Identity-based certificate management

US 10,439,826 B2
Filed: 01/29/2018
Issued: 10/08/2019
Est. Priority Date: 04/07/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

as implemented by an authentication server, the authentication server configured with specific executable instructions,receiving a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;

querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value;

modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and

revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.

Citations

23 Claims

1. A method comprising:
- as implemented by an authentication server, the authentication server configured with specific executable instructions,receiving a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
  
  querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value;
  
  modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and
  
  revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 21)
- - 2. The method of claim 1, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity.
  - 3. The method of claim 2, further comprising decrementing the issuance count value in the entry by a number of digital certificates that are revoked.
  - 4. The method of claim 2, wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity.
  - 5. The method of claim 1, wherein the directory service is a Standard Query Language (SQL) database.
  - 6. The method of claim 1, wherein the validity time stamp comprises a dynamic certificate validation date.
  - 7. The method of claim 6, wherein the dynamic certificate validation date of the validity time stamp is configured to be modified through an administration panel user interface.
  - 8. The method of claim 1, wherein the validity time stamp comprises a set of date values that identify a year, month, and day, and a set of time values that identify an hour and minute.
  - 21. The method of claim 1, wherein revoking a digital certificate further comprises revoking the digital certificate without using a certificate revocation list or an online certificate status protocol.

9. A system comprising:
- a database; and
  
  a computing system comprising one or more computing devices, said computing system programmed via executable instructions to at least;
  
  receive a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
  
  query the database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value;
  
  modify the validity time in the entry in the database such that the modified validity time value is the validity time stamp; and
  
  revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity.
  - 11. The system of claim 10, wherein the computing system is further programmed via executable instructions to decrement the issuance count value in the entry by a number of digital certificates that are revoked.
  - 12. The system of claim 10, wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity.
  - 13. The system of claim 9, wherein the database is a Standard Query Language (SQL) database.
  - 14. The system of claim 9, wherein the validity time stamp comprises a dynamic certificate validation date.
  - 15. The system of claim 14, wherein the dynamic certificate validation date of the validity time stamp is configured to be modified through an administration panel user interface.
  - 16. The system of claim 9, wherein the validity time stamp comprises a set of date values that identify a year, month, and day, and a set of time values that identify an hour and minute.

17. A non-transitory computer storage medium that comprises executable instructions that when executed by a computing system, directs the computing system to at least:
- receive a digital certificate revocation request corresponding to a client identity referenced by a user account name, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
  
  query a database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value;
  
  modify the validity time value in the entry in the database such that the modified validity time value is the validity time stamp; and
  
  revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer storage medium of claim 17, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity.
  - 19. The non-transitory computer storage medium of claim 18, wherein the executable instructions, when executed by a computing system, further directs the computing system to decrement the issuance count value in the entry by a number of digital certificates that are revoked.
  - 20. The non-transitory computer storage medium of claim 17, wherein the validity time stamp comprises a set of date values that identify a year, month, and day, and a set of time values that identify an hour and minute.

22. A method comprising:
- as implemented by an authentication server, the authentication server configured with specific executable instructions,receiving a digital certificate revocation request corresponding to a client identity, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
  
  querying a directory service for an entry that corresponds to the client identity, wherein the entry comprises a validity time value, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity, and wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity;
  
  modifying the validity time value in the entry in the directory service such that the modified validity time value is the validity time stamp; and
  
  revoking a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.

23. A system comprising:
- a database; and
  
  a computing system comprising one or more computing devices, said computing system programmed via executable instructions to at least;
  
  receive a digital certificate revocation request corresponding to a client identity, wherein the digital certificate revocation request is submitted via a browser application and comprises a validity time stamp;
  
  query the database for an entry that corresponds to the client identity, wherein the entry comprises a validity time value, wherein the entry comprises an issuance count value corresponding to a number of digital certificates issued to the client identity, and wherein the issuance count value does not exceed a certificate issuance limit value associated with the client identity;
  
  modify the validity time in the entry in the database such that the modified validity time value is the validity time stamp; and
  
  revoke a digital certificate issued to a client system and associated with the client identity that has a validity start time before the modified validity time value or a validity end time before the modified validity time value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
SecureAuth Incorporated
Inventors
Grajek, Garret Florian, Lo, Jeffrey Chiwai, Lambiase, Mark V.
Primary Examiner(s)
Abedin, Shanto

Application Number

US15/882,066
Publication Number

US 20180167222A1
Time in Patent Office

617 Days
Field of Search

713156, 713158, 713175
US Class Current
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3252   using DSA or related signat...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

Identity-based certificate management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Identity-based certificate management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links