AU3026600A - A certification method - Google Patents

A certification method Download PDF

Info

Publication number
AU3026600A
AU3026600A AU30266/00A AU3026600A AU3026600A AU 3026600 A AU3026600 A AU 3026600A AU 30266/00 A AU30266/00 A AU 30266/00A AU 3026600 A AU3026600 A AU 3026600A AU 3026600 A AU3026600 A AU 3026600A
Authority
AU
Australia
Prior art keywords
person
code
certification
public key
communicable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
AU30266/00A
Inventor
James Howard Manger
Edward Andrew Zuk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telstra New Wave Pty Ltd
Original Assignee
Telstra R&D Management Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AUPP7570A external-priority patent/AUPP757098A0/en
Application filed by Telstra R&D Management Pty Ltd filed Critical Telstra R&D Management Pty Ltd
Priority to AU30266/00A priority Critical patent/AU3026600A/en
Publication of AU3026600A publication Critical patent/AU3026600A/en
Assigned to TELSTRA NEW WAVE PTY LTD reassignment TELSTRA NEW WAVE PTY LTD Amend patent request/document other than specification (104) Assignors: TELSTRA R & D MANAGEMENT PTY LTD
Abandoned legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Description

WO 00/35141 PCT/AU99/01096 -1 A CERTIFICATION METHOD The present invention relates to a certification method and system. The present invention particularly, but not exclusively, relates to public key cryptography and a process for the issuing 5 of digital certificates to bind a person's identity to a particular public key. The basis of public key cryptography is the generation of a public and private key pair for use in the encryption and decryption, and signing and verifying, of information transmitted over public access communication lines. Key pairs are mathematically related, but it is not 10 practically feasible to derive a private key from its corresponding public key. A person may openly distribute the public key but the person must keep secret the private key. Anyone wishing to send information to a person encrypts the information using that person's public key. The recipient, being the sole possessor of the corresponding private key, is the only person who can decrypt that information. 15 For a number of electronic commerce applications, a trusted third party, known as a Certification Authority (CA), is needed to bind a person's identity or information, such as privileges, memberships, account numbers, etc., to their public key. The CA issues a digital certificate, which is essentially a form of electronic identification that binds two or more pieces 20 of information, such as the identity of the person and a particular public key. Throughout the specification a reference to person is intended to include a reference to an organisation or individual. The process of binding a public key to a person must be secure so that the CA can issue 25 a digital certificate and be accordingly held responsible for it. At present, there is a weakness in certification processes used by CAs. Once the CA receives the public key generated by a person's equipment, together with other data concerning the person, a registrar of the CA contacts the person, or vice versa, to correctly identify them with reference to the person's identifying or personal data that has been provided. This is normally done by having the 30 contacted person repeat to the registrar personal details, such as mothers' maiden names and drivers' licence numbers. This identifying information however is only related to the identifying or personal data submitted by the person and does not relate whatsoever to the public key which is used for all future communications. The public key can therefore become separated from the WO 00/35141 PCT/AU99/01096 -2 person's data held by the CA or substituted and there is currently no method of relating the public key to the person otherthan by storing it with the person's data. It is desired to overcome this problem or at least provide a useful alternative. 5 The present invention provides a certification method, including: receiving a public key of a public/private key pair generated by a system of a person; processing said public key to generate a communicable code representative of said public key; identifying said person, said identifying including having said person convey said 10 communicable code; and generating a digital certificate, said certificate including said public key. The present invention also provides a certification system, including: means for receiving a public key of a public/private key pair generated by a system of 15 a person; means for processing said public key to generate a communicable code representative of said public key; and means for generating a digital certificate after identifying said person, said identifying including having said person convey said communicable code, and said certificate including said 20 public key. The present invention also provides a certification program stored on computer readable storage media, including: code for receiving a public key of a public/private key pair generated by a system of a 25 person; code for processing said public key to generate a communicable code representative of said public key; and code for generating a digital certificate after identifying said person, said identifying including having said person convey said communicable code, and said certificate including said 30 public key. The present invention also provides an identification process, including: receiving a public key of a public/private key pair and identifying information of a WO 00/35141 PCT/AU99/01096 -3 person; deriving a communicable code from said public key; and having said person convey said communicable code. 5 The present invention also provides an identification process, including: generating a communicable code from a public key of a public/private key pair; and binding said public key to identifying information of a person when said person conveys said communicable code. 10 A preferred embodiment of the present invention is hereinafter described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a block diagram of a preferred embodiment of a certification system; and Figure 2 is a flowchart of steps executed by the system. 