Method and apparatus for delegating digital signatures to a signature server

US 20020078355A1
Filed: 12/15/2000
Published: 06/20/2002
Est. Priority Date: 12/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating the delegation of operations involved in providing digital signatures to a signature server, the method comprising:

receiving a request for a digital signature from a user at the signature server, the request including an item to be signed on behalf of the user by the signature server;

looking up a private key for the user at the signature server;

signing the item with the private key for the user; and

returning the signed item to the user so that the user can send the signed item to a recipient.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates delegating operations involved in providing digital signatures to a signature server. The system operates by receiving a request for a digital signature from a user at the signature server, wherein the request includes an item to be signed on behalf of the user by the signature server. In response to the request, the system looks up a private key for the user at the signature server, and signs the item with the private key. Next, the system returns the signed item to the user, so that the user can send the signed item to the recipient. In one embodiment of the present invention, the system authenticates the user prior to signing the item. In one embodiment of the present invention, the system determines whether the user is authorized to sign the item prior to signing the item.

Citations

33 Claims

1. A method for facilitating the delegation of operations involved in providing digital signatures to a signature server, the method comprising:
- receiving a request for a digital signature from a user at the signature server, the request including an item to be signed on behalf of the user by the signature server;
  
  looking up a private key for the user at the signature server;
  
  signing the item with the private key for the user; and
  
  returning the signed item to the user so that the user can send the signed item to a recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. The method of claim 1, wherein prior to signing the item, the method further comprises authenticating the user.
  - 3. The method of claim 2, wherein prior to signing the item, the method further comprises determining whether the user is authorized to sign the item.
  - 4. The method of claim 3, wherein determining whether the user is authorized to sign the item involves looking up an authorization for the user based upon an identifier for the user as well as an identifier for an application to which the user will send the signed item.
  - 5. The method of claim 3, wherein determining whether the user is authorized to sign the item involves communicating with an authority server that is separate from the signature server.
  - 6. The method of claim 1, further comprising allowing the user to authenticate the signature server prior to sending the request to the signature server.
  - 7. The method of claim 1, further comprising facilitating encryption of communications between the user and the signature server.
  - 8. The method of claim 1, wherein the method further comprises configuring the signature server to accommodate a new user by:
    - receiving a request from an authorized entity to add the new user;
      
      generating a key pair for the new user, including a new user private key and a new user public key;
      
      communicating with a certification authority to obtain a certificate for the new user based on the key pair; and
      
      storing the certificate and the key pair for the new user in a location that is accessible by the signature server to enable the signature server to sign items on behalf of the new user.
  - 9. The method of claim 1, wherein the method further comprises configuring the signature server to delete an old user by:
    - receiving a request from an authorized entity to delete the old user;
      
      notifying a certification authority to revoke a certificate for the old user; and
      
      removing the private key for the old user from the signature server, so that the signature server can no longer sign items on behalf of the old user.
  - 10. The method of claim 1, wherein the method further comprises archiving the request and the signed item at the signature server.
  - 11. The method of claim 1, wherein the method further comprises forwarding the signed item to an archive server in order to be archived.
  - 13. The computer-readable storage medium of claim 12, wherein prior to signing the item, the method further comprises authenticating the user.
  - 14. The computer-readable storage medium of claim 13, wherein prior to signing the item, the method further comprises determining whether the user is authorized to sign the item.
  - 15. The computer-readable storage medium of claim 14, wherein determining whether the user is authorized to sign the item involves looking up an authorization for the user based upon an identifier for the user as well as an identifier for an application to which the user will send the signed item.
  - 16. The computer-readable storage medium of claim 14, wherein determining whether the user is authorized to sign the item involves communicating with an authority server that is separate from the signature server.
  - 17. The computer-readable storage medium of claim 12, wherein the method further comprises allowing the user to authenticate the signature server prior to sending the request to the signature server.
  - 18. The computer-readable storage medium of claim 12, wherein the method further comprises facilitating encryption of communications between the user and the signature server.
  - 19. The computer-readable storage medium of claim 12, wherein the method further comprises configuring the signature server to accommodate a new user by:
    - receiving a request from an authorized entity to add the new user;
      
