Certification of multiple keys with new base and supplementary certificate types
First Claim
1. A method of creating certificates with redundant information to certify keys of a user, wherein each of the certificates comprises a defined number of data elements which at least contain information on a certification body or issuer of the certificate, a user of the certificate and a key certified by the certificate, comprising the following steps:
- a) creation by the certification body of a basic certificate for use in connection with the several keys of the user, the basic certificate containing a single recitation of a defined number of data elements therein which elements are identical or redundant if repeated in separate certificates one for each of the several keys of the user in conjunction with the certification body;
b) addition of an identifying characteristic to the basic certificate;
c) generation of a digital signature for the basic certificate;
d) addition of the digital signature to the basic certificate;
e) generation of a key pair;
f) creation of a supplementary certificate for the basic certificate which does not recite the redundant data elements contained in the basic certificate but does contain a key as set out in step e), the identifying characteristic as set out in step b) and additional data fields not registered by the basic certificate;
g) generation of a digital signature for the supplementary certificate;
h) addition of the digital signature to the supplementary certificate; and
i) use of the basic certificate created in step a) for other of the several keys in additional supplementary certificates that share with the supplementary certifactes of step f) the redundant information recited in the basic certificate but like the supplementary certificate of step f) do not recite the redundant data elements.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for creating, storing and reading a new certificate type for certification of keys is provided. In the new certificate type, several certificates, containing a minimum quantity of redundant data fields, are collated to form one certificate and all redundant information on the certificates is eliminated. An embodiment of the new certificate type is the group certificate. The group certificate is used where several keys are to be issued at the same time for the same user by the same certification instance. By means of the group certificate, all redundant data elements are eliminated and all data elements for a set of several keys subject to certification are grouped into one certificate. This substantially reduces the memory requirement, and handling of the certificates is simplified for the communication partners. A further embodiment of the new certificate type is the basic and supplementary certificate combination. This form of certification is used where certificates are issued at different times for the same user by the same certification body. The memory requirement is consequently somewhat more than for group certificates, but greater flexibility is gained in use of the keys.
48 Citations
20 Claims
-
1. A method of creating certificates with redundant information to certify keys of a user, wherein each of the certificates comprises a defined number of data elements which at least contain information on a certification body or issuer of the certificate, a user of the certificate and a key certified by the certificate, comprising the following steps:
-
a) creation by the certification body of a basic certificate for use in connection with the several keys of the user, the basic certificate containing a single recitation of a defined number of data elements therein which elements are identical or redundant if repeated in separate certificates one for each of the several keys of the user in conjunction with the certification body; b) addition of an identifying characteristic to the basic certificate; c) generation of a digital signature for the basic certificate; d) addition of the digital signature to the basic certificate; e) generation of a key pair; f) creation of a supplementary certificate for the basic certificate which does not recite the redundant data elements contained in the basic certificate but does contain a key as set out in step e), the identifying characteristic as set out in step b) and additional data fields not registered by the basic certificate; g) generation of a digital signature for the supplementary certificate; h) addition of the digital signature to the supplementary certificate; and i) use of the basic certificate created in step a) for other of the several keys in additional supplementary certificates that share with the supplementary certifactes of step f) the redundant information recited in the basic certificate but like the supplementary certificate of step f) do not recite the redundant data elements. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product on a computer usable hardware medium for creating certificates to certify several keys sharing redundant information, wherein a certificate comprises a defined number of data elements which at least contain information on a certification body or issuer to the certificate, a user of the certificate and a key certified by the certificate, said computer program product comprising:
-
a) software code for specification of a request for certification of one of the several keys by a certification body for a user; b) software code for creation of a basic certificate that does not contain any key for the user but does contain a defined number of data elements which, in the certification process, are identical or redundant for the several keys of the user in conjunction with the respective certification body when initially not more than one of the several keys is to be certified with the basic certificate; c) software code for the addition of an identifying characteristic to the basic certificate; d) software code for the generation of a digital signature for the basic certificate; e) software code for the addition of the digital signature to the basic certificate; f) software code for generation of a key pair; g) software code for creation of a supplementary certificate for the basic certificate with a key pair generated with the software as set out in f), the identifying characteristic as set out in c) and additional data elements not registered by the basic certificate of b); h) software code for generation of a digital signature for the supplementary certificate; i) software code for addition of the digital signature to the supplementary certificate; and j) software code for use of the basic certificate created in step b) with a new key that shares the redundant data elements with the basic certificate by issuing an additional supplementary certificate with a new key pair generated with software as set forth in f), the identifying certificate as set forth in c) and additional data elements not registered by the basic certificate of b) or the supplementary certificate of g). - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of creating and using certificates to certify several keys for use in connection with a chipcard, wherein each of the certificates comprises a defined number of data elements which at least contain information on a certification body or issuer of the certificate, a user of the certificate and a key certified by the certificate, comprising the following steps:
-
a) creation by the certification body of a basic certificate that does not contain a key but is for use in connection with the several keys of the user, the basic certificate containing a single recitation of a defined number of data elements therein which elements would be identical or redundant if contained in separate certificates one for each of the several keys of the user in conjunction with the certification body; b) addition of an identifying characteristic to the basic certificate; c) generation of a digital signature for the basic certificate; d) addition of the digital signature to the basic certificate; e) generation of a key pair; f) creation of a supplementary certificate for the basic certificate which does not recite the redundant data elements contained in the basic certificate but does contain a key as set out in step e), the identifying characteristic as set out in step b) and additional data fields not registered by the basic certificate; g) generation of a digital signature for the supplementary certificate; h) addition of the digital signature to the supplementary certificate; i) use of the basic certificate created in step a) for other of the several keys in additional supplementary certificates that share with the supplementary certificate of step f) the redundant information recited the basic certificate but like the supplementary certificate of step f) do not recite the redundant data elements; and j) storage of the basic and supplementary in a nonvolatile memory of the chipcard. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification