| 摘要 |
<p>A method is provided for digital signature infrastructure that provides public keys (1005) which are effective only for verifying digital signatures, and are not effective for encrypting information in a way that is unrecoverable by law-enforcement entities. The method can be implemented in software, thus avoiding the need for tamper-proof hardware. The method has the property that signing private keys (1010) are not escrowed, since the corresponding public keys cannot be used effectively for criminal communications. As a result no one can impersonate the user; alternately users can prove impersonations. Furthermore, the system is shadow public key resistant. A shadow public key is a public key which is not escrowed and which can be used for untappable communications. Therefore, the method presented here cannot be used to publish public keys which are not escrowed. All information displayed by the certificate authorities, and even the digital signatures of users, are shadow public key resistant. The present invention is useful for any application that requires that messages be verifiably authentic, and is particularly applicable to being used in a national public key infrastructure (PKI), since it is very scalable. It can be combined with Auto Recoverable auto certifiable systems to give a complete solution to encryption (confidentiality) and signature (authentication) in the context of escrow key systems.</p> |
