Method and system for checking digital signatures and card with microcircuit for using the method

US 7,721,108 B2
Filed: 05/21/2003
Issued: 05/18/2010
Est. Priority Date: 06/05/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for checking a digital signature, involving a microcircuit connectable to a data processing system, the microcircuit being designed to receive requests to check digital signatures from the data processing system, and to process these requests, a digital signature being generated using a private key only known to a signatory entity and associated with a public key, said method comprising:

a step of storing a certificates table containing a digest form of at least one public key in a memory in the microcircuit, wherein the public key is inserted into the certificates table by a step that comprises inserting, in the certificates table, a pointer to the digest form of the public key of the certification entity that issued the certificate of the public key, so as to define a certification tree in combination with the inserted digest form of the public key; and

a phase of checking a digital signature comprising steps of;

receiving by the microcircuit a digital signature to be checked and a public key in a pair of keys comprising a private key that was used to generate the digital signature to be checked;

calculating a digest form of the received public key;

searching for the calculated digest form of the public key in the microcircuit'"'"'s certificates table, at a location at which the inserted pointer points; and

decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To check a digital signature, using a microcircuit card, the microcircuit being designed to receive and to process requests to check digital signatures, the process comprises storing in a memory in the microcircuit a certificates table containing digest forms of authorized public keys, and a phase of checking a digital signature consisting of: receiving by the microcircuit the digital signature to be checked and a public key corresponding to a private key that was used to generate the digital signature to be checked; calculating a digest form of the received public key, searching for the calculated digest form of the public key in the certificates table, and decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.

Citations

22 Claims

1. A method for checking a digital signature, involving a microcircuit connectable to a data processing system, the microcircuit being designed to receive requests to check digital signatures from the data processing system, and to process these requests, a digital signature being generated using a private key only known to a signatory entity and associated with a public key, said method comprising:
- a step of storing a certificates table containing a digest form of at least one public key in a memory in the microcircuit, wherein the public key is inserted into the certificates table by a step that comprises inserting, in the certificates table, a pointer to the digest form of the public key of the certification entity that issued the certificate of the public key, so as to define a certification tree in combination with the inserted digest form of the public key; and
  
  a phase of checking a digital signature comprising steps of;
  
  receiving by the microcircuit a digital signature to be checked and a public key in a pair of keys comprising a private key that was used to generate the digital signature to be checked;
  
  calculating a digest form of the received public key;
  
  searching for the calculated digest form of the public key in the microcircuit'"'"'s certificates table, at a location at which the inserted pointer points; and
  
  decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, further comprising a phase of inserting a public key into the certificates table, comprising steps of:
    - receiving by the microcircuit a certificate of the public key to be inserted in the certificates table, and a public key from a certification entity that generated the certificate, the certificate comprising the public key to be added into the certificates table and a digital signature of the certification entity, generated using a private key belonging to a pair of keys including the public key of the certification entity, calculating by the microcircuit a digest form of the public key received from the certification entity, and searching for the calculated digest form of the public key in the certificates table, decrypting the digital signature using the public key received from the certification entity if the calculated digest form of the public key is located in the table, extracting the public key to be inserted from the certificate if the decrypted digital signature is correct, calculating a digest of the public key extracted from the certificate, and inserting the calculated digest in the certificates table.
  - 3. The method according to claim 2, further comprising a phase of deleting a digest of a public key from the certificates table, comprising steps of deleting from the certificates table the digest of a public key to be removed, and deleting from the certificates table all digests of public keys associated with a pointer indicating the public key to be removed.
  - 4. The method according to claim 2, wherein each public key digest entered into the certificates table is associated with a validity end date, the phase of inserting a public key into the certificates table further comprising steps of reading in a received certificate a validity end date of the public key to be inserted, and entering the validity end date of the public key to be inserted into the certificates table, together with the digest of the public key to be inserted, if it is earlier than the validity end date of the public key of the certification entity read in the certificates table.
  - 5. The method according to claim 2, wherein each digest of a public key entered in the certificates table is associated with a usage counter that is incremented every time that a digital signature is checked using the public key, and said method comprising deletion of a public key digest from the certificates table when the usage counter is zero and the number of empty locations in the certificates table is less than a predetermined threshold.
  - 6. The method according to claim 2, wherein each public key digest entered into the certificates table is associated with a usage counter that is incremented every time that a digital signature is checked using the public key, and with a last usage date that is updated every time that the associated usage counter is incremented, said method further comprising a step to select a digest of a public key to be deleted as a function of the corresponding associated values of the usage counter and the last usage date when the number of empty locations in the certificates table is less than a predetermined threshold.
  - 7. The method according to claim 1, wherein the microcircuit uses a predefined hashing function to calculate the digest forms of the public keys.
  - 8. The method according to claim 1, further comprising a phase of inserting a root public key in the certificates table, this insertion phase being done by a write processing controlled by a MAC calculated using a specific key in the microcircuit and only known to an entity having issued the microcircuit.
  - 9. The method according to claim 1, wherein the digest of a public key memorized in the certificates table is obtained by calculating a digest of the public key associated with other information such as the validity end date of the public key, identity information and serial numbers, this information being transmitted to the microcircuit every time that the signature is checked using the public key.
  - 10. The method according to claim 1, wherein the digest of a public key memorized in the certificates table is obtained by calculating a digest of the certificate received by the microcircuit when the public key is inserted in the certificates table, this certificate being transmitted to the microcircuit every time that the signature is checked using the public key.
  - 11. The method according to claim 1, wherein the certificates table is stored in a secure memory area in the microcircuit.

