Root certificate management system and method
First Claim
1. A method for validating a certificate comprising:
- maintaining a multi-subscriber root certificate store containing subscriber identification data for a plurality of subscribers and data representing a plurality of root certificates associated with each of the plurality of subscribers;
receiving data representing a first certificate to be validated;
receiving first user identification data in connection with a request to validate the first certificate for a first user; and
obtaining, based on the received first user identification data, those root certificates trusted by the first user from the multi-root certificate store.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for validating a certificate maintains a multi-subscriber root certificate store, containing subscriber identification data for a plurality of subscribers along with data representing a plurality of root certificates, such as an index to root certificates or the root certificates themselves, associated with each of the plurality of subscribers. In one example, a table is stored containing specified root CA certificates for a plurality of subscribers in a network such as stored by a network element in a wireless radiotelephone network, or any other suitable wireless network. Subscriber units do not have a root CA store that contains pre-stored root CA certificates. Accordingly, memory is saved in the subscriber units. In addition, a separate server that stores the multi-subscribers root certificate store preferably carries out certificate path validation on behalf of the mobile units so that the wireless mobile unit need not carry out certificate path construction. Instead, a wireless mobile unit simply sends a certificate to be validated along with its subscriber ID data identifying the mobile unit or application to the multi-subscriber root certificate store server and waits for a “yes” or “no” answer from the server to determine whether the certificate is valid.
-
Citations
26 Claims
-
1. A method for validating a certificate comprising:
-
maintaining a multi-subscriber root certificate store containing subscriber identification data for a plurality of subscribers and data representing a plurality of root certificates associated with each of the plurality of subscribers;
receiving data representing a first certificate to be validated;
receiving first user identification data in connection with a request to validate the first certificate for a first user; and
obtaining, based on the received first user identification data, those root certificates trusted by the first user from the multi-root certificate store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15, 16, 17, 18, 19)
-
-
13. A method for validating a certificate comprising:
-
sending, by a first wireless mobile unit, data representing a first certificate to be validated and unit identification data representing the first wireless mobile unit;
receiving, by the first wireless mobile unit, a trusted first certificate validation response indicating whether the first certