Internet authentication with multiple independent certificate authorities
First Claim
Patent Images
1. A computer authentication protocol, comprising:
- sending at least one certificate payload from a transmitting computer to a receiving computer, the certificate payload including at least two certificates each being generated by a respective certificate authority (CA), the certificate authorities being independent of each other such that no trust relationship exists between the CA.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for authentication to support secure data transfer includes a protocol wherein a certificate payload, an ID payload, and a signature payload all respectively contain at least two certificates, IDs, and signatures, concatenated together. The certificates are generated by different certificate authorities (CA) that have no trust relationship with each other. One certificate can be granted to a person and another to a particular host computer intended to be used by the person, so that for secure data transfer to take place, both a certified user and a certified host computer must be involved.
-
Citations
18 Claims
-
1. A computer authentication protocol, comprising:
sending at least one certificate payload from a transmitting computer to a receiving computer, the certificate payload including at least two certificates each being generated by a respective certificate authority (CA), the certificate authorities being independent of each other such that no trust relationship exists between the CA. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computer program device, comprising:
-
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for combining a first entity identification (ID) with a second entity ID to render an ID payload; and
logic means for sending the ID payload to a computer along with at least one certificate payload. - View Dependent Claims (8, 9)
-
-
10. A computer program device, comprising:
a computer program storage device including a program of instructions usable by a computer, comprising;
logic means for generating a signature payload by concatenating at least two signatures of respective entities; and
logic means for sending the signature payload to a computer along with at least one certificate payload. - View Dependent Claims (11, 12, 14, 15, 16, 17, 18)
-
13. A computer system for secure network authentication, comprising:
-
at least one host certificate authority (CA) generating a host authentication certificate for at least one host computer; and
at least one user CA generating a user authentication certificate for at least one user, wherein the certificates can be combined into a certificate payload during an authentication process, the host CA not being in a trust relationship with the user CA and vice-versa.
-
Specification