Method for certifying public keys in a digital signature scheme
First Claim
1. A method for certifying a user public key in a system having a first authority with a first public key of a digital signature scheme and a second authority with a second public key of a digital signature scheme, the method comprising the steps of:
- (a) presenting the user public key to the first authority for inspection of a given property;
(b) if the user public key passes inspection of the first authority, causing the second authority to receive an indication that the user public key has passed inspection of the first authority;
(c) having the second authority issue a compact certificate that indicates that the user public key possesses the given property, the compact certificate including a signature of the second authority but not including a public key of the first authority, wherein the compact certificate is equivalent to a conventional certificate containing the signature of the first authority, the public key of the first authority, and the public key of the second authority; and
(d) storing information in order to keep at least the first authority accountable for pieces of data that the first authority contributes to certify.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for certifying public keys of a digital signature scheme in a communications system is provided. The secure communications system is one in which there are at least two levels of authorities. A user presents a piece of data to an intermediate level authority who, upon verifying the data, causes an issuing authority to issue a certificate that the piece of data posses a given property. Although the certificate is compacted by not having it contain a pubic key of the intermediate authority, nonetheless, information is stored in order to keep the intermediate authority accountable.
100 Citations
22 Claims
-
1. A method for certifying a user public key in a system having a first authority with a first public key of a digital signature scheme and a second authority with a second public key of a digital signature scheme, the method comprising the steps of:
-
(a) presenting the user public key to the first authority for inspection of a given property; (b) if the user public key passes inspection of the first authority, causing the second authority to receive an indication that the user public key has passed inspection of the first authority; (c) having the second authority issue a compact certificate that indicates that the user public key possesses the given property, the compact certificate including a signature of the second authority but not including a public key of the first authority, wherein the compact certificate is equivalent to a conventional certificate containing the signature of the first authority, the public key of the first authority, and the public key of the second authority; and (d) storing information in order to keep at least the first authority accountable for pieces of data that the first authority contributes to certify. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for certifying a user public key PKU where there are a plurality of authorities Al, . . . , An that certify user public keys, where for each i<
- n, authority Ai is configured to send authority Ai+l authenticated messages that are verifiable by Ai+l as having genuinely come from Ai, and authority An has a signing key SKn and an associated certified public key PKn, the method comprising the steps of;
(a) having a verification key PKU presented to authority Al ; (b) having authority Al verify, by means of a predetermined procedure, that PKU possesses some properties out of a set of given properties; (c) for all i<
n, having authority Ai send authority Ai+l a message indicating that PKU has been verified to possess the given properties;(d) issuing a compact certificate for PKU that includes a signature provided using SKn and does not include a public key of at least one authority Ai for some j<
n, wherein the compact certificate is equivalent to a conventional certificate containing the public key of Aj ; and(e) storing accountability information that renders Aj accountable for keys that Aj contributes to certify. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- n, authority Ai is configured to send authority Ai+l authenticated messages that are verifiable by Ai+l as having genuinely come from Ai, and authority An has a signing key SKn and an associated certified public key PKn, the method comprising the steps of;
Specification