Monitor Certificate

    After authentication, certificates may be created by the Monitor. That is, the monitor shall be used as an identity certification authority. This results in the addition of three new commands to the protocol. The GET_MONITOR_KEY command may be used to retrieve the Monitor's public key modulus for signature verification purposes as follows:

REQUIRE: COMMAND
WAITING:
GET_MONITOR_KEY
RESULT: MONITOR_KEY n
REQUIRE: COMMAND
WAITING:

where n is the public modulus of the monitor's RSA key. The other portion, e is the exponent and is the number 65537, or 0x10001. The monitor also has a hidden private key, d. The monitor signs some value m using x = md mod n, where m < n. A system may subsequently decipher this value and check it using m = xe mod n. The value m must be sufficiently small to "fit" in n, and therefore typically represents the SHA-1 hash of a larger dataset.

 

Player Certificate

    The monitor also provides a method for anyone to get the certificate for any system using the GET_CERTIFICATE command as follows:

REQUIRE: COMMAND
WAITING:
GET_CERTIFICATE PARTICIPANT_SYSTEM_HANDLE
RESULT: CERTIFICATE PARTICIPANT_SYSTEM_HANDLE x

where x is the requested participant's certificate signed by the Monitor. The Monitor has a certificate which may be obtained by issuing:

GET_CERTIFICATE MONITOR

A system may certify itself with one key at any time to the Monitor, this is done by completing the normal authentication steps and then providing the Monitor with its public key information v and n using the MAKE_CERTIFICATE command as follows:

REQUIRE: COMMAND
WAITING:
MAKE_CERTIFICATE v n
RESULT: CERTIFICATE REQUESTOR_HANDLE x
REQUIRE: COMMAND
WAITING:

How to Use the Certificate to Authenticate

    The certificate c is the SHA-1 hash of the concatenation of v, then n (md.update(v); md.update(n)) and x = cd mod n, or the hash signed with the Monitor's RSA private key. The monitor saves x. This value is returned by the Monitor after the GET_CERTIFICATE command is executed.

Working Java Implementation of ZKP Protocol

    For desperados: ZKPTest.java