Secure certificate and system and method for issuing and using same
First Claim
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure certificate issuing by an Issuer to a Client requesting the certificate, the program module including instructions for;
A. extracting, by a certificate requesting client, a network address for the Issuer from a trusted source or storage means;
B. extracting, by the client, a Resource Tag related to its own Subject Name from a message that was received from a Server;
C. extracting, by the client, a public and private key and certificate chain from a trusted source;
D. using the extracted information to create a secure session with the Issuer that authenticates the issuer using the same protocol;
E. sending, by the client, as the client'"'"'s first Data message after any session setup messages, a data structure that has a common header with fields for Type, Version and Content-Length, and contents that include the Resource Tag, the Client'"'"'s Subject Name, and optionally one or more public keys that the Client has generated;
F. verifying, by the certificate issuer, that a valid Server issued the Resource Tag and that the Resource Tag is valid for the given received Subject Name;
G. creating, by the issuer, a Compact Certificate with one or more public keys and with the Client'"'"'s Subject Name;
H. digitally signing, by the issuer, the certificate with the Issuer'"'"'s private key; and
I. sending, by the certificate issuer, a message back to the Client over the secure channel, where the message includes the Compact Certificate and if the Issuer generated the public key(s), the message includes the matching private key(s).
1 Assignment
0 Petitions
Accused Products
Abstract
System, method, signal, operating model, and computer program for electronic messaging. Systems and method for providing security for communication of electronic messages, interactive sessions, software downloads, software upgrades, and other content from a source to a receiving device as well as signals used for such communications. Systems, methods, signals, device architectures, data formats, and computer program structures for providing authentication, integrity, confidentiality, non-repudiation, replay protection, and other security properties while minimizing the network bandwidth, computational resources, and manual user interactions required to install, enable, deploy and utilize these security properties. System, device, method, computer program, and computer program product for searching and selecting data and control elements in message procedural/data sets for automatic and complete portrayal of message to maintain message intent. System, device, method, computer program, and computer program product for adapting content for sensory and physically challenged persons using embedded semantic elements in a procedurally based message file.
-
Citations
26 Claims
-
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure certificate issuing by an Issuer to a Client requesting the certificate, the program module including instructions for;
A. extracting, by a certificate requesting client, a network address for the Issuer from a trusted source or storage means;
B. extracting, by the client, a Resource Tag related to its own Subject Name from a message that was received from a Server;
C. extracting, by the client, a public and private key and certificate chain from a trusted source;
D. using the extracted information to create a secure session with the Issuer that authenticates the issuer using the same protocol;
E. sending, by the client, as the client'"'"'s first Data message after any session setup messages, a data structure that has a common header with fields for Type, Version and Content-Length, and contents that include the Resource Tag, the Client'"'"'s Subject Name, and optionally one or more public keys that the Client has generated;
F. verifying, by the certificate issuer, that a valid Server issued the Resource Tag and that the Resource Tag is valid for the given received Subject Name;
G. creating, by the issuer, a Compact Certificate with one or more public keys and with the Client'"'"'s Subject Name;
H. digitally signing, by the issuer, the certificate with the Issuer'"'"'s private key; and
I. sending, by the certificate issuer, a message back to the Client over the secure channel, where the message includes the Compact Certificate and if the Issuer generated the public key(s), the message includes the matching private key(s).
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for secure certificate issuing by an Issuer to a Client requesting the certificate, the program module including instructions for;
-
2. A hardware architecture neutral and operating system neutral and network transport neutral method for secure certificate issuing by an Issuer to a Client requesting the certificate using less software code and network bandwidth than conventional systems, said method comprising the steps of:
-
A. extracting, by a certificate requesting client, a network address for the Issuer from a trusted source or storage means;
B. extracting, by the client, a Resource Tag related to its own Subject Name from a message that was received from a Server;
C. extracting, by the client, a public and private key and certificate chain from a trusted source;
D. using the extracted information to create a secure session with the Issuer that authenticates the issuer using the same protocol;
E. sending, by the client, as the client'"'"'s first Data message after any session setup messages, a data structure that has a common header with fields for Type, Version and Content-Length, and contents that include the Resource Tag, the Client'"'"'s Subject Name, and optionally one or more public keys that the Client has generated;
F. verifying, by the certificate issuer, that a valid Server issued the Resource Tag and that the Resource Tag is valid for the given received Subject Name;
G. creating, by the issuer, a Compact Certificate with one or more public keys and with the Client'"'"'s Subject Name;
H. digitally signing, by the issuer, the certificate with the Issuer'"'"'s private key; and
I. sending, by the certificate issuer, a message back to the Client over the secure channel, where the message includes the Compact Certificate and if the Issuer generated the public key(s), the message includes the matching private key(s). - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
16. A method for secure certificate issuing by an issuer to an entity requesting the certificate, said method comprising:
-
extracting, by the entity, a network address for the certificate issuer from a trusted source;
extracting, by the entity, information including a resource tag related to its own subject name from a message that was received from a server, and a public key and a private key and certificate chain from a trusted source;
using, by the entity, the extracted information to create a secure session with the issuer that authenticates the issuer; and
sending, by the entity, as a component of the entity'"'"'s first data message after any session setup messages, a data structure that includes the resource tag and subject name.
-
Specification