Extensions for using a digital certificate with multiple cryptosystems
First Claim
1. A method of issuing a digital certificate, the method comprising:
- receiving, at a certificate authority node in a communication system, a certificate request comprising;
a first public key of an entity, the first public key being associated with a first cryptosystem; and
a second public key of the entity, the second public key being associated with a second cryptosystem;
generating a digital certificate comprising unpopulated fields;
populating a first public key field of the digital certificate with the first public key of the entity;
populating a second public key field in an extension of the digital certificate with the second public key of the entity;
populating a policy field in the extension of the digital certificate with a policy comprising;
instructions for processing a second digital signature of a certificate authority, the second digital signature of the certificate authority being associated with the second cryptosystem; and
instructions for processing a digital signature of the entity using the second public key of the entity;
generating, by one or more processors of the certificate authority node, the second digital signature using a second private key of the certificate authority, the second private key of the certificate authority being associated with the second cryptosystem, the second digital signature generated from the digital certificate comprising the first public key, the second public key, and the policy;
populating a second signature value field in the extension of the digital certificate with the second digital signature of the certificate authority;
generating, by one or more processors of the certificate authority node, a first digital signature of the certificate authority using a first private key of the certificate authority, the first private key of the certificate authority being associated with the first cryptosystem, the first digital signature generated from the digital certificate comprising the first public key, the second public key, the policy, and the second digital signature;
populating a first signature value field of the digital certificate with the first digital signature of the certificate authority; and
transmitting the digital certificate from the certificate authority node to a node associated with the entity in response to the certificate request.
1 Assignment
0 Petitions
Accused Products
Abstract
In a general aspect, a digital certificate can be used with multiple cryptography systems (“cryptosystems”). In some cases, the digital certificate includes a public key field, which contains a first public key of an entity associated with a first cryptosystem. The digital certificate includes a signature value field, which contains a first digital signature of a certificate authority associated with the first cryptosystem. The digital certificate includes an extension. The extension contains a second public key of the entity, a second digital signature of the certificate authority, or both, associated with a second cryptosystem. The extension contains a policy field that includes instructions for processing the fields associated with the second cryptosystem.
-
Citations
17 Claims
-
1. A method of issuing a digital certificate, the method comprising:
-
receiving, at a certificate authority node in a communication system, a certificate request comprising; a first public key of an entity, the first public key being associated with a first cryptosystem; and a second public key of the entity, the second public key being associated with a second cryptosystem; generating a digital certificate comprising unpopulated fields; populating a first public key field of the digital certificate with the first public key of the entity; populating a second public key field in an extension of the digital certificate with the second public key of the entity; populating a policy field in the extension of the digital certificate with a policy comprising; instructions for processing a second digital signature of a certificate authority, the second digital signature of the certificate authority being associated with the second cryptosystem; and instructions for processing a digital signature of the entity using the second public key of the entity; generating, by one or more processors of the certificate authority node, the second digital signature using a second private key of the certificate authority, the second private key of the certificate authority being associated with the second cryptosystem, the second digital signature generated from the digital certificate comprising the first public key, the second public key, and the policy; populating a second signature value field in the extension of the digital certificate with the second digital signature of the certificate authority; generating, by one or more processors of the certificate authority node, a first digital signature of the certificate authority using a first private key of the certificate authority, the first private key of the certificate authority being associated with the first cryptosystem, the first digital signature generated from the digital certificate comprising the first public key, the second public key, the policy, and the second digital signature; populating a first signature value field of the digital certificate with the first digital signature of the certificate authority; and transmitting the digital certificate from the certificate authority node to a node associated with the entity in response to the certificate request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising:
-
a data processing apparatus; and a computer-readable medium storing instructions that are operable when executed by the data processing apparatus to perform operations comprising; receiving a certificate request comprising; a first public key of an entity, the first public key being associated with a first cryptosystem, and a second public key of the entity, the second public key being associated with a second cryptosystem; generating a digital certificate comprising unpopulated fields;
populating a first public key field of the digital certificate with the first public key of the entity;populating a second public key field in an extension of the digital certificate with the second public key of the entity; populating a policy field in the extension of the digital certificate with a policy comprising; instructions for processing a second digital signature of a certificate authority, the second digital signature being associated with the second cryptosystem; and instructions for processing a digital signature of the entity using the second public key of the entity; generating the second digital signature using a second private key of the certificate authority, the second private key of the certificate authority being associated with the second cryptosystem, the second digital signature generated from the digital certificate comprising the first public key, the second public key, and the policy; populating a second signature value field in the extension of the digital certificate with the second digital signature of the certificate authority; generating a first digital signature of the certificate authority using a first private key of the certificate authority, the first private key of the certificate authority being associated with the first cryptosystem, the first digital signature generated from the digital certificate comprising the first public key, the policy, and the second digital signature; populating a first signature value field of the digital certificate with the first digital signature of the certificate authority; and transmitting the digital certificate to a node associated with the entity in response to the certificate request. - View Dependent Claims (10, 11, 12)
-
-
13. A non-transitory computer readable medium comprising instructions, which when executed by one or more processors, perform operations comprising:
-
receiving a certificate request comprising; a first public key of an entity, the first public key being associated with a first cryptosystem, and a second public key of the entity, the second public key being associated with a second cryptosystem; generating a digital certificate comprising unpopulated fields;
populating a first public key field of the digital certificate with the first public key of the entity;populating a second public key field in an extension of the digital certificate with the second public key of the entity; populating a policy field in the extension of the digital certificate with a policy comprising; instructions for processing a second digital signature of a certificate authority associated with the second cryptosystem, and instructions for processing a digital signature of the entity using the second public key of the entity; generating the second digital signature using a second private key of the certificate authority, the second private key of the certificate authority being associated with the second cryptosystem, the second digital signature generated from the digital certificate comprising the first public key, the second public key, and the policy; populating a second signature value field in the extension of the digital certificate with the second digital signature of the certificate authority; generating a first digital signature of the certificate authority using a first private key of the certificate authority, the first private key being associated with the first cryptosystem, the first digital signature generated from the digital certificate comprising the first public key, the second public key, the policy, and the second digital signature; populating a first signature value field of the digital certificate with the first digital signature of the certificate authority; and transmitting the digital certificate to a node associate with the entity in response to the certificate request. - View Dependent Claims (14, 15, 16, 17)
-
Specification