Digital signature authentication without a certification authority

摘要

Systems and methods for managing private and public encryption keys without the need for a third party certification authority. An initial value is generated by an authentication server. The initial value is divided into at least two portions and each portion is communicated with a user using different communication channels. The user receives the portions and enters a secret string value (i.e. a secret sentence) known only to the user. The portions are concatenated together to recreate the initial value. The portions, the initial value, and the secret string value are then used to create public and private keys for use by the user. Any recipient can authenticate digital signatures without needing the secret string value or the user's device can authenticate a digital signature using the portions and the secret string value.

主权项

1. A method for generating public and private keys in a public key-private key cryptographic scheme, the method comprising:
a) receiving, at a computing device from a server, multiple portions comprising at least a first portion p1 and a second portion p2 of an initial value e by way of different communication channels, each of said multiple portions being transmitted by a communication channel which is separate and different from communication channels used to transmit other portions of said initial value; b) receiving, at said computing device from a user, a secret string value generated by said user; c) converting, at said computing device, said secret string value into a digital secret string value s; d) concatenating, at said computing device, said multiple portions p1 and p2 to recreate said initial value e; e) receiving, at said computing device, at least one system parameter r from said server; f) using said multiple portions, said initial value, said at least one system parameter, and said digital secret string value to generate a public key-private key pair for said scheme at said computing device by:
g1) determining a value p=first prime number after sp1 mod r;g2) determining a value q=first prime number after sp2 mod r;g3) determining a value n=pq where p and q are from steps g1) and g2);g4) determining a value φ=(p−1)(q−1);g5) determining a value d=e−1 (mod φ);wherein said public key comprises said value n and said value e; and said private key comprises said value d; wherein said cryptographic scheme further comprises, at a further computing device configured to receive a communication from said computing device:
h1) extracting a digital signature from said communication;h2) converting said digital signature into a numeric value;h3) determining a first signature value equal to sige mod n where sig is said numeric value;h4) producing a hash value of said communication to result in a second signature value;h5) comparing said first signature value to said second signature value; andh6) concluding that said communication is authentic in the event said first signature value is equal to said second signature value.