless, information is stored in order to keep the intermediate authority accountable.

100 Citations

View as Search Results

22 Claims

1. A method for certifying a user public key in a system having a first authority with a first public key of a digital signature scheme and a second authority with a second public key of a digital signature scheme, the method comprising the steps of:
- (a) presenting the user public key to the first authority for inspection of a given property;
  
  (b) if the user public key passes inspection of the first authority, causing the second authority to receive an indication that the user public key has passed inspection of the first authority;
  
  (c) having the second authority issue a compact certificate that indicates that the user public key possesses the given property, the compact certificate including a signature of the second authority but not including a public key of the first authority, wherein the compact certificate is equivalent to a conventional certificate containing the signature of the first authority, the public key of the first authority, and the public key of the second authority; and
  
  (d) storing information in order to keep at least the first authority accountable for pieces of data that the first authority contributes to certify.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method for certifying a user public key according to claim 1, wherein the given property of the user public key includes a given user choosing the user public key as his own public key in connection with at least one of:
    - a digital signature system and a public key encryption system.
  - 3. A method for certifying a user public key according to claim 2, wherein inspection of the first authority includes identifying the user.
  - 4. A method for certifying a user public key according to claim 3, wherein identifying the user includes verifying that the user knows the secret key associated with the user public key.
  - 5. A method for certifying a user public key according to claim 2, wherein the information that is stored includes a signature of the first authority.
  - 6. A method for certifying a user public key according to claim 1, wherein a certified public verification key of the second authority is sufficient to verify the certificate.
  - 7. A method for certifying a user public key according to claim 1, wherein at least a portion of the information that is stored is stored in the certificate.
  - 8. A method for certifying a user public key according to claim 7, wherein the at least a portion of the information that is stored identifies the first level authority.
  - 9. A method for certifying a user public key according to claim 1, wherein the compact certificate includes a digital signature of the first authority.

10. A method for certifying a user public key PK_U where there are a plurality of authorities A_l, . . . , A_n that certify user public keys, where for each i<
- n, authority A_i is configured to send authority A_i+l authenticated messages that are verifiable by A_i+l as having genuinely come from A_i, and authority A_n has a signing key SK_n and an associated certified public key PK_n, the method comprising the steps of;
  
  (a) having a verification key PK_U presented to authority A_l ;
  
  (b) having authority A_l verify, by means of a predetermined procedure, that PK_U possesses some properties out of a set of given properties;
  
  (c) for all i<
  
  n, having authority A_i send authority A_i+l a message indicating that PK_U has been verified to possess the given properties;
  
  (d) issuing a compact certificate for PK_U that includes a signature provided using SK_n and does not include a public key of at least one authority A_i for some j<
  
  n, wherein the compact certificate is equivalent to a conventional certificate containing the public key of A_j ; and
  
  (e) storing accountability information that renders A_j accountable for keys that A_j contributes to certify.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 11. A method for certifying a user public key according to claim 10, wherein the given property of PK_u includes a given user choosing PK_U as his own public key in connection with at least one of:
    - a digital signature system and a public key encryption system.
  - 12. A method for certifying a user public key according to claim 11, wherein the inspection authority A₁ includes identifying the user.
  - 13. A method for certifying a user public key according to claim 12, wherein the inspection includes verifying that the user knows the secret key associated with the user public key.
  - 14. A method for certifying a user public key according to claim 11, wherein the certificate does not include public keys of any authorities A₁, . . . , A_n-1.
  - 15. A method for certifying a user public key according to claim 10, wherein the certificate does not include the public key of at least some other authority A_j.
  - 16. A method for certifying a user public key according to claim 10, wherein at least a portion of the information that is stored is stored in the certificate.
  - 17. A method for certifying a user public key according to claim 16, wherein the at least a portion of the information that is stored in the certificate identifies authority A_k.
  - 18. A method for certifying a user public key according to claim 10, wherein the certificate includes a digital signature of authority A_k.
  - 19. A method for certifying a user public key according to claim 10, wherein at least one authority A_j+1 contributes additional data that is included in the certificate.
  - 20. A method for certifying a user public key according to claim 10, wherein at least an authority A_j+1 sends authority A_j+2 a digital signature of authority A_j.
  - 21. A method for certifying a user public key according to claim 10, wherein information is stored in the certificate that identifies all authorities A_j whose public key is not included in the certificate.
  - 22. A method for certifying a user public key according to claim 10, wherein information is stored in the certificate that identifies all authorities who have contributed to certifying the user public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Silvio Micali
Inventors
Micali, Silvio
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/792,974
Time in Patent Office

375 Days
Field of Search

380/9, 380/21, 380/23, 380/25, 380/29, 380/30, 380/49, 380/50
US Class Current

713/157
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

H04L 9/3255   using group based signature...

H04L 9/3263   involving certificates, e.g...

Method for certifying public keys in a digital signature scheme

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method for certifying public keys in a digital signature scheme

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links