Public key/signature cryptosystem with enhanced digital signature certification
First Claim
1. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said user'"'"'s having a public key and an associated private key, a method for controlling authority in a hierarchical manner among a group of users, comprising the steps of:
- specifying at least first and second digital authority defining data structures, said data structures having digital values which can be associated with at least one user'"'"'s private key,said step of specifying including the step ofdigitally specifying a set of authorities from a sufficient plurality of authorities so that a first user may digitally delegate authorities to second and third users so that the authorities delegated to the second user are different than those delegated to the third user, providing that the first user'"'"'s digital authority defining data structure allows for such delegation; and
digitally signing by the first user the second digital data structure so that signatures performed by the second user'"'"'s private key associated with the second data structure will be recognized upon an electronic analysis of the digital signature as having been granted said authority by the first user in accordance with the first user'"'"'s authority-defining data structure.
0 Assignments
0 Petitions
Accused Products
Abstract
A public key cryptographic system is disclosed with enhanced digital signature certification which authenticates the identity of the public key holder. A hierarchy of nested certifications and signatures are employed which indicate the authority and responsibility levels of the individual whose signature is being certified. The certifier in constructing a certificate generates a special message that includes fields identifying the public key which is being certified, and the name of the certifiee. The certificate is constructed by the certifier to define the authority which is being granted and which may relate to a wide range of authorizations, delegation responsibilities or restrictions given to, or placed on the certifiee. Methodology is also disclosed by which multiple objects such as, for example, a cover letter, an associated enclosed letter, an associated graphics file, etc., are signed together. Methodology is also disclosed for digitally signing documents in which a digital signature is generated for both computer verification and for reverification if a document needs to be reconfirmed by reentering from a paper rendition.
552 Citations
58 Claims
-
1. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said user'"'"'s having a public key and an associated private key, a method for controlling authority in a hierarchical manner among a group of users, comprising the steps of:
-
specifying at least first and second digital authority defining data structures, said data structures having digital values which can be associated with at least one user'"'"'s private key, said step of specifying including the step of digitally specifying a set of authorities from a sufficient plurality of authorities so that a first user may digitally delegate authorities to second and third users so that the authorities delegated to the second user are different than those delegated to the third user, providing that the first user'"'"'s digital authority defining data structure allows for such delegation; and digitally signing by the first user the second digital data structure so that signatures performed by the second user'"'"'s private key associated with the second data structure will be recognized upon an electronic analysis of the digital signature as having been granted said authority by the first user in accordance with the first user'"'"'s authority-defining data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a communications system for exchanging messages over a communications channel, a method of digitally signing a message to be transmitted comprising the steps of:
-
creating a digital hash value of the message to be transmitted based on the exact bit-for-bit data to be transmitted; creating an auxiliary digital hash value to permit subsequent verification of the genuineness of a printed version of the message; and incorporating both hash values as part of a digital signature. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 22)
-
-
20. In a communications system for exchanging messages over a communications channel, apparatus for digitally signing a message to be transmitted comprising:
-
means for creating a digital hash value of the message to be transmitted based on the exact bit-for-bit data to be transmitted; means for creating an auxiliary digital hash value to permit the subsequent verification of the genuineness of a printed version of the message; and means for incorporating both hash values as part of a digital signature. - View Dependent Claims (21, 23, 24, 25, 26, 27, 28, 29)
-
-
30. In a communications system for exchanging messages over a communication channel, a method for digitally signing said messages comprising the steps of:
-
assembling a digital package including a group of related but distinct message portions; creating a digital list of the distinct message portions to be signed; and processing a digital representation of at least said list of distinct message portions with the signer'"'"'s private key, such that said distinct message portions are individually verifiable as having been signed and are verifiable as being a member of said group, whereby a plurality of distinct documents maybe organized, processed and signed as a package. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. In a communication system for exchanging messages over a communication system, apparatus for digitally signing said messages comprising:
-
means for assembling a digital package including a group of related but distinct message portions; means for creating a digital list of the distinct message portions to be signed; and means for processing a digital representation of at least said list of distinct message portions with the signer'"'"'s private key, such that said distinct message portions are individually verifiable as having been signed and are verifiable as being a member of said group, whereby a plurality of distinct documents may be organized, processed and signed as a package. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. In a communication system for exchanging messages over a communications channel, a method of digitally signing a message to be transmitted comprising the steps of:
-
creating a digital hash value of the message to be transmitted designed to permit subsequent verification of the genuineness of a printed version of the message including the step of processing the digital message to reduce the message to a predetermined underlying character set; and incorporating said digital hash value as part of a digital signature. - View Dependent Claims (56)
-
-
57. In a communication system having a plurality of terminal devices coupled to a channel over which users may exchange messages, at least some of said user'"'"'s having a public key and an associated private key, a method for controlling authority in a hierarchical manner among a group of users, comprising the steps of:
-
specifying at least first and second digital authority defining data structures, said data structures having digital values which can be associated with at least one user'"'"'s private key, wherein said step of specifying includes the step of digitally specifying a set of authorities to allow a first user to digitally delegate authority to a second user, said delegated authorities allowing said second user to further digitally delegate authority to a third user; and digitally signing by the first user the second digital data structure so that signatures performed by the second user'"'"'s private key associated with the second data structure will be recognized upon an analysis of the digital signature as having been granted said authority by the first user in accordance with the first user'"'"'s authority-defining data structure. - View Dependent Claims (58)
-
Specification