15 Referring to Figure 1, there is shown a person 20 who can interact with a telephone 42 or the person's computer system 32. The computer system 32 can communicate with a certification computer system 30 of a Certification Authority (CA), or a registrar acting for or on behalf of the CA, via a communications channel 60. A registrar 10 of the CA interacts with the certification system 30 and a telephone 40 to communicate with and confirm the identity of 20 the person 20. The registrar 10 and the person communicate verbally over a communications channel 62 connecting the telephones 40, 42. The computer systems 30, 32 may communicate with each other independently or on instructions from the registrar 10 or person 20, respectively. The communications channels 60, 62 may be constituted by any voice or data transmission media. For example, the communications channel 60 may be a TCP/IP link. 25 Referring to Figure 2, a person wishing to obtain a certificate from the CA would visit the CA web site 100 using the person's computer system 32. This is the first step in the process of obtaining a certificate and is one way by which the person may perform the second step of filling out the registration form 110 and sending it to the CA over the communications channel 30 60. The registration form captures personal or identifying information about the person which could be used to confirm the identity of that person over the telephone. Once the person fills out and sends the registration form 110, the person is not aware of the subsequent steps in the process until he or she receives a registration ID, at step 210, in the form of a communicable WO 00/35141 PCT/AU99/01096 -4 code. The intervening parts 120 to 200 of the process are conducted by the computer systems 30, 32 automatically. The computer system 30 of the CA receives and processes the submitted registration 5 form at step 120 and sends an instruction to generate the public/private key pair 130 to the computer system 32 of the person. The received registration information may be stored in a database at this point or may be stored once the person's public key is received and the corresponding alphanumeric code is generated together with that information. Once the computer system 32 has received the instruction to generate a public/private key pair, it 10 generates, according to algorithms commonly used by browser applications, such as Netscape Navigator or Microsoft Internet Explorer, a public/private key pair at step 140. The private key is kept securely by the person in the memory of the computer system 32 or another data storage medium, while the public key may be used by anyone wishing to send information to the person. The person's computer system 32 sends the public key 150 to the computer system 30 of the 15 CA. Once the computer system 30 receives the public key it generates the communicable code, at step 180. The public key is represented as a value of the Abstract Syntax Notation No. 1 (described in ASN.1 by ITU) data type SubjectPublicKeyInfo (defined in standard X.509 by ITU), encoded according to the distinguished encoding rules (DER by ITU) and passed through a secure one-way hash algorithm such as SHA-1 (defined in the U.S. Government Federal 20 Information Processing Standard (FIPS) 180-1). The output of the hash algorithm is truncated to 40 bits and converted to 8 base-32 characters. The numerals and upper case letters (excluding '0', '1', 'O' and 'I' to avoid confusion) are used as the base-32 character set. For example, the code may be 8JQ3 UEB5. The code is communicable, to the extent that it is sensibly communicable by the person to the registrar on the communications channel 62, which may 25 include a telephone call or facsimile message. The public key is not sensibly communicable on an identification channel 62 as it is a large mathematical quantity typically consisting of hundreds of decimal digits. The information on the person generated and received is then stored in a database, at step 190, by the CA. 30 The communicable alphanumeric code is sent to the person as a registration ID, at step 200. The person will probably not know that the registration ID is, in fact, derived from the public key generated by the person's computer system 32. At some time after the person receives the registration ID 210, he or she establishes telephone communication with the WO 00/35141 PCT/AU99/01096 -5 registrar of the CA and provides the registrar with relevant person identification information, at step 220. The registrar confirms the relevant information 230 and requests the person to say the registration ID 240. Once the person provides the registration ID 250 to the registrar, the CA has a public key from computer system 30 and a confirmed identity and communicable code 5 from the registrar. The CA compares, at step 260, the code to a value recalculated from the public key using the secure hash algorithm and, if they match, issues a digital certificate that lists the public key and confirmed identity 270. The digital certificate thereby incorporates the public key and the confirmed identity data and is signed by the CAs private key. The certificate may be sent, at step 280, to the person and stored, at step 290, on their hard drive, floppy disk, 10 smart card, etc. and/or the certificate may be published in another system, such as electronic white pages. As the alphanumeric code used in the identification process is derived directly from the public key, the CA can ensure the identification information confirmed by the registrar and the 15 public key are bound as a pair, which ensures the digital certificate contains the correct information. The steps of the certification process described above which are executed on the computer systems 30 and 32 are preferably executed by, or under the control of, computer 20 programs resident on the respective systems 30 and 32. The steps may also be wholly or partly executed by dedicated hardware included in the systems, such as application specific integrated circuits (ASICs). The systems 30 and 32 may comprise single systems in one location or may comprise distributed systems with their software and hardware components in different locations. 25 Many modifications will be apparent to those skilled in the art without departing from the scope of the present invention as herein described. For example, the person 20 being identified may be aware that the registration ID is a summary of the public key. Their system 32 could be used to generate the alphanumeric code, which acts as a key summary, and the 30 person can then convey the code with the identifying information which is to be bound to the public key. Also when the registrar identifies the person and has the person convey the communicable code, a number of techniques could be employed to initiate or achieve this. For example, the registrar may phone the person, the person may phone the registrar, as discussed WO 00/35141 PCT/AU99/01096 -6 above, or the person can physically visit, fax or send mail to the registrar, and/or vice versa. 5