      generating a key pair for the new user, including a new user private key and a new user public key;
      
      communicating with a certification authority to obtain a certificate for the new user based on the key pair; and
      
      storing the certificate and the key pair for the new user in a location that is accessible by the signature server to enable the signature server to sign items on behalf of the new user.
  - 20. The computer-readable storage medium of claim 12, wherein the method further comprises configuring the signature server to delete an old user by:
    - receiving a request from an authorized entity to delete the old user;
      
      notifying a certification authority to revoke a certificate for the old user; and
      
      removing the private key for the old user from the signature server, so that the signature server can no longer sign items on behalf of the old user.
  - 21. The computer-readable storage medium of claim 12, wherein the method further comprises archiving the request and the signed item at the signature server.
  - 22. The computer-readable storage medium of claim 12, wherein the method further comprises forwarding the signed item to an archive server in order to be archived.
  - 24. The apparatus of claim 23, further comprising an authentication mechanism that is configured to authenticate the user prior to signing the item.
  - 25. The apparatus of claim 24, further comprising an authorization mechanism that is configured to determine whether the user is authorized to sign the item prior to signing the item.
  - 26. The apparatus of claim 25, wherein the authorization mechanism is configured to determine whether the user is authorized to sign the item by looking up an authorization for the user based upon an identifier for the user as well as an identifier for an application to which the user will send the signed item.
  - 27. The apparatus of claim 25, wherein the authorization mechanism is configured to determine whether the user is authorized to sign the item by communicating with an authority server that is separate from the signature server.
  - 28. The apparatus of claim 23, further comprising an authentication mechanism that is configured to allow the user to authenticate the signature server prior to sending the request to the signature server.
  - 29. The apparatus of claim 23, further comprising an encryption mechanism that is configured to facilitate encryption of communications between the user and the signature server.
  - 30. The apparatus of claim 23, further comprising an initialization mechanism that is configured to:
    - receive a request from an authorized entity to add a new user;
      
      generate a key pair for the new user, including a new user private key and a new user public key;
      
      communicate with a certification authority to obtain a certificate for the new user based on the key pair; and
      
      to store the certificate and the key pair for the new user in a location that is accessible by the signature server to enable the signature server to sign items on behalf of the new user.
  - 31. The apparatus of claim 23, further comprising a deletion mechanism that is configured to:
    - receive a request from an authorized entity to delete an old user;
      
      notify a certification authority to revoke a certificate for the old user; and
      
      to remove the private key for the old user from the signature server, so that the signature server can no longer sign items on behalf of the old user.
  - 32. The apparatus of claim 23, further comprising an archiving mechanism that is configured to archive the request and the signed item at the signature server.
  - 33. The apparatus of claim 23, further comprising an archiving mechanism that is configured to forward the signed item to an archive server in order to be archived.

12. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating the delegation of operations involved in providing digital signatures to a signature server, the method comprising:
- receiving a request for a digital signature from a user at the signature server, the request including an item to be signed on behalf of the user by the signature server;
  
  looking up a private key for the user at the signature server;
  
  signing the item with the private key for the user; and
  
  returning the signed item to the user so that the user can send the signed item to a recipient.

23. An apparatus that facilitates delegating operations involved in providing digital signatures, comprising:
- a signature server;
  
  a receiving mechanism within the signature server that is configured to receive a request for a digital signature from a user, the request including an item to be signed on behalf of the user by the signature server;
  
  a lookup mechanism within the signature server that is configured to look up a private key for the user;
  
  a signing mechanism within the signature server that is configured to sign the item with the private key for the user; and
  
  a sending mechanism within the signature server that is configured to return the signed item to the user so that the user can send the signed item to a recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Samar, Vipin

Granted Patent

US 7,210,037 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 21/645 using a third party

Method and apparatus for delegating digital signatures to a signature server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for delegating digital signatures to a signature server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links