Method and system for facilitating public key credentials acquisition

US 20020144109A1
Filed: 03/29/2001
Published: 10/03/2002
Est. Priority Date: 03/29/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for acquiring public-key infrastructure (PKI) credentials for a user, the method comprising:

generating a pre-registration record for the user;

sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;

generating at the client a cryptographic key pair comprising a user private key and a user public key;

sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and

receiving the PKI credentials at the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A methodology is presented for securely acquiring and managing PKI credentials using an enterprise'"'"'s pre-existing information technology. A management application places user information from a directory into a pre-registration record, which is sent to the user as an e-mail attachment. When the user views the e-mail message through a browser-type application that has built-in key generation and digital certificate management, the user may be prompted for additional information, such as passwords. The browser-type application then generates a public/private key pair and stores the private key in a secure local keystore while also securely sending the public key, authentication data, and pre-registration record to a registration/certificate authority. A public key certificate and an attribute certificate are then issued for the user, copies of which are published into the directory and returned to the user for storing within the user'"'"'s secure local keystore. The certificates may then be used in typical manners.

167 Citations

30 Claims

1. A method for acquiring public-key infrastructure (PKI) credentials for a user, the method comprising:
- generating a pre-registration record for the user;
  
  sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
  
  generating at the client a cryptographic key pair comprising a user private key and a user public key;
  
  sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
  
  receiving the PKI credentials at the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
    - retrieving user information from a directory; and
      
      storing the user information into the pre-registration record.
  - 3. The method of claim 1 further comprising:
    - viewing the e-mail message within a browser, wherein the browser generates the cryptographic key pair; and
      
      storing the user private key in a secure local keystore at the client by the browser.
  - 4. The method of claim 1 wherein the e-mail message is formatted according to an Secure/Multipurpose Internet Mail Extensions (S/MIME) standard.
  - 5. The method of claim 1 further comprising:
    - prompting the user for user authentication data to be included in an attribute certificate; and
      
      storing the user authentication data in the PKI credential request.
  - 6. The method of claim 1 further comprising:
    - retrieving a Uniform Resource Identifier (URI) from the e-mail message; and
      
      posting the public key certificate request to the certificate issuing authority using the URI.
  - 7. The method of claim 1 further comprising:
    - storing the PKI credentials in a secure local keystore at the client.
  - 8. The method of claim 1 wherein the PKI credentials comprise a public key certificate for the user and an attribute certificate for the user.
  - 9. The method of claim 1 further comprising:
    - publishing the PKI credentials in a directory.
  - 10. The method of claim 1 wherein the PKI credentials are formatted according to an X.509 standard.

11. An apparatus for acquiring public-key infrastructure (PKI) credentials for a user, the apparatus comprising:
- means for generating a pre-registration record for the user;
  
  means for sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
  
  means for generating at the client a cryptographic key pair comprising a user private key and a user public key;
  
  means for sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
  
  means for receiving the PKI credentials at the client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11 further comprising:
    - means for retrieving user information from a directory; and
      
      means for storing the user information into the pre-registration record.
  - 13. The apparatus of claim 11 further comprising:
    - means for viewing the e-mail message within a browser, wherein the browser generates the cryptographic key pair; and
      
      means for storing the user private key in a secure local keystore at the client by the browser.
  - 14. The apparatus of claim 11 wherein the e-mail message is formatted according to an Secure/Multipurpose Internet Mail Extensions (S/MIME) standard.
  - 15. The apparatus of claim 11 further comprising:
    - means for prompting the user for user authentication data to be included in an attribute certificate; and
      
      means for storing the user authentication data in the PKI credential request.
  - 16. The apparatus of claim 11 further comprising:
    - means for retrieving a Uniform Resource Identifier (URI) from the e-mail message; and
      
      means for posting the public key certificate request to the certificate issuing authority using the URI.
  - 17. The apparatus of claim 11 further comprising:
    - means for storing the PKI credentials in a secure local keystore at the client.
  - 18. The apparatus of claim 11 wherein the PKI credentials comprise a public key certificate for the user and an attribute certificate for the user.
  - 19. The apparatus of claim 11 further comprising:
    - means for publishing the PKI credentials in a directory.
  - 20. The apparatus of claim 11 wherein the PKI credentials are formatted according to an X.509 standard.

21. A computer program product in a computer-readable medium for use in a data processing system for acquiring public-key infrastructure (PKI) credentials for a user, the computer program product comprising:
- instructions for generating a pre-registration record for the user;
  
  instructions for sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
  
  instructions for generating at the client a cryptographic key pair comprising a user private key and a user public key;
  
  instructions for sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
  
  instructions for receiving the PKI credentials at the client.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The computer program product of claim 21 further comprising:
    - instructions for retrieving user information from a directory; and
      
      instructions for storing the user information into the pre-registration record.
  - 23. The computer program product of claim 21 further comprising:
    - instructions for viewing the e-mail message within a browser, wherein the browser generates the cryptographic key pair; and
      
      instructions for storing the user private key in a secure local keystore at the client by the browser.
  - 24. The computer program product of claim 21 wherein the e-mail message is formatted according to an Secure/Multipurpose Internet Mail Extensions (S/MIME) standard.
  - 25. The computer program product of claim 21 further comprising:
    - instructions for prompting the user for user authentication data to be included in an attribute certificate; and
      
      instructions for storing the user authentication data in the PKI credential request.
  - 26. The computer program product of claim 21 further comprising:
    - instructions for retrieving a Uniform Resource Identifier (URI) from the e-mail message; and
      
      instructions for posting the public key certificate request to the certificate issuing authority using the URI.
  - 27. The computer program product of claim 21 further comprising:
    - instructions for storing the PKI credentials in a secure local keystore at the client.
  - 28. The computer program product of claim 21 wherein the PKI credentials comprise a public key certificate for the user and an attribute certificate for the user.
  - 29. The computer program product of claim 21 further comprising:
    - instructions for publishing the PKI credentials in a directory.
  - 30. The computer program product of claim 21 wherein the PKI credentials are formatted according to an X.509 standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nadalin, Anthony Joseph, Benantar, Messaoud

Application Number

US09/821,081
Publication Number

US 20020144109A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/126   the source of the received ...

H04L 9/006   involving public key infras...

H04L 9/3263   involving certificates, e.g...

Method and system for facilitating public key credentials acquisition

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

167 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for facilitating public key credentials acquisition

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links