Digital signature purpose encoding

US 6,199,053 B1
Filed: 04/08/1999
Issued: 03/06/2001
Est. Priority Date: 09/30/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating an extended digital signature comprising:

producing an extended hash value based on a purpose description and a hash value of input data; and

generating the extended digital signature using a digital signature function on the extended hash value.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for encoding a purpose into a digital signature, where purpose and digital signature bound into an extended digital signature. The extended digital signature capability binds a purpose description identifying the purpose for the digital signature so that when affixed to a digital signature, the digital signature cannot be employed for improper purposes. A hash function is used to generate a hash value from the purpose description. The hash value is used in a digital signature function to bind the purpose to a digital signature. The extended digital signature can be verified for validity by comparing it to a hash value. In an electronic transaction, the extended digital signature can allow a purpose to be bound with the digital signature so that improper or unauthorized transactions are detected and disallowed.

Citations

50 Claims

1. A method for generating an extended digital signature comprising:
- producing an extended hash value based on a purpose description and a hash value of input data; and
  
  generating the extended digital signature using a digital signature function on the extended hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the purpose description includes a legal disclaimer.
  - 3. The method of claim 1, wherein the purpose description includes an amount-not-to-exceed statement.
  - 4. The method of claim 1, wherein the purpose description includes information to limit a scope of authority represented by the extended digital signature.
  - 5. The method of claim 1, wherein the purpose description includes information to qualify a scope of authority represented by the extended digital signature.
  - 6. The method of claim 1, wherein producing the extended hash value comprises binding the hash value with the purpose description.
  - 7. The method of claim 1 wherein producing an extended hash value comprises seeding a first hash function with a hash value generated from the input data, passing the purpose description to the hash function, and generating the extended hash value from the purpose description and the first hash value.
  - 8. The method of claim 1 wherein producing an extended hash value comprises passing an initialization block and the purpose description to a first hash function, the first hash function generating a first extended hash value, and generating the extended hash value from the first hash value.
  - 9. The method of claim 8 wherein producing an extended hash value comprises passing the data stream to a second hash function generating an initialization hash value, the initialization hash value being used as the initialization block.

10. An apparatus comprising:
- a hash function circuit to receive input data signals over the bus and to convert the input data signals into a hash value; and
  
  a digital signature circuit coupled to the hash function circuit, the digital signature circuit to produce an extended digital signature by digitally signing the hash value and a purpose description.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The apparatus of claim 10, wherein the purpose description includes a legal disclaimer.
  - 12. The apparatus of claim 10, wherein the purpose description includes an amount-not-to-exceed statement.
  - 13. The apparatus of claim 10, wherein the purpose description includes information to limit a scope of authority represented by the extended digital signature.
  - 14. The apparatus of claim 10, wherein the purpose description includes information to qualify a scope of authority represented by the extended digital signature.
  - 15. The apparatus of claim 10, wherein the processor is implemented within a central processing unit.
  - 16. The apparatus of claim 10 capable of being embedded in an information processing device, the device processing information transported over a network.
  - 17. The apparatus of claim 16 wherein the information is related to the purpose description.
  - 18. The apparatus of claim 10 wherein the hash function circuit is operative to produce the hash value by seeding a first hash function with a hash value generated from the input data signals, passing the purpose description to the hash function, and generating the hash value from the purpose description and the first hash value.
  - 19. The apparatus of claim 10 wherein the hash function circuit is operative to produce the hash value by passing an initialization block and the purpose description to a first hash function, the first hash function generating a first extended hash value, and generating the hash value from the first hash value.
  - 20. The apparatus of claim 19 wherein the hash function circuit is further operative to produce the hash value by passing the input data signals to a second hash function generating an initialization hash value, the initialization hash value being used as the initialization block.

21. A machine-readable medium having stored thereon data representing sequences of instructions which, when executed by a processor, cause the processor to perform operations comprising:
- producing an extended hash value based on a purpose description and a hash value of input data; and
  
  generating an extended digital signature using a digital signature function on the extended hash value.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The medium of claim 21, wherein the purpose description includes a legal disclaimer.
  - 23. The medium of claim 21, wherein the purpose description includes an amount-not-to-exceed statement.
  - 24. The medium of claim 21, wherein the purpose description includes information to limit a scope of authority represented by the extended digital signature.
  - 25. The medium of claim 21, wherein the purpose description includes information to qualify a scope of authority represented by the extended digital signature.
  - 26. The medium of claim 25 wherein the instructions for producing an extended hash value further comprise instructions causing the processor to perform operations comprising passing the data stream to a second hash function generating an initialization hash value, the initialization hash value being used as the initialization block.
  - 27. The medium of claim 21, wherein the instructions for producing the extended hash value further comprise instructions causing the processor to perform operations comprising binding the hash value with the purpose description.
  - 28. The medium of claim 21 wherein the instructions for producing an extended hash value further comprise instructions causing the processor to perform operations comprising seeding a first hash function with a hash value generated from the input data, passing the purpose description to the hash function, and generating the extended hash value from the purpose description and the first hash value.
  - 29. The medium of claim 21 wherein the instructions for producing an extended hash value further comprise instructions causing the processor to perform operations comprising passing an initialization block and the purpose description to a first hash function, the first hash function generating a first extended hash value, and generating the extended hash value from the first hash value.

