Method and Apparatus for Providing Field Confidentiality in Digital Certificates

Nov. 5, 2004

Patent Number 6802002
Issue Date 2004 10 05
Assignee Hewlett-Packard Development Company, L.P.
Inventor(s) Corella, Francisco
State/Country CA

Title: Method and apparatus for providing field confidentiality in digital certificates

Abstract: A structured digital certificate is adapted to be certified by a digital signature of a certificate authority in an unprotected form, a first protected form, and a second protected form of the digital certificate. The digital certificate includes a first type field of authorization information relevant to a first recipient and being readable in the unprotected form and the first protected form of the digital certificate, and a first cryptographic folder containing a second type field of authorization information relevant to a second recipient and being readable in the unprotected form and the second protected form of the digital certificate, but not readable in the first protected form of the digital certificate. The digital certificate is configured to permit the subject to convert the structured digital certificate from the unprotected form to at least one of the first protected form and the second protected form. The digital certificate is convertible into the first protected form to permit the first recipient to authorize the subject of the structured digital certificate, into the second protected form to permit the second recipient to authorize the subject of the structured digital certificate. Exmp. Claim 27 Ex Claim text A system for enabling certified authorization of a subject by multiple relying parties, the system comprising: a subject; a first relying party and a second relying party; a trusted certificate authority; and a structured digital certificate including: a first type field of authorization information relevant to the first relying party and being readable in an unprotected form and a first protected form of the digital certificate; a first cryptographic folder containing a second type field of authorization information relevant to the second relying party and being readable in the unprotected form and a second protected form of the digital certificate, but not readable in the first protected form of the digital certificate; and a certification by the certificate authority that certifies the digital certificate in the unprotected form and in the first and second protected forms; wherein the digital certificate is convertible, after issuance, from the unprotected form to at least one of the first protected form and the second protected form, wherein in the first protected form, the digital certificate permits the first relying party to authorize the subject and in the second protected form, the digital certificate permits the second relying party to authorize the subject.