Method and system for facilitating public key credentials acquisition
First Claim
1. A method for acquiring public-key infrastructure (PKI) credentials for a user, the method comprising:
- generating a pre-registration record for the user;
sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
generating at the client a cryptographic key pair comprising a user private key and a user public key;
sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
receiving the PKI credentials at the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A methodology is presented for securely acquiring and managing PKI credentials using an enterprise'"'"'s pre-existing information technology. A management application places user information from a directory into a pre-registration record, which is sent to the user as an e-mail attachment. When the user views the e-mail message through a browser-type application that has built-in key generation and digital certificate management, the user may be prompted for additional information, such as passwords. The browser-type application then generates a public/private key pair and stores the private key in a secure local keystore while also securely sending the public key, authentication data, and pre-registration record to a registration/certificate authority. A public key certificate and an attribute certificate are then issued for the user, copies of which are published into the directory and returned to the user for storing within the user'"'"'s secure local keystore. The certificates may then be used in typical manners.
167 Citations
30 Claims
-
1. A method for acquiring public-key infrastructure (PKI) credentials for a user, the method comprising:
-
generating a pre-registration record for the user;
sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
generating at the client a cryptographic key pair comprising a user private key and a user public key;
sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
receiving the PKI credentials at the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for acquiring public-key infrastructure (PKI) credentials for a user, the apparatus comprising:
-
means for generating a pre-registration record for the user;
means for sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
means for generating at the client a cryptographic key pair comprising a user private key and a user public key;
means for sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
means for receiving the PKI credentials at the client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product in a computer-readable medium for use in a data processing system for acquiring public-key infrastructure (PKI) credentials for a user, the computer program product comprising:
-
instructions for generating a pre-registration record for the user;
instructions for sending the pre-registration record as an e-mail attachment in an e-mail message to the user at a client;
instructions for generating at the client a cryptographic key pair comprising a user private key and a user public key;
instructions for sending a PKI credential request for the PKI credentials to a certificate issuing authority, wherein the public key certificate request comprises the pre-registration record and the user public key; and
instructions for receiving the PKI credentials at the client. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification