System and method for providing certificate validation and other services

US 20020029200A1
Filed: 09/10/2001
Published: 03/07/2002
Est. Priority Date: 09/10/1999
Status: Abandoned Application

First Claim

Patent Images

1. A system for providing one or more services via a network, comprising:

a root entity, the root entity operating a root entity certification authority, the root entity maintaining a root entity configuration baseline for the root entity certification authority, the root entity configuration baseline comprising the operating environment of the root entity certification authority;

at least one level-one participant, the level-one participant operating a level-one certification authority, the level-one participant maintaining a configuration baseline for the level-one certification authority, the configuration baseline for the level-one certification authority comprising the operating environment of the level-one certification authority;

at least one level-two participant, the level-two participant operating a level-two certification authority, the level-two participant maintaining a configuration baseline for the level-two certification authority, the configuration baseline for the level-two certification authority comprising the operating environment of the level-two certification authority.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for facilitating electronic commerce by securely providing certificate-related and other services including certificate validation and warranty is disclosed. In a preferred embodiment, these services are provided within the context of a four-corner trust model. The four-corner model comprises a buyer, or subscribing customer, and a seller, or relying customer, who engage in an on-line transaction. The buyer is a customer of a first financial institution, or issuing participant. The issuing participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the issuing participant. The seller is a customer of a second financial institution, or relying participant. The relying participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the relying participant. The system also includes a root certificate authority that operates a certificate authority that issues digital certificates to the issuing and relying participants. At the time of a transaction, the buyer creates a hash of the transaction data, signs the hash, and transmits the transaction data, the signature, and its digital certificate to the seller. The seller may then request system services via a connection with its financial institution, the relying participant. The system services may include a certificate status check service and a warranty service. The certificate status check service allows the relying customer to validate the subscribing customer'"'"'s certificate. The warranty service allows the relying customer to receive a collateral-backed warranty that the subscribing customer'"'"'s certificate is valid. Each participant and the root entity is provided with a transaction coordinator for combining services and operations into a single transaction having the qualities of atomicity, consistency, isolation, and durability. The transaction coordinator provides a single consistent interface for certificate-status messages and requests, as well as messages and requests relating to other services.

Citations

21 Claims

1. A system for providing one or more services via a network, comprising:
- a root entity, the root entity operating a root entity certification authority, the root entity maintaining a root entity configuration baseline for the root entity certification authority, the root entity configuration baseline comprising the operating environment of the root entity certification authority;
  
  at least one level-one participant, the level-one participant operating a level-one certification authority, the level-one participant maintaining a configuration baseline for the level-one certification authority, the configuration baseline for the level-one certification authority comprising the operating environment of the level-one certification authority;
  
  at least one level-two participant, the level-two participant operating a level-two certification authority, the level-two participant maintaining a configuration baseline for the level-two certification authority, the configuration baseline for the level-two certification authority comprising the operating environment of the level-two certification authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the configuration baseline of each entity'"'"'s certification authority is recorded on a form.
  - 3. The system of claim 1, wherein a copy of each entity'"'"'s configuration baseline is maintained by the root entity.
  - 4. The system of claim 1, further comprising a configuration manager, the configuration manager being an officer of the root entity, the configuration manager further having primary responsibility for configuration management within the system.
  - 5. The system of claim 1, wherein each certification authority comprises a technical operations staff, the technical operations staff having primary responsibility for maintaining record of an entity certification authority'"'"'s configuration.
  - 6. The system of claim 1, wherein the configuration baseline for each entity'"'"'s certification authority is maintained at the same physical location of the entity'"'"'s certification authority.
  - 7. The system of claim 1, wherein the configuration baseline for each entity'"'"'s certification authority is maintained at a secure location outside the physical location of the entity'"'"'s certification authority.
  - 8. The system of claim 1, wherein the configuration baseline for each entity'"'"'s certification authority is maintained at an offsite location.
  - 9. The system of claim 1, wherein changes to the configuration baseline of an entity'"'"'s certification authority are made to address a system requirement.
  - 10. The system of claim 1, wherein an affected party is notified of a change to the configuration baseline of an entity'"'"'s certification authority.
  - 11. The system of claim 1, wherein a change to the configuration baseline of an entity'"'"'s certification authority takes into account configuration change criteria imposed by government bodies.
  - 12. The system of claim 1, wherein a change to the configuration baseline of an entity'"'"'s certification authority takes into account configuration change criteria imposed by standards-setting bodies.
  - 14. The system of claim 13, wherein the online certificate status protocol responder sends a revoked response regarding a checked certificate, the revoked response indicating that the certificate, or a certificate in a certificate chain of the certificate, has been revoked prior to a particular time.
  - 15. The system of claim 14, wherein the issuing participant does not accept liability for documents that have been signed after the particular time using a private key corresponding to the checked certificate.
  - 16. The system of claim 13, wherein the online certificate status protocol responder sends a good response regarding a checked certificate, the good response indicating that the certificate and every other certificate in the certificate chain of the certificate is in good standing at a particular time.
  - 17. The system of claim 16, wherein the issuing participant accepts liability for documents that have been signed prior to the particular time using a private key corresponding to the checked certificate.
  - 18. The system of claim 13, wherein the online certificate status protocol responder sends an unknown response regarding a certificate, the unknown response indicating that the certificate, or a certificate in the certificate chain of the certificate, is not known to be in good standing at a particular time.
  - 19. The system of claim 18, wherein the issuing participant does not accept liability for documents that have been signed prior to the particular time using a private key corresponding to the checked certificate.
  - 20. The system of claim 13, wherein the online certificate status protocol responder stores its private keys in a hardware security module.
  - 21. The system of claim 13, wherein the online certificate status protocol responder meets a set of minimum security requirements established by the root entity.

13. A system for providing a certificate status check service via a network comprising a plurality of entities including at least one root entity, at least one issuing participant, and at least one relying participant, each entity comprising:
- a transaction coordinator;
  
  an online certificate status protocol responder, the online certificate status protocol responder checking status of a certificate, the online certificate status protocol responder receiving online certificate status requests from the transaction coordinator, the online certificate status protocol responder sending online certificate status responses to the transaction coordinator; and
  
  at least one hardware security module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IdenTrust, Inc. (Assa Abloy AB), Bank of America Corp.
Original Assignee
IdenTrust, Inc. (Assa Abloy AB)
Inventors
Stirland, Mark, Solo, David, Dulin, Charles, Hicks, Mack, Nepomuceno, Larry

Application Number

US09/950,440
Publication Number

US 20020029200A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/3674   involving authentication

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3829   involving key management

G06Q 2220/00   Business processing using c...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 9/3265   using certificate chains, t...

System and method for providing certificate validation and other services

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing certificate validation and other services

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links