30. An apparatus for generating an extended digital signature comprising:
- means for producing an extended hash value based on a purpose description and a hash value of input data; and
  
  means for generating an extended digital signature using a digital signature function on the extended hash value.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The apparatus of claim 30, wherein the purpose description includes a legal disclaimer.
  - 32. The apparatus of claim 30, wherein the purpose description includes an amount-not-to-exceed statement.
  - 33. The apparatus of claim 30, wherein the purpose description includes information to limit scope of authority represented by the extended digital signature.
  - 34. The apparatus of claim 30, wherein the purpose description includes information to qualify a scope of authority represented by the extended digital signature.
  - 35. The apparatus of claim 30, wherein the means for producing the extended hash value includes means for binding the hash value with the purpose description.
  - 36. The apparatus of claim 30 wherein the means for producing an extended hash value includes means for seeding a first hash function with a hash value generated from the input data, means for passing the purpose description to the hash function, and means for generating the extended hash value from the purpose description and the first hash value.
  - 37. The apparatus of claim 30, wherein the means for producing an extended hash value includes means for passing an initialization block and the purpose description to a first hash function, the first hash function generating a first extended hash value, and means for generating the extended hash value from the first hash value.
  - 38. The apparatus of claim 30 wherein the means for producing an extended hash value, include means for passing the data stream to a second hash function generating an initialization hash value, the initialization hash value being used as the initialization block.

39. A machine-readable medium having stored thereon data representing sequences of instructions which, when executed by a processor, cause the processor to perform operations comprising:
- passing a purpose description and a digital signature to an extended digital signature function;
  
  generating a first extended hash value using the purpose description;
  
  recovering a second extended hash value from the digital signature; and
  
  comparing the first extended hash value with the second extended hash value, a true comparison resulting in verifying that the digital signature and the purpose description are valid.
- View Dependent Claims (40, 41, 42, 43, 44)
- - 40. The medium of claim 39 wherein the instructions for generating the first extended hash value further comprise instructions causing the machine to perform operations comprising passing an initialization block and the purpose description to a first hash function, the first hash function generating the first extended hash value.
  - 41. The medium of claim 39 wherein the instructions further comprise instructions causing the machine to perform operations comprising passing the data stream to a second hash function generating an initialization hash value, the initialization hash value used as the initialization block.
  - 42. The medium of claim 39 wherein the instructions for recovering of the second extended hash value further comprise instructions causing the machine to perform operations comprising decrypting the digital signature to recover the second extended hash value.
  - 43. The medium of claim 39 wherein the digital signature and the purpose description are used in performing an electronic transaction.
  - 44. The medium of claim 39 wherein the electronic transaction is performed in accordance with a purpose description which verified as valid.

45. An apparatus for verifying a digital signature and a purpose description for a data stream comprising:
- means for passing the purpose description and the digital signature to an extended digital signature function;
  
  means for generating a first extended hash value using the purpose description;
  
  means for recovering a second extended hash value from the digital signature; and
  
  means for comparing the first extended hash value with the second extended hash value, a true comparison resulting in verifying that the digital signature and the purpose description are valid.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The apparatus of claim 45 wherein the means for generating the first extended hash value includes means for passing an initialization block and the purpose description to a first hash function, the first hash function generating the first extended hash value.
  - 47. The apparatus of claim 45 further comprising means for passing the data stream to a second hash function generating an initialization hash value, the initialization hash value used as the initialization block.
  - 48. The apparatus of claim 45 wherein the means for recovering the second extended hash value includes means for decrypting the digital signature to recover the second extended hash value.
  - 49. The apparatus of claim 45 wherein the digital signature and the purpose description are used in performing an electronic transaction.
  - 50. The apparatus of claim 49 wherein the electronic transaction is performed in accordance with a purpose description which verified as valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Herbert, Howard C., Davis, Derek L.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US09/287,782
Time in Patent Office

698 Days
Field of Search

705/50, 705/51, 705/64, 705/80, 705/26, 705/76, 380/29, 380/30, 380/42, 380/43, 380/287, 713/156, 713/157, 713/168, 713/173, 713/176, 713/177, 713/180, 713/182, 713/189, 713/200, 713/201
US Class Current

705/76
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/3821   Electronic credentials

G06Q 20/3825   Use of electronic signatures

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Digital signature purpose encoding

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Digital signature purpose encoding

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links