Method for securely using digital signatures in a commercial cryptographic system

US 7,904,722 B2
Filed: 06/01/2001
Issued: 03/08/2011
Est. Priority Date: 07/19/1994
Status: Expired due to Fees

First Claim

Patent Images

1. In a cryptographic system wherein a certifying authority issues digital certificates identifying users of said system, said digital certificates being digitally signed with a private key of said certifying authority to form a digital signature and requiring a public key of said certifying authority in order to verify said digital signature, and wherein a user transaction in said cryptographic system requires verification by a recipient of said user transaction, said verification based on information in said digital certificates and requiring said public key, a method of controlling use of said public key comprising:

by said recipient, digitally signing at least one message containing rules of said system, by which said recipient agrees to said rules, said rules including a rule regarding maintaining secrecy of said public key; and

in response to said digital signing, permitting said recipient to utilize said public key and prior to said digital signing, denying utilization of said public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securely using digital signatures in a commercial cryptographic system that allows industry-wide security policy and authorization information to be encoded into the signatures and certificates by employing attribute certificates to enforce policy and authorization requirements. Verification of policy and authorization requirements is enforced in the system by restricting access to public keys to users who have digitally signed and agreed to follow rules of the system. These rules can also ensure that payment is made for public and private key usage. Additionally, users can impose their own rules and policy requirements on transactions in the system.

50 Citations

View as Search Results

28 Claims

1. In a cryptographic system wherein a certifying authority issues digital certificates identifying users of said system, said digital certificates being digitally signed with a private key of said certifying authority to form a digital signature and requiring a public key of said certifying authority in order to verify said digital signature, and wherein a user transaction in said cryptographic system requires verification by a recipient of said user transaction, said verification based on information in said digital certificates and requiring said public key, a method of controlling use of said public key comprising:
- by said recipient, digitally signing at least one message containing rules of said system, by which said recipient agrees to said rules, said rules including a rule regarding maintaining secrecy of said public key; and
  
  in response to said digital signing, permitting said recipient to utilize said public key and prior to said digital signing, denying utilization of said public key.
- View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein said recipient has a secure device containing said public key, wherein said public key cannot be obtained from said secure device.
  - 3. The method of claim 1, wherein each user of the system has a private key, and wherein said rules include:
    - a rule requiring payment to a third party upon each use of said public key;
      
      a rule requiring payment to a third party upon each use of a user'"'"'s private key;
      
      a rule requiring payment to a third party upon each certification of a certificate'"'"'s status;
      
      ora rule requiring payment to a third party upon each confirm-to transaction by a user.
  - 4. The method of claim 1, wherein said rules include a rule to pay for use by said recipient of intellectual property provided through the system.
  - 5. The method of claim 1, wherein said user transaction is invalid until said digital signing is performed.
  - 6. The method of claim 1, further comprising:
    - in response to said signing by said recipient, said certifying authority accepting a transaction from said recipient, said transaction based on said user transaction.
  - 13. The method of claim 1, wherein the public key becomes inactive after a certain time period, the system further comprising:
    - after the public key becomes inactive,in response to a demonstration by the recipient of agreement or consistency with one or more of the rules, activating the inactive public key.
  - 14. The method of claim 13, wherein said demonstration includes information identifying operational capabilities of a secure hardware device and further including information uniquely binding said recipient to said demonstration by the recipient of agreement or consistency with one or more of the rules.
  - 15. The method of claim 1, wherein the public key is certified by an authority.
  - 16. The method of claim 1, wherein said permitting comprises making the public key available by providing access to an inaccessible public key.
  - 17. The method of claim 1, further comprising:
    - a certifying authority accepting a transaction from the recipient, the transaction based on a transaction of the recipient in the cryptographic system, after demonstration by the recipient of agreement or consistency with one or more of the rules.
  - 18. The method of claim 1, wherein said permitting comprises:
    - in response to a predetermined transaction with a secure device, activating said public key in said secure device, said predetermined transaction including information from the secure device identifying operational capabilities of the secure device and uniquely identifying said secure device and further including information uniquely binding said recipient to said predetermined transaction, wherein said public key cannot be obtained from said secure device.

