Public key validation service
First Claim
1. A public key validation agent (PKVA) comprising:
- an off-line registration authority for issuing a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN), the registration authority maintaining a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC; and
an on-line credentials server for issuing a disposable public key validation certificate (disposable PKVC) on-line to the subject, the disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC, wherein the credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database.
2 Assignments
0 Petitions
Accused Products
Abstract
A public key validation agent (PKVA) includes a registration authority which issues a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN). The registration authority maintains a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC. A credentials server issues a disposable public key validation certificate (disposable PKVC) on-line to the subject. The disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC. The credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. The PKVA can be employed in a public key validation service to validate the public key of the subject before a private/public key pair of the subject is used for authentication purposes.
-
Citations
14 Claims
-
1. A public key validation agent (PKVA) comprising:
-
an off-line registration authority for issuing a first unsigned public key validation certificate (unsigned PKVC) off-line to a subject that binds a public key of the subject to a first public key serial number (PKVN), the registration authority maintaining a certificate database of unsigned PKVCs in which it stores the first unsigned PKVC; and
an on-line credentials server for issuing a disposable public key validation certificate (disposable PKVC) on-line to the subject, the disposable PKVC binds the public key of the subject from the first unsigned PKVC to the first PKVN from the first unsigned PKVC, wherein the credentials server maintains a table that contains entries corresponding to valid unsigned PKVCs stored in the certificate database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification