Internet authentication with multiple independent certificate authorities

US 20020184491A1
Filed: 06/01/2001
Published: 12/05/2002
Est. Priority Date: 06/01/2001
Status: Active Grant

First Claim

Patent Images

1. A computer authentication protocol, comprising:

sending at least one certificate payload from a transmitting computer to a receiving computer, the certificate payload including at least two certificates each being generated by a respective certificate authority (CA), the certificate authorities being independent of each other such that no trust relationship exists between the CA.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authentication to support secure data transfer includes a protocol wherein a certificate payload, an ID payload, and a signature payload all respectively contain at least two certificates, IDs, and signatures, concatenated together. The certificates are generated by different certificate authorities (CA) that have no trust relationship with each other. One certificate can be granted to a person and another to a particular host computer intended to be used by the person, so that for secure data transfer to take place, both a certified user and a certified host computer must be involved.

Citations

18 Claims

1. A computer authentication protocol, comprising:
- sending at least one certificate payload from a transmitting computer to a receiving computer, the certificate payload including at least two certificates each being generated by a respective certificate authority (CA), the certificate authorities being independent of each other such that no trust relationship exists between the CA.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The protocol of claim 1, wherein the certificates are concatenated together.
  - 3. The protocol of claim 2, wherein at least one certificate is associated with a person and one certificate is associated with a host computer.
  - 4. The protocol of claim 1, further comprising sending at least one identification (ID) payload between the computers, the ID payload being generated by combining the IDs of at least two entities.
  - 5. The protocol of claim 4, further comprising sending at least one signature payload between the computers, the signature payload being generated by concatenating the signatures of at least two entities.
  - 6. The protocol of claim 4, wherein each signature is formed by applying a pseudorandom function (PRF) to at least the associated ID to render a result, and then encrypting the result with a private key associated with the entity represented by the ID.

7. A computer program device, comprising:
- a computer program storage device including a program of instructions usable by a computer, comprising;
  
  logic means for combining a first entity identification (ID) with a second entity ID to render an ID payload; and
  
  logic means for sending the ID payload to a computer along with at least one certificate payload.
- View Dependent Claims (8, 9)
- - 8. The computer program device of claim 7, further comprising:
    - logic means for generating a signature payload by concatenating at least two signatures of respective entities.
  - 9. The computer program device of claim 8, wherein the means for generating a signature payload applies a pseudorandom function (PRF) to at least an ID associated with an entity to render a result, and then encrypting the result with a private key associated with the entity represented by the respective ID.

10. A computer program device, comprising:
- a computer program storage device including a program of instructions usable by a computer, comprising;
  
  logic means for generating a signature payload by concatenating at least two signatures of respective entities; and
  
  logic means for sending the signature payload to a computer along with at least one certificate payload.
- View Dependent Claims (11, 12, 14, 15, 16, 17, 18)
- - 11. The computer program device of claim 10, wherein the means for generating a signature payload applies a pseudorandom function (PRF) to at least an ID associated with an entity to render a result, and then encrypting the result with a private key associated with the entity represented by the respective ID.
  - 12. The computer program device of claim 11, further comprising:
    - logic means for combining a first entity ID with a second entity ID to render an ID payload; and
      
      logic means for sending the ID payload to a computer along with at least one certificate payload.
  - 14. The system of claim 13, wherein the certificates are concatenated together to establish a certificate payload.
  - 15. The system of claim 14, wherein at least one certificate is associated with a person and one certificate is associated with a host computer.
  - 16. The system of claim 13, wherein the system sends at least one identification (ID) payload between the computers, the ID payload being generated by combining the IDs of at least two entities.
  - 17. The system of claim 16, wherein the system sends at least one signature payload between the computers, the signature payload being generated by concatenating the signatures of at least two entities.
  - 18. The system of claim 17, wherein each signature is formed by applying a pseudorandom function (PRF) to at least the associated ID to render a result, and then encrypting the result with a private key associated with the entity represented by the ID.

13. A computer system for secure network authentication, comprising:
- at least one host certificate authority (CA) generating a host authentication certificate for at least one host computer; and
  
  at least one user CA generating a user authentication certificate for at least one user, wherein the certificates can be combined into a certificate payload during an authentication process, the host CA not being in a trust relationship with the user CA and vice-versa.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Varga, Michael David, Irish, John, Morgan, Stephen Paul, Pittelli, Frank Michael

Granted Patent

US 7,096,362 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Internet authentication with multiple independent certificate authorities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Internet authentication with multiple independent certificate authorities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links