Patent attributes
An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority. A hash tree is generated from the public keys of the subordinate signature authorities to create the public key for the organization.