Claims (44)

1. A certification method, including: receiving a public key of a public/private key pair generated by a system of a person; 5 processing said public key to generate a communicable code representative of said public key; identifying said person, said identifying including having said person convey said communicable code; and generating a digital certificate, said certificate including said public key. 10
2. A certification method as claimed in claim 1, wherein said identifying includes verifying identification information of said person, and said certificate binds said identifying information and said public key. 15
3. A certification method as claimed in claim 2, wherein said communicable code is a limited character string.
4. A certification method as claimed in claim 3, wherein said communicable code is generated using a secure one-way hash function. 20
5. A certification method as claimed in claim 1, including requesting generation of the public/private key pair by the system of the person, in response to receiving a registration request from the person. 25
6. A certification method as claimed in claim 5, wherein said registration request includes said identifying information for said person.
7. A certification method as claimed in claim 1, wherein said identifying includes matching a communicable code generated from said public key with the communicable code conveyed 30 by said person.
8. A certification method as claimed in claim 1, including sending said digital certificate to said system of said person. WO 00/35141 PCT/AU99/01096 -8
9. A certification method as claimed in claim 1, including sending said code to said system for said person.
10. A certification method as claimed in claim 9, wherein said sending includes transmitting 5 display data to said system for display of said communicable code by said system.
11. A certification method as claimed in claim 1, wherein said processing of said public key is executed by said system of said person. 10
12. A certification method as claimed in claim 1, wherein said conveying involves oral communication of said communicable code.
13. A certification method as claimed in claim 12, wherein the oral communication occurs during a telecommunications call. 15
14. A certification system, including: means for receiving a public key of a public/private key pair generated by a system of a person; means for processing said public key to generate a communicable code representative 20 of said public key; and means for generating a digital certificate after identifying said person, said identifying including having said person convey said communicable code, and said certificate including said public key. 25
15. A certification system as claimed in claim 14, wherein said identifying includes verifying identification information of said person, and said certificate binds said identifying information and said public key.
16. A certification system as claimed in claim 15, wherein said communicable code is a 30 limited character string.
17. A certification system as claimed in claim 16, wherein said communicable code is generated using a secure one-way hash function. WO 00/35141 PCT/AU99/01096 -9
18. A certification system as claimed in claim 14, including means for sending said code to said system for said person.
19. A certification system as claimed in claim 14, including means for requesting generation 5 of the public/private key pair by the system of the person, in response to receiving a registration request from the person.
20. A certification system as claimed in claim 19, wherein said registration request includes said identifying information for said person. 10
21. A certification system as claimed in claim 14, wherein said identifying includes matching a communicable code generated from said public key with the communicable code conveyed by said person. 15
22. A certification system as claimed in claim 14, including means for sending said digital certificate to said system of said person.
23. A certification system as claimed in claim 18, wherein said means for sending transmits display data to said system for display of said communicable code by said system. 20
24. A certification system as claimed in claim 14, wherein said conveying involves oral communication of said communicable code.
25. A certification system as claimed in claim 24, wherein the oral communication occurs 25 during a telecommunications call.
26. A certification system as claimed in claim 14, including means for executing said identifying. 30
27. A certification program stored on computer readable storage media, including: code for receiving a public key of a public/private key pair generated by a system of a person; code for processing said public key to generate a communicable code representative of WO 00/35141 PCT/AU99/01096 - 10 said public key; and code for generating a digital certificate after identifying said person, said identifying including having said person convey said communicable code, and said certificate including said public key. 5
28. A certification program as claimed in claim 27, wherein said identifying includes verifying identification information of said person, and said certificate binds said identifying information and said public key. 10
29. A certification program as claimed in claim 28, wherein said communicable code is a limited character string.
30. A certification program as claimed in claim 29, wherein said communicable code is generated using a secure one-way hash function. 15
31. A certification program as claimed in claim 27, including code for sending said code to said system for said person.
32. A certification program as claimed in claim 27, including code for requesting generation 20 of the public/private key pair by the system of the person, in response to receiving a registration request from the person.
33. A certification program as claimed in claim 32, wherein said registration request includes said identifying information for said person. 25
34. A certification program as claimed in claim 27, wherein said identifying includes matching a communicable code generated from said public key with the communicable code conveyed by said person. 30
35. A certification program as claimed in claim 27, including code for sending said digital certificate to said system of said person.
36. A certification program as claimed in claim 31, wherein said code for sending transmits WO 00/35141 PCT/AU99/01096 -11 display data to said system for display of said communicable code by said system.
37. A certification program as claimed in claim 27, wherein said conveying involves oral communication of said communicable code. 5,
38. A certification program as claimed in claim 37, wherein the oral communication occurs during a telecommunications call.
39. A certification program as claimed in claim 27, including code for executing said 10 identifying.
40. An identification process, including: receiving a public key of a public/private key pair and identifying information of a person; 15 deriving a communicable code from said public key; and having said person convey said communicable code.
41. An identification process as claimed in claim 40, including comparing a communicable code derived from the public key with the conveyed communicable code, and issuing a digital 20 certificate binding the public key and identifying information when the codes match.
42. An identification process as claimed in claim 41, wherein said communicable code is a limited character string. 25
43. An identification process as claimed in claim 42, wherein said communicable code is generated using a secure one-way hash function.
44. An identification process, including: generating a communicable code from a public key of a public/private key pair; and 30 binding said public key to identifying information of a person when said person conveys said communicable code.
AU30266/00A 1998-12-08 1999-12-08 A certification method Abandoned AU3026600A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU30266/00A AU3026600A (en) 1998-12-08 1999-12-08 A certification method

