×

Apparatus and method for managing digital certificates

  • US 10,630,489 B2
  • Filed: 01/15/2016
  • Issued: 04/21/2020
  • Est. Priority Date: 03/25/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for managing user identity, the method comprising:

  • establishing a connection secured with Transport Layer Security (TLS) from a client device to an Identity Registration Protocol (IRP) server;

    authenticating, at the IRP server, user login via the client device, with Strong Client Authentication (SCA) or Username/Password Authentication (UPA);

    upon request from the client device via the secured connection, registering or retrieving at the IRP server user identity information comprising user information, and an Internet Protocol (IP) address of the client device;

    upon request from the client device via the secure connection, registering or retrieving at the IRP server one or more digital certificate;

    sending as part of a request from the client device to the IRP server a Certificate Signing Request (CSR) via the secured connection;

    upon request from the client device via the secured connection, returning a signed digital certificate from the IRP server to the client device via the secured connection;

    sending a PKCS #12 package as part of a request from the client device to the IRP server via the secured connection;

    upon request from the client device via the secured connection, returning the PKCS #12 package from the IRP server to the client device via the secured connection;

    upon a request for certificate validity status or revocation status of the digital certificate from the client device via the secured connection, determining at the IRP server a user identifier from a user'"'"'s digital certificate;

    determining at the IRP server a domain name of a second IRP server from the user identifier;

    performing at the IRP server a Domain Name Server (DNS) SRV look up based on the domain name of the second IRP server;

    obtaining from the DNS SRV look up a hostname of the second IRP server at the IRP server;

    establishing a connection secured with TLS from the IRP server to the second IRP server;

    authenticating at the second IRP server user login via the IRP server;

    forwarding from the IRP server the request for certificate validity status or revocation status of the digital certificate to the second IRP server;

    sending the certificate validity status or revocation status of the digital certificate from the second IRP server to the IRP server; and

    sending the certificate validity status or revocation status of the digital certificate from IRP server to the client device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×