Identity-based certificate management
First Claim
Patent Images
1. A method comprising:
- as implemented by an authentication server, the authentication server configured with specific executable instructions,receiving a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value;
modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and
revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.
-
Citations
23 Claims
-
1. A method comprising:
-
as implemented by an authentication server, the authentication server configured with specific executable instructions, receiving a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp; querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value; modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21)
-
-
9. A system comprising:
-
a database; and a computing system comprising one or more computing devices, said computing system programmed via executable instructions to at least; receive a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp; query the database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value; modify the validity time in the entry in the database such that the modified validity time value is the validity time stamp; and revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer storage medium that comprises executable instructions that when executed by a computing system, directs the computing system to at least:
-
receive a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp; query a database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value; modify the validity time value in the entry in the database such that the modified validity time value is the validity time stamp; and revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value. - View Dependent Claims (18, 19, 20)
-
-
22. A method comprising:
-
as implemented by an authentication server, the authentication server configured with specific executable instructions, receiving a digital certificate revocation request corresponding to a client identity, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp; querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity, and wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity; modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
-
-
23. A system comprising:
-
a database; and a computing system comprising one or more computing devices, said computing system programmed via executable instructions to at least; receive a digital certificate revocation request corresponding to a client identity, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp; query the database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity, and wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity; modify the validity time in the entry in the database such that the modified validity time value is the validity time stamp; and revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
-
Specification