Multi-step digital signature method and system

US 6,209,091 B1
Filed: 09/29/1998
Issued: 03/27/2001
Est. Priority Date: 01/13/1994
Status: Expired due to Term

First Claim

Patent Images

1. An electronic method for delegated use of an electronic key comprising the steps of:

storing the key in a first electronic device, said electronic device using the key in response to a request from a primary user;

communicating an electronic delegation certificate from the primary user to a delegate;

sending a message from the delegate to the first electronic device, the message including a request for use of the key and the delegation certificate; and

using said first electronic device to use the key in response to the message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-step signing system and method uses multiple signing devices to affix a single signature which can be verified using a single public verification key. Each signing device posesses a share of the signature key and affixes a partial signature in response to authorization from a plurality of authorizing agents. In a serial embodiment, after a first partial signature has been affixed, a second signing device exponentiates the first partial signature. In a parallel embodiment, each signing device affixes a partial signature, and the plurality of partial signatures are multiplied together to form the final signature. Security of the system is enhanced by distributing capability to affix signatures among a plurality of signing devices and by distributing authority to affix a partial signature among a plurality of authorizing agents.

252 Citations

16 Claims

1. An electronic method for delegated use of an electronic key comprising the steps of:
- storing the key in a first electronic device, said electronic device using the key in response to a request from a primary user;
  
  communicating an electronic delegation certificate from the primary user to a delegate;
  
  sending a message from the delegate to the first electronic device, the message including a request for use of the key and the delegation certificate; and
  
  using said first electronic device to use the key in response to the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The electronic method for delegated use of an electronic key of claim 1, wherein the message is signed by the delegate.
  - 3. The electronic method for delegated use of an electronic key of claim 1, wherein the message is signed by multiple delegates.
  - 4. The electronic method for delegated use of an electronic key of claim 1, wherein the message must be signed by multiple delegates for the first electronic key to use the electronic key in response to the message.
  - 5. The electronic method for delegated use of an electronic key of claim 1, wherein said electronic delegation certificate is signed by an original authorizing agent.
  - 6. The electronic method for delegated use of an electronic key of claim 1, wherein said electronic delegation certificate identifies the delegate.
  - 7. The electronic method for delegated use of an electronic key of claim 1, wherein said electronic delegation certificate identifies a public signature verification key of the delegate.
  - 8. The electronic method for delegated use of an electronic key of claim 1, wherein said electronic delegation certificate identifies a time limit during which the electronic delegation certificate is valid.
  - 9. The electronic method for delegated use of an electronic key of claim 1, wherein the message further includes a document to be signed using the electronic key.
  - 10. The electronic method for delegated use of an electronic key of claim 9, wherein the message is signed by the delegate.
  - 11. The electronic method for delegated use of an electronic key of claim 9, wherein the message is signed by multiple delegates.
  - 12. The electronic method for delegated use of an electronic key of claim 9, wherein the message must be signed by multiple delegates for the first electronic key to use the electronic key in response to the message.

13. A method of delegated electronic signing whereby a delegate signs for a primary user using an electronic signature device of the primary user, said method comprising the steps of:
- the primary user issuing a substitution certificate, said substitution certificate identifying the primary user, the delegate, a way to recognize the delegate, and a time limit during which said substitution certificate is valid;
  
  the primary user communicating said substitution certificate to the delegate;
  
  the delegate preparing a signature request, said signature request including said substitution certificate and a document to be signed;
  
  the delegate signing said signature request and communicating said signed signature request to the electronic signing device of the primary user;
  
  the electronic signing device of the primary user verifying the signature of the delegate on said signature request and applying the primary user'"'"'s signature to the document if the signature of the delegate on the signature request is valid.
- View Dependent Claims (14, 15)
- - 14. The method of delegated electronic signing of claim 13, wherein said way to recognize the delegate uses a public signature verification key of the delegate.
  - 15. The method of delegated electronic signing of claim 13, further comprising the step of protecting the electronic signing device of the primary user in a secure environment so that the electronic signing device cannot be accessed physically.

16. A method of delegated electronic signing whereby a delegate signs for a primary user using an electronic signing device of the primary user, said method comprising the steps of:
- selecting the delegate, physically providing the electronic signing device of the primary user to the delegate; and
  
  causing the electronic signing device to be valid for signing for a predetermined, limited time period; and
  
  affixing to a document the signature of the primary user by the delegate using the electronic signing device of the primary user, wherein the electronic signing device of the primary user is valid to affix the signature of the primary user by the primary user for a first predetermined time period and is valid to affix the signature of the primary user by the delegate for a second predetermined time period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certco
Original Assignee
Certco
Inventors
Sudia, Frank W., Freund, Peter C., Huang, Stuart T. F.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US09/161,741
Time in Patent Office

910 Days
Field of Search

380/30, 713/172, 713/173, 713/175, 713/180, 713/176, 713/178, 713/159, 713/185, 713/156, 713/157, 713/158, 705/76
US Class Current

713/175
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/64   Protecting data integrity, ...

G06F 7/725   over elliptic curves

G06Q 20/02   involving a neutral party, ...

G06Q 20/3821   Electronic credentials

G06Q 20/3829   involving key management

H04L 9/085   Secret sharing or secret sp...

H04L 9/3255   using group based signature...

Multi-step digital signature method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

252 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-step digital signature method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

252 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links