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AUPP7570 1998-12-08
AUPP7570A AUPP757098A0 (en) 1998-12-08 1998-12-08 A public key process and a certification method
AU30266/00A AU3026600A (en) 1998-12-08 1999-12-08 A certification method
PCT/AU1999/001096 WO2000035141A1 (en) 1998-12-08 1999-12-08 A certification method

Publications (1)

Publication Number Publication Date
AU3026600A true AU3026600A (en) 2000-06-26

Family

ID=25621380

Family Applications (1)

Application Number Title Priority Date Filing Date
AU30266/00A Abandoned AU3026600A (en) 1998-12-08 1999-12-08 A certification method

Country Status (1)

Country Link
AU (1) AU3026600A (en)

Similar Documents

Publication Publication Date Title
US9813249B2 (en) URL-based certificate in a PKI
US7020778B1 (en) Method for issuing an electronic identity
US6792531B2 (en) Method and system for revocation of certificates used to certify public key users
CN1565117B (en) Data certification method and apparatus
CN1701561B (en) Authentication system based on address, device thereof, and program
US6868160B1 (en) System and method for providing secure sharing of electronic data
US7937584B2 (en) Method and system for key certification
US20030163700A1 (en) Method and system for user generated keys and certificates
EP1786139A1 (en) Group signature system, member state judgment device, group signature method, and member state judgment program
JPH09116534A (en) Security level controller and network communication system
JP2002099211A (en) System and method for processing public key certificate issuing request
CN1234662A (en) Enciphered ignition treatment method and apparatus thereof
CN112565294B (en) Identity authentication method based on block chain electronic signature
US20060136714A1 (en) Method and apparatus for encryption and decryption, and computer product
WO2003049358A1 (en) A method and system for authenticating digital certificates
US7139911B2 (en) Password exposure elimination for digital signature coupling with a host identity
EP1879321A1 (en) Electronic signature with a trusted platform
US7565528B1 (en) Method for generating asymmetrical cryptographic keys by the user
WO2000035141A1 (en) A certification method
JPH06334798A (en) Communication network and signal generator
AU3026600A (en) A certification method
JP3796528B2 (en) Communication system for performing content certification and content certification site device
JP2005217808A (en) Information processing unit, and method for sealing electronic document
Perschau et al. Security and facsimile
JP2003143137A (en) Apparatus and method for lapse confirmation

Legal Events

Date Code Title Description
TC Change of applicant's name (sec. 104)

Owner name: TELSTRA NEW WAVE PTY LTD

Free format text: FORMER NAME: TELSTRA R AND D MANAGEMENT PTY LTD

MK1 Application lapsed section 142(2)(a) - no request for examination in relevant period