[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Micali's rights to lightweight certificates etc.

Dear Carl:

Last April I was forwarded by Ron (Rivest) the
following e-message addressed to you:

     "[Re: Micali's lightweight certificates with hash chains]

      The mechanism maybe patented, but who owns the patent?
      I am aware of claims by two european groups who have
      payment schemes using a combined s/key and signed cert


As I do not know the context of your conversation, it is hard for me
to guess which technology's rights the  above question refers to. 
There are (at least) two possible technologies the question refers to.
Let me thus answer it in either case. I would appreciate if you could
pass this information to people you feel may be interested in it. 
(I am trying to CC all the people CCed in the original message,
but  I am not sure that this reaches all the right people.)

                       RIGHTS INFORMATION

My efficient certificate revocation technology is itself based on my
off-line digital signature technology. 

The efficient certificate certificate revocation technology has
been invented by me alone. I have filed for patent protection,
and the patent is currently pending with the U.S. Patent Office.

The underlying off-line signature technology has been invented
by Shimon Even, Oded Goldreich and me. The technology is protected by
U.S. Patent No. 5,016,274. The rights to this technology are only with me.

(The latter technology, among other things, covers the process of separating
the signing process into two stages: a OFF-LINE one --that can be performed
before knowing what the message to be signed is--- and an ON-LINE one
--which is typically performed when one knows exactly what he/she wishes 
to sign. In the preferred embodiment,  in the off-line step,
the  signer uses the secret key SK of a first, conventional secret-public key
pair (SK,PK) to digitally sign the publick key, pk, of a
second, restricted but very fast, signature  scheme. In the on-line step,
the signer uses the second secret key --i.e., the one associated with pk-- 
in order to sign the desired message. 

In particular, the second public key, pk, can be
obtained by evaluating k times a given one-way hash function on input
sk. After doing so, one can sign in an off-line step pk together with
a certificate serial number (and other information).
Then, in an on-line step, one can sign  that a certificate is being valid
for at at least i days --where i is between 1 and k-- 
by releasing the ith inverse of pk; that is, by releasing a value that, 
hashed i times, yields pk.
You can thus see the connection between the two technologies.)

Both technologies are available for licensing.
If you or someone in your discussion group is aware of a company 
using either technology, I would appreciate if you could facilitate a 
contact between me and such a company, so that we can discuss possible 
licensing arrangements. 

The Efficient Certificate Revocation Paper is presented in
MIT Technical MIT/LCS/TM-542, dated November 95. A better version
appears in a March 1996 manuscript. Either version could be obtained
from me, if more convenient.

Off-Line Digital Signatures also appear in the Proceedings of
Crypto 89.  A better version can be found in
The Journal of Cryptography (1996) 9; pp. 35-67. 
Any version is also obtainable from me, if more convenient.

Hope this helps answering the above ``rights'' question.
Thank you also in advance for forwarding the above information
to whomever you believe may be interested in it.

All the best,