Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-04-08
2001-03-06
Gregory, Bernarr E. (Department: 3662)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C380S029000, C380S030000, C713S175000, C713S180000
Reexamination Certificate
active
06199053
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to the field of data security. More particularly, the invention relates to data security involving digital signatures transmitted with data.
2. Description of Related Art
The computer software market is exploding with a new breed of applications targeted towards electronic commerce transactions and digital content distribution across networks. Transactions performed across networks such as the Internet, especially electronic commerce transactions, must have enough security measures to ensure that theft and abuse are minimized. One such security measure widely employed to provide security for network transactions is public key cryptography.
In public key cryptography, two different keys, namely, a “public” key and a “private” key are used to encode messages. With knowledge of the public key, a user may encrypt a message, but without knowledge of the private key, another user cannot decrypt the same message. In a transaction, the originator of the message and recipient agree on a particular public key cryptography system to use, such as the widely used Rivest, Shamir, and Adleman (RSA). Then the recipient sends the originator his public key with which the originator encrypts the message. Next, the encrypted message is sent over the network to the recipient who uses his private key to decrypt the message.
Another mechanism which is utilized in network transactions is the digital signature which authenticates or verifies that the message sent could have only originated from the signatory. A digital signature is formed by the originator by passing the data to be signed (e.g., a computer file or document) through a one-way hash function and then encrypting the resulting hash value using the private key of the originator. The originator then sends the data, the public key of the originator, and the digital signature to the recipient. The recipient passes the received data through the same one-way hash function obtaining a hash value. The recipient then decrypts the digital signature with the public key of the originator and recovers the hash value. If the recovered hash value matches the hash value the recipient generated, the signature is valid. Though this and other public key digital signature protocols guarantee a level of authenticity and security for the digital signature, these protocols do not have a mechanism for binding the purpose of a digital signature along with the signature so that the signature is not used for an improper purpose.
For many electronic commerce and digital content distribution applications, there is a requirement not only to generate and verify digital signatures, but also to control and enforce the purpose for which a digital signature was generated and verified. For instance, in an electronic commerce transaction, when a bank “signs” a purchase order of a credit card holder that it serves and submits it to the merchant, the bank may want to limit its authorization of the credit card to a set amount to prevent any overcharging of the account.
Thus, there is a need to provide an enhanced digital signature that allows a purpose to be bound to digital signatures so that signatures cannot be employed for an improper purpose or abused.
SUMMARY
A method and apparatus for encoding a purpose description into the generation of digital signatures. Purpose description encoding allows an entity during an electronic transaction to control and enforce the purpose authorized for a digital signature.
An input data stream is passed through a hash function and utilized to generate a first hash value. The first hash value is used as a seed in generating an extended digital signature which amalgamates the purpose description into an ordinary digital signature. A purpose description is passed through a hash function (computer program/code which executes hashing), seeding with the first hash value to generate an extended hash value. The extended hash value is passed to a digital signature function (computer program/code which generates a digital signature) to generate an extended digital signature. The digital signature function can generate a digital signature which may be affixed to a transaction or document. When the extended digital signature is provided along with the purpose description to another digital signature function, generated by a different process or computer, both digital signature and purpose description can be decrypted to verify their authenticity. The extended digital signature capability and/or verification can be implemented as a service for function calls from other computers or processes, each function call passing its own digital signatures and purpose descriptions.
In an electronic transaction, a client may send purchasing data to a server which produces an extended digital signature. The extended digital signature can be sent to a second server or process to verify that the signature and purpose are valid. A key feature is that the purpose description is bound together with the digital signature such that it cannot be separated and tampered with.
In a computer or data processing system, extended digital signature capability is implemented using a digital signature processor which can act together with a CPU and memory. The digital signature processor includes a hash function circuit and a digital signature circuit and can also include a signature and purpose verifying circuit. The purpose description encoding safeguards the misuse and abuse of digital signatures.
REFERENCES:
patent: 5005200 (1991-04-01), Fischer
patent: 5208858 (1993-05-01), Vollert et al.
patent: 5479509 (1995-12-01), Ugon
patent: 6023509 (2000-02-01), Herbert et al.
Davis Derek L.
Herbert Howard C.
Blakely , Sokoloff, Taylor & Zafman LLP
Gregory Bernarr E.
Intel Corporation
LandOfFree
Digital signature purpose encoding does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Digital signature purpose encoding, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Digital signature purpose encoding will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2438006