Digital signature purpose encoding

US 6,023,509 A
Filed: 09/30/1996
Issued: 02/08/2000
Est. Priority Date: 09/30/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for encoding a purpose description for a data stream comprising the steps of:

passing a purpose description to an extended digital signature function;

seeding a first hash function with a hash value generated from said data stream;

passing said purpose description to said hash function;

generating an extended hash value from said purpose description and said first hash value; and

generating an extended digital signature using a digital signature function on said extended hash value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.

178 Citations

14 Claims

1. A method for encoding a purpose description for a data stream comprising the steps of:
- passing a purpose description to an extended digital signature function;
  
  seeding a first hash function with a hash value generated from said data stream;
  
  passing said purpose description to said hash function;
  
  generating an extended hash value from said purpose description and said first hash value; and
  
  generating an extended digital signature using a digital signature function on said extended hash value.

2. A method of verifying a digital signature and a purpose description for a data stream comprising the steps of:
- passing said purpose description and said digital signature to an extended digital signature function;
  
  generating a first extended hash value using said purpose description;
  
  recovering a second extended hash value from said digital signature; and
  
  comparing said first extended hash value with said second extended hash value, a true comparison resulting in verifying that digital signature and said purpose description are valid.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. A method of verifying according to claim 2 further wherein the step of generating said first extended hash value includes the step of:
    - passing an initialization block and said purpose description to a first hash function, said first hash function generating said first extended hash value.
  - 4. A method of verifying according to claim 3 further comprising the steps of:
    - passing said data stream to a second hash function generating an initialization hash value, said initialization hash value used as said initialization block.
  - 5. A method of verifying according to claim 2 wherein the step of recovering said second extended hash value includes the step of:
    - decrypting said digital signature to recover said second extended hash value.
  - 6. A method of verifying according to claim 2 wherein said digital signature and said purpose description are used in performing an electronic transaction.
  - 7. A method of verifying according to claim 6 wherein said electronic transaction is performed in accordance with purpose description which verified as valid.

8. A method for encoding a purpose description for a digital signature of a data stream in an electronic transaction, comprising the steps of:
- generating a hash value using a hash function on said data stream;
  
  passing said hash value and said purpose description to said hash function to generate an extended hash value;
  
  generating said extended digital signature by passing said extended hash value to a digital signature function wherein said digital signature function binds said purpose description with said digital signature; and
  
  affixing said extended digital signature to said input data stream to perform said electronic transaction.
- View Dependent Claims (9)
- - 9. A method according to claim 8 wherein said electronic transaction is performed only in accordance with said purpose description, if said purpose description is verified as valid.

10. In a network capable of handling an electronic transaction, an apparatus comprising:
- a client coupled to said network requesting said electronic transaction, said client sending a request over said network;
  
  a server coupled to said client, and to said network, said server receiving said request and sending an extended digital signature for authorizing said request, wherein a purpose description is binded in said extended digital signature; and
  
  an electronic transaction provider, said provider coupled to said network, said provider completing said electronic transaction in accordance with said purpose description of said authorization.
- View Dependent Claims (11)
- - 11. An apparatus according to claim 10 wherein said provider cannot complete said electronic transaction until said extended digital signature is verified as valid.

12. In a computer system having main memory, CPU, and bus, a digital signature processor comprising:
- a hash function circuit coupled to said bus receiving input data signals over said bus and converting said input data signals to a hash value;
  
  a digital signature circuit coupled to said hash function circuit to receive said hash value and a purpose description stored in said computer system and to bind said purpose description and said hash value into an extended digital signature.
- View Dependent Claims (13, 14)
- - 13. A digital signature processor according to claim 12, further comprising a digital signature verification circuit, said digital signature verification circuit comparing said hash value with a second value, wherein if said comparison evaluates true, said digital signature is verified as valid.
  - 14. A digital signature processor according to claim 12, wherein said digital signature processor is embedded in said CPU.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Herbert, Howard C., Davis, Derek L.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/720,444
Time in Patent Office

1,226 Days
Field of Search

380/4, 380/9, 380/23, 380/24, 380/25, 380/29, 380/30, 380/46, 380/49, 380/50, 380/59
US Class Current

705/76
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Digital signature purpose encoding

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

178 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Digital signature purpose encoding

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

178 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links