System and method for providing certificate validation and other services
First Claim
1. A system for providing one or more services via a network, comprising:
- a root entity, the root entity operating a root entity certification authority, the root entity maintaining a root entity configuration baseline for the root entity certification authority, the root entity configuration baseline comprising the operating environment of the root entity certification authority;
at least one level-one participant, the level-one participant operating a level-one certification authority, the level-one participant maintaining a configuration baseline for the level-one certification authority, the configuration baseline for the level-one certification authority comprising the operating environment of the level-one certification authority;
at least one level-two participant, the level-two participant operating a level-two certification authority, the level-two participant maintaining a configuration baseline for the level-two certification authority, the configuration baseline for the level-two certification authority comprising the operating environment of the level-two certification authority.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and method for facilitating electronic commerce by securely providing certificate-related and other services including certificate validation and warranty is disclosed. In a preferred embodiment, these services are provided within the context of a four-corner trust model. The four-corner model comprises a buyer, or subscribing customer, and a seller, or relying customer, who engage in an on-line transaction. The buyer is a customer of a first financial institution, or issuing participant. The issuing participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the issuing participant. The seller is a customer of a second financial institution, or relying participant. The relying participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the relying participant. The system also includes a root certificate authority that operates a certificate authority that issues digital certificates to the issuing and relying participants. At the time of a transaction, the buyer creates a hash of the transaction data, signs the hash, and transmits the transaction data, the signature, and its digital certificate to the seller. The seller may then request system services via a connection with its financial institution, the relying participant. The system services may include a certificate status check service and a warranty service. The certificate status check service allows the relying customer to validate the subscribing customer'"'"'s certificate. The warranty service allows the relying customer to receive a collateral-backed warranty that the subscribing customer'"'"'s certificate is valid. Each participant and the root entity is provided with a transaction coordinator for combining services and operations into a single transaction having the qualities of atomicity, consistency, isolation, and durability. The transaction coordinator provides a single consistent interface for certificate-status messages and requests, as well as messages and requests relating to other services.
-
Citations
21 Claims
-
1. A system for providing one or more services via a network, comprising:
-
a root entity, the root entity operating a root entity certification authority, the root entity maintaining a root entity configuration baseline for the root entity certification authority, the root entity configuration baseline comprising the operating environment of the root entity certification authority;
at least one level-one participant, the level-one participant operating a level-one certification authority, the level-one participant maintaining a configuration baseline for the level-one certification authority, the configuration baseline for the level-one certification authority comprising the operating environment of the level-one certification authority;
at least one level-two participant, the level-two participant operating a level-two certification authority, the level-two participant maintaining a configuration baseline for the level-two certification authority, the configuration baseline for the level-two certification authority comprising the operating environment of the level-two certification authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
13. A system for providing a certificate status check service via a network comprising a plurality of entities including at least one root entity, at least one issuing participant, and at least one relying participant, each entity comprising:
-
a transaction coordinator;
an online certificate status protocol responder, the online certificate status protocol responder checking status of a certificate, the online certificate status protocol responder receiving online certificate status requests from the transaction coordinator, the online certificate status protocol responder sending online certificate status responses to the transaction coordinator; and
at least one hardware security module.
-
Specification