Abstract: A method for certification by a plurality of certifying authorities of the public key of a user wishing to communicate using a public key encryption system while asserting only a subset of rights. A plurality of certifying stations and a user station exchange information and the user station derives a plurality of private keys from the exchanged information. The certifying stations also publish related information and their public keys. The user communicates using a private key formed by summing selected ones of said plurality of private keys corresponding to asserted rights. A third party can derive the public key corresponding to the user's summed private key by operating on the published information with a summation of the certifying station public keys.