Lightweight public key infrastructure employing unsigned certificates
First Claim
1. A public key system comprising:
- a subject;
a certificate authority issuing a first certificate to the subject, the first certificate including a public key of the subject, long-term identification information related to the subject, and meta-data related to the first certificate, wherein the first certificate is not signed by the certificate authority, the certificate authority maintaining a database of records representing issued certificates in which it stores a record representing the first certificate, wherein the issued certificates are each not signed by the certificate authority and are each valid until at least one of revoked by the certificate authority and expired; and
a verifier maintaining a hash table containing cryptographic hashes of valid certificates corresponding to the records stored in the database and including a cryptographic hash of the first certificate, wherein the subject presents the issued first certificate to the verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the first certificate.
3 Assignments
0 Petitions
Accused Products
Abstract
A public key infrastructure (PKI) includes a subject, a verifier, and certificate authority that issues a first unsigned certificate to the subject that binds a public key of the subject to long-term identification information related to the subject and maintains a certificate database of unsigned certificates in which it stores the first unsigned certificate. The verifier maintains a hash table containing cryptographic hashes of valid unsigned certificates corresponding to the unsigned certificates stored in the certificate database and including a cryptographic hash of the first unsigned certificate. The subject presents the issued first unsigned certificate to the verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the unsigned certificate.
-
Citations
28 Claims
-
1. A public key system comprising:
-
a subject; a certificate authority issuing a first certificate to the subject, the first certificate including a public key of the subject, long-term identification information related to the subject, and meta-data related to the first certificate, wherein the first certificate is not signed by the certificate authority, the certificate authority maintaining a database of records representing issued certificates in which it stores a record representing the first certificate, wherein the issued certificates are each not signed by the certificate authority and are each valid until at least one of revoked by the certificate authority and expired; and a verifier maintaining a hash table containing cryptographic hashes of valid certificates corresponding to the records stored in the database and including a cryptographic hash of the first certificate, wherein the subject presents the issued first certificate to the verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the first certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25, 26, 27)
-
-
13. A method of authenticating a subject to a verifier in a public key system, the method comprising the steps of:
-
issuing a first certificate from a certificate authority to the subject, the first certificate including a public key of the subject, long-term identification information related to the subject, and meta-data related to the first certificate, wherein the first certificate is not signed by the certificate authority; maintaining, at the certificate authority, a database of records representing issued certificates that are each not singed by the certificate authority and are each valid until at least one of revoked by the certificate authority and expired; storing a record representing the first certificate in the database; maintaining, at the verifier, a hash table containing cryptographic hashes of valid certificates corresponding to the records stored in the database and including a cryptographic hash of the first certificate; presenting the issued first certificate from the subject to the verifier for authentication; demonstrating, by the subject, that the subject has knowledge of a private key corresponding to the public key in the first certificate. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 28)
-
Specification