Method and system for revocation of certificates used to certify public key users

US 20020056050A1
Filed: 12/21/2001
Published: 05/09/2002
Est. Priority Date: 10/27/2000
Status: Active Grant

First Claim

Patent Images

1. A method for revoking certificates, the method comprising the steps of:

a) selecting a class of certificates for review, each of said certificates including identifying information and a phone number for its owner;

b) choosing a next certificate from said class for review;

c) accessing a reverse telephone book database to determine if said next certificate'"'"'s identifying information is still correct; and

if not d) adding said next certificate to a list of revoked certificates; and

e) if more certificates in said group remain to be reviewed, returning to step b.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for creating, reviewing and revoking, if necessary, a certificate for a client of a service provider of a communications network, wherein the client has a client private key and a client public key. The method includes the steps of establishing a communications link with the service provider through a dedicated communication channel; requesting a client certificate from the service provider; obtaining a caller-ID, including a telephone number from an operator of the dedicated communication channel; and creating the requested client certificate including the caller-ID. Preferably, the method also includes the step of verifying that the caller-ID obtained from the operator of the dedicated communication channel is the same as client identifying information provided by the client when requesting the client certificate. The certificate can be stored at a caller ID server or a client'"'"'s storage. The method includes the steps of periodically reviewing issued certificates against a reverse telephone book to determine if the included telephone number is still associated with the client and revoking the certificate if it is not.

Citations

23 Claims

1. A method for revoking certificates, the method comprising the steps of:
- a) selecting a class of certificates for review, each of said certificates including identifying information and a phone number for its owner;
  
  b) choosing a next certificate from said class for review;
  
  c) accessing a reverse telephone book database to determine if said next certificate'"'"'s identifying information is still correct; and
  
  if not d) adding said next certificate to a list of revoked certificates; and
  
  e) if more certificates in said group remain to be reviewed, returning to step b.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as described in claim 1 where said identifying information includes an address, and including the further steps of accessing an address database to further verify that said next certificate'"'"'s address is still correct and, if not, adding said certificate to said list of revoked certificates.
  - 3. A method as described in claim 2 where a plurality of reverse telephone book databases or a plurality of address databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.
  - 4. A method as described in claim 1 where said class is selected on a periodic basis.
  - 5. A method as described in claim 1 where said class is selected on a geographic basis.
  - 6. A method as described in claim 1 where said class is selected on a basis of certificate usage.
  - 7. A method as described in claim 1 where a plurality of reverse telephone book databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.

8. A method for creating and revoking certificates, said method comprising the steps of:
- a) receiving a request for a certificate on a dedicated communications channel;
  
  b) requesting caller identifying information for said request from an operator of said dedicated channel;
  
  c) creating said requested certificate using said caller identifying information, said certificate including at least an owner'"'"'s phone number determined from said identifying information; and
  
  thereafter d) selecting a group of certificates previously created in steps a through c for review;
  
  e) choosing a next certificate from said group for review;
  
  f) accessing a reverse telephone book database to determine if said next certificate'"'"'s identifying information and phone number are still correct; and
  
  if not g) adding said next certificate to a list of revoked certificates; and
  
  k) if more certificates in said group remain to be reviewed, returning to step e.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22)
- - 9. A method as described in claim 8 where said identifying information includes an address for its owner, and including the further steps of accessing an address database to further verify that said next certificate'"'"'s address is still correct and, if not, adding said certificate to said list of revoked certificates.
  - 10. A method as described in claim 9 where a plurality of reverse directories or a plurality of address databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.
  - 11. A method as described in claim 8 where said class is selected on a periodic basis.
  - 12. A method as described in claim 8 where said class is selected on a geographic basis.
  - 13. A method as described in claim 8 where said class is selected on a basis of certificate usage.
  - 14. A method as described in claim 8 where a plurality of reverse telephone book databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.
  - 16. A server as described in claim 15 where said identifying information includes, and said server is further programmed to access an address database to further verify that said next certificate'"'"'s address is still correct and, if not, add said certificate to said list of revoked certificates.
  - 17. A server as described in claim 16 where a plurality of reverse directories or a plurality of address databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.
  - 18. A server as described in claim 15 where said class is selected on a periodic basis.
  - 19. A server as described in claim 15 where said class is selected on a geographic basis.
  - 20. A server as described in claim 15 where said class is selected on a basis of certificate usage.
  - 21. A server as described in claim 15 where a plurality of reverse telephone book databases are accessed and a predetermined scoring algorithm is used to determine if said certificate is added to said list of revoked certificates.
  - 22. A server as described in claim 15 said data server being further programmed to:
    - a) receive a request for a certificate on a dedicated communications channel;
      
      b) request caller identifying information for said request from an operator of said dedicated channel;
      
      c) create said requested certificate using said caller identifying information, said certificate including at least an owner'"'"'s phone number determined from said caller identifying information.

15. A programmable server for reviewing and revoking certificates, said server being programmed to:
- b1) select a class of certificates for review, each of said certificates including identifying information and a phone number for its owner;
  
  b2) access a certificate database to choose a next certificate from said class for review;
  
  b3) access a reverse telephone database to determine if said next certificate'"'"'s identifying information is still correct; and
  
  if not b4) add said next certificate to a list of revoked certificates; and
  
  d5) if more certificates in said group remain to be reviewed, return to step b.

23. A method for creating and revoking certificates, said method comprising the steps of:
- a) receiving a request for a certificate on a dedicated communications channel;
  
  b) requesting caller identifying information for said request from an operator of said dedicated channel;
  
  c) creating said requested certificate using said caller identifying information, said certificate including at least an owner'"'"'s phone number determined from said identifying information;
  
  d) determining if a corresponding certificate exists; and
  
  if so e) adding said corresponding certificate to a list of revoked certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pitney Bowes Incorporated (Böwe Systec AG)
Original Assignee
Pitney Bowes Incorporated (Böwe Systec AG)
Inventors
Heiden, Richard W., Weiant, Monroe A. Jr.

Granted Patent

US 6,792,531 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/367   involving electronic purses...

G06Q 20/3821   Electronic credentials

H04L 63/0823   using certificates cryptogr...

Method and system for revocation of certificates used to certify public key users

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for revocation of certificates used to certify public key users

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links