Multi-step digital signature method and system
First Claim
1. An electronic method for delegated use of an electronic key comprising the steps of:
- storing the key in a first electronic device, said electronic device using the key in response to a request from a primary user;
communicating an electronic delegation certificate from the primary user to a delegate;
sending a message from the delegate to the first electronic device, the message including a request for use of the key and the delegation certificate; and
using said first electronic device to use the key in response to the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-step signing system and method uses multiple signing devices to affix a single signature which can be verified using a single public verification key. Each signing device posesses a share of the signature key and affixes a partial signature in response to authorization from a plurality of authorizing agents. In a serial embodiment, after a first partial signature has been affixed, a second signing device exponentiates the first partial signature. In a parallel embodiment, each signing device affixes a partial signature, and the plurality of partial signatures are multiplied together to form the final signature. Security of the system is enhanced by distributing capability to affix signatures among a plurality of signing devices and by distributing authority to affix a partial signature among a plurality of authorizing agents.
252 Citations
16 Claims
-
1. An electronic method for delegated use of an electronic key comprising the steps of:
-
storing the key in a first electronic device, said electronic device using the key in response to a request from a primary user;
communicating an electronic delegation certificate from the primary user to a delegate;
sending a message from the delegate to the first electronic device, the message including a request for use of the key and the delegation certificate; and
using said first electronic device to use the key in response to the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of delegated electronic signing whereby a delegate signs for a primary user using an electronic signature device of the primary user, said method comprising the steps of:
-
the primary user issuing a substitution certificate, said substitution certificate identifying the primary user, the delegate, a way to recognize the delegate, and a time limit during which said substitution certificate is valid;
the primary user communicating said substitution certificate to the delegate;
the delegate preparing a signature request, said signature request including said substitution certificate and a document to be signed;
the delegate signing said signature request and communicating said signed signature request to the electronic signing device of the primary user;
the electronic signing device of the primary user verifying the signature of the delegate on said signature request and applying the primary user'"'"'s signature to the document if the signature of the delegate on the signature request is valid. - View Dependent Claims (14, 15)
-
-
16. A method of delegated electronic signing whereby a delegate signs for a primary user using an electronic signing device of the primary user, said method comprising the steps of:
-
selecting the delegate, physically providing the electronic signing device of the primary user to the delegate; and
causing the electronic signing device to be valid for signing for a predetermined, limited time period; and
affixing to a document the signature of the primary user by the delegate using the electronic signing device of the primary user, wherein the electronic signing device of the primary user is valid to affix the signature of the primary user by the primary user for a first predetermined time period and is valid to affix the signature of the primary user by the delegate for a second predetermined time period.
-
Specification