12. A microcircuit being designed to receive requests to check digital signatures from the data processing system, and to process these requests, a digital signature being generated using a private key only known to a signatory entity and associated with a public key, said microcircuit comprising:
- memory means for storing a certificates table containing a digest form of at least one public key, wherein the public key is insertable into the certificates table by means for inserting, in the certificates table, a pointer to the digest form of the public key of the certification entity that issued the certificate of the public key, so as to define a certification tree in combination with the inserted digest form of the public key;
  
  means for receiving a digital signature to be checked and a public key in a pair of keys comprising a private key that was used to generate the digital signature to be checked;
  
  means for calculating a digest firm of the received public key, and for searching for the calculated digest form of the public key in the certificates tables; and
  
  means for decrypting the digital signature using the received public key if the calculated digest form of the public key is located in the certificates table.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The microcircuit according to claim 12, further comprising:
    - means for receiving a certificate of the public key to be inserted in the certificates table, and a public key from a certification entity that generated the certificate, the certificate comprising the public key to be added into the certificates table and a digital signature of the certification entity, generated using a private key belonging to a pair of keys including the public key of the certification entity, means for calculating a digest form of the public key received from the certification entity, and for searching for the calculated digest form of the public key in the certificates table, means for decrypting the digital signature using the public key received from the certification entity if the calculated digest form of the public key is located in the table, means for extracting the public key to be inserted from the certificate if the decrypted digital signature is correct, means for calculating a digest of the public key extracted from the certificate, and for inserting the calculated digest in the certificates table.
  - 14. The microcircuit according to claim 13, further comprising means for deleting from the certificates table a digest of a public key to be removed, and means for deleting from the certificates table all digests of public keys associated with a pointer indicating the public key to be removed.
  - 15. The microcircuit according to claim 13, further comprising:
    - means for reading in a received certificate a validity end date of a public key to be inserted, and means for entering the validity end date of the public key to be inserted into the certificates table, together with the digest of the public key to be inserted, if the validity end date is earlier than the validity end date of the public key of the certification entity read in the certificates table.
  - 16. The microcircuit according to claim 13, further comprising means for incrementing a usage counter associated with each public key digest entered into the certificates table, every time that a digital signature is checked using the public key, and means for deleting a public key digest from the certificates table when the associated usage counter is zero and the number of empty locations in the certificates table is less than a predetermined threshold.
  - 17. The microcircuit according to claim 16, further comprising means for updating a last usage date associated with each public key digest entered into the certificates table, every time that a digital signature is checked using the public key, means for deleting a public key digest from the certificates table when the number of empty locations in the certificates table is less than a predetermined threshold, and means for selecting a digest of a public key to be deleted as a function of the corresponding associated values of the usage counter and the last usage date.
  - 18. The microcircuit according to claim 12, further comprising means for executing a predefined hashing function to calculate the digest forms of the public keys.
  - 19. The microcircuit according to claim 12, further comprising means for inserting a root public key in the certificates table, using a write processing controlled by a MAC calculated using a specific key in the microcircuit and only known to an entity having issued the microcircuit.
  - 20. The microcircuit according to claim 12, wherein the means for calculating the digest of a public key memorized in the certificates table comprise means for calculating a digest of the public key associated with other information comprising the validity end date of the public key, identity information and serial numbers, this information being transmitted to the microcircuit every time that the signature is checked using the public key.
  - 21. The microcircuit according to claim 12, wherein the means for calculating the digest of a public key memorized in the certificates table comprise means for calculating a digest of the certificate received by the microcircuit when the public key is inserted in the certificates table, this certificate being transmitted to the microcircuit every time that the signature is checked using the public key.
  - 22. The microcircuit according to claim 12, wherein the memory means for storing the certificates table is a secure memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Boutroux, Vincent, Pailles, Jean-Claude
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US10/516,966
Publication Number

US 20060168447A1
Time in Patent Office

2,554 Days
Field of Search

713/185
US Class Current

713/185
CPC Class Codes

G06Q 20/045   using payment protocols inv...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/363   with the personal data of a...

G06Q 20/40975   using encryption therefor

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

H04L 9/3265   using certificate chains, t...

Method and system for checking digital signatures and card with microcircuit for using the method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for checking digital signatures and card with microcircuit for using the method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links