7. A method of enforcing a security policy in a cryptographic system, said policy including controlling use of a public key utilizable by a plurality of users of the cryptographic system, said method comprising:
- in response to a recipient digitally signing a message containing rules of said cryptographic system, by which said recipient agrees to said rules, permitting said recipient to utilize said public key, said rules including a rule regarding maintaining secrecy of said public key; and
  
  prior to said recipient digitally signing said message, denying use of said public key.
- View Dependent Claims (8, 9, 10, 11, 12, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 8. The method of claim 7, wherein said recipient has a secure device containing said public key, wherein said public key cannot be obtained from said secure device.
  - 9. The method of claim 7, wherein each user of the system has a private key, and wherein said rules include:
    - a rule requiring payment to a third party upon each use of said public key;
      
      a rule requiring payment to a third party upon each use of a user'"'"'s private key;
      
      a rule requiring payment to a third party upon each certification of a certificate'"'"'s status;
      
      ora rule requiring payment to a third party upon each confirm-to transaction by a user.
  - 10. The method of claim 7, wherein said rules include a rule to pay for use by said recipient of intellectual property provided through the system.
  - 11. The method of claim 7, wherein a user transaction of said recipient in the system is invalid until said digital signing is performed.
  - 12. The method of claim 7, further comprising:
    - in response to said signing by said recipient, a certifying authority accepting a transaction from said recipient, said transaction based on a user transaction of said recipient in the system.
  - 19. The method of claim 7, wherein a secure device contains an inactive form of said public key and said permitting comprises activating said inactive public key in said secure device.
  - 20. The method of claim 7, wherein said permitting comprises transferring said public key to said secure device.
  - 21. The method of claim 7, wherein said public key is provided in a secure device.
  - 22. The method of claim 21, wherein said public key in said secure device becomes inactive after a certain time period, said method further comprising:
    - after said public key becomes inactive,in response to a demonstration by the recipient of agreement or consistency with one or more of the rules, activating said inactive public key in said secure device.
  - 23. The method of claim 22, wherein said demonstration includes information identifying operational capabilities of the secure device and further including information uniquely binding said recipient to said demonstration by the recipient of agreement or consistency with one or more of the rules.
  - 24. The method of claim 7, wherein said permitting comprises transferring the public key to a secure device, wherein the public key cannot be obtained from the secure device.
  - 25. The method of claim 7, where, in the cryptographic system, a certifying authority issues digital certificates identifying participants of the cryptographic system, the digital certificates being digitally signed with a private key of the certifying authority to form a digital signature and requiring a public key of the certifying authority in order to verify the digital signature, and a participant transaction requires verification by a recipient of the participant transaction, the verification based on information in a digital certificate and requiring the public key.
  - 26. The method of claim 7, further comprising:
    - a certifying authority accepting a transaction from the recipient, the transaction based on a transaction of the recipient in the cryptographic system, after demonstration by the recipient of agreement or consistency with one or more of the rules.
  - 27. The method of claim 7, wherein said permitting comprises making the public key available by activating an inactive public key.
  - 28. The method of claim 7, wherein said permitting comprises:
    - in response to a predetermined transaction with a secure device, activating said public key in said secure device, said predetermined transaction including information from the secure device identifying operational capabilities of the secure device and uniquely identifying said secure device and further including information uniquely binding said recipient to said predetermined transaction, wherein said public key cannot be obtained from said secure device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certco
Original Assignee
Certco
Inventors
Sudia, Frank W., Siritzky, Brian
Primary Examiner(s)
Dada, Beemnet W

Application Number

US09/870,584
Publication Number

US 20020029337A1
Time in Patent Office

3,567 Days
Field of Search

713155-158, 713/175, 713/170, 713/176, 713/180, 380/30, 380/272, 380/282, 380/286, 726/6, 726/18
US Class Current

713/176
CPC Class Codes

G06Q 20/401   Transaction verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Method for securely using digital signatures in a commercial cryptographic system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securely using digital signatures in a commercial cryptographic system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links