Apparatus and method for managing digital certificates
First Claim
1. A method for managing user identity, the method comprising:
- establishing a connection secured with Transport Layer Security (TLS) from a client device to an Identity Registration Protocol (IRP) server;
authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA);
upon request from the client device via the secured connection, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device;
upon request from the client device via the secure connection, registering or retrieving at the IRP server one or more digital certificate;
sending as part of a request from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection;
upon request from the client device via the secured connection, returning a signed digital certificate from the IRP server to the client device via the secured connection;
sending a PKCS #12 package as part of a request from the client device to the IRP server via the secured connection;
upon request from the client device via the secured connection, returning the PKCS #12 package from the IRP server to the client device via the secured connection;
upon a request for certificate validity status or revocation status of the digital certificate from the client device via the secured connection, determining at the IRP server a user identifier from a user'"'"'s digital certificate;
determining at the IRP server a domain name of a second IRP server from the user identifier;
performing at the IRP server a Domain Name Server (DNS) SRV look up based on the domain name of the second IRP server;
obtaining from the DNS SRV look up a hostname of the second IRP server at the IRP server;
establishing a connection secured with TLS from the IRP server to the second IRP server;
authenticating at the second IRP server user login via the IRP server;
forwarding from the IRP server the request for certificate validity status or revocation status of the digital certificate to the second IRP server;
sending the certificate validity status or revocation status of the digital certificate from the second IRP server to the IRP server; and
sending the certificate validity status or revocation status of the digital certificate from IRP server to the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and a method for managing user identity, the method comprising: establishing a connection secured with Transport Layer Security (TLS) from a client device to an IRP server; authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA); upon request from the client device, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device; upon request from the client device, registering or retrieving at the IRP server one or more digital certificate; sending from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection; upon request from the client device, returning a signed digital certificate from the IRP server to the client device; sending a PKCS #12 package from the client device to the IRP server; and upon request from the client device, returning a PKCS #12 package from the IRP server to the client device.
-
Citations
13 Claims
-
1. A method for managing user identity, the method comprising:
-
establishing a connection secured with Transport Layer Security (TLS) from a client device to an Identity Registration Protocol (IRP) server; authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA); upon request from the client device via the secured connection, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device; upon request from the client device via the secure connection, registering or retrieving at the IRP server one or more digital certificate; sending as part of a request from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection; upon request from the client device via the secured connection, returning a signed digital certificate from the IRP server to the client device via the secured connection; sending a PKCS #12 package as part of a request from the client device to the IRP server via the secured connection; upon request from the client device via the secured connection, returning the PKCS #12 package from the IRP server to the client device via the secured connection; upon a request for certificate validity status or revocation status of the digital certificate from the client device via the secured connection, determining at the IRP server a user identifier from a user'"'"'s digital certificate; determining at the IRP server a domain name of a second IRP server from the user identifier; performing at the IRP server a Domain Name Server (DNS) SRV look up based on the domain name of the second IRP server; obtaining from the DNS SRV look up a hostname of the second IRP server at the IRP server; establishing a connection secured with TLS from the IRP server to the second IRP server; authenticating at the second IRP server user login via the IRP server; forwarding from the IRP server the request for certificate validity status or revocation status of the digital certificate to the second IRP server; sending the certificate validity status or revocation status of the digital certificate from the second IRP server to the IRP server; and sending the certificate validity status or revocation status of the digital certificate from IRP server to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11)
-
-
8. The method as claimed in 6, wherein the method comprises:
-
encrypting a password used for the UPA when the UPA is disabled; and decrypting the password used for the UPA when the UPA is enabled.
-
-
9. The method as claimed in 7, wherein the method comprises:
-
encrypting a password used for the UPA when the UPA is disabled; and decrypting the password used for the UPA when the UPA is enabled.
-
-
12. An apparatus for managing user identity, the apparatus comprising:
-
one or more hardware processors configured to execute program codes to control the apparatus to; establish a connection secured with Transport Layer Security (TLS) from a client device to the apparatus; authenticate user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA); upon request from the client device via the secured connection, register or retrieve user identity information comprising user information, and an Internet Protocol (IP) address of the client device; upon request from the client device via the secure connection, register or retrieve one or more digital certificate; receive as part of a request from the client device a Certificate Signing Request (CSR) via the secured connection; upon request from the client device via the secured connection, return a signed digital certificate to the client device via the secured connection; receive a PKCS #12 package as part of a request from the client device via the secured connection; and upon request from the client device via the secured connection, return the PKCS #12 package to the client device via the secured connections; upon a request for certificate validity status or revocation status of the digital certificate from the client device via the secured connection, determining at the IRP server a user identifier from a user'"'"'s digital certificate; determining at the IRP server a domain name of a second IRP server from the user identifier; performing at the IRP server a Domain Name Server (DNS) SRV look up based on the domain name of the second IRP server; obtaining from the DNS SRV look up a hostname of the second IRP server at the IRP server; establishing a connection secured with TLS from the IRP server to the second IRP server; authenticating at the second IRP server user login via the IRP server; forwarding from the IRP server the request for certificate validity status or revocation status of the digital certificate to the second IRP server; sending the certificate validity status or revocation status of the digital certificate from the second IRP server to the IRP server; and sending the certificate validity status or revocation status of the digital certificate from IRP server to the client device.
-
-
13. A non-transitory computer-readable medium storing a program causing a computer to execute a method for managing user identity, the method comprising:
-
establishing a connection secured with Transport Layer Security (TLS) from a client device to an Identity Registration Protocol (IRP) server; authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA); upon request from the client device via the secured connection, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device; upon request from the client device via the secure connection, registering or retrieving at the IRP server one or more digital certificate; sending as part of a request from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection; upon request from the client device via the secured connection, returning a signed digital certificate from the IRP server to the client device via the secured connection; sending a PKCS #12 package as part of a request from the client device to the IRP server via the secured connection; and upon request from the client device via the secured connection, returning the PKCS #12 package from the IRP server to the client device via the secured connection; upon a request for certificate validity status or revocation status of the digital certificate from the client device via the secured connection, determining at the IRP server a user identifier from a user'"'"'s digital certificate; determining at the IRP server a domain name of a second IRP server from the user identifier; performing at the IRP server a Domain Name Server (DNS) SRV look up based on the domain name of the second IRP server; obtaining from the DNS SRV look up a hostname of the second IRP server at the IRP server; establishing a connection secured with TLS from the IRP server to the second IRP server; authenticating at the second IRP server user login via the IRP server; forwarding from the IRP server the request for certificate validity status or revocation status of the digital certificate to the second IRP server; sending the certificate validity status or revocation status of the digital certificate from the second IRP server to the IRP server; and sending the certificate validity status or revocation status of the digital certificate from IRP server to the client device.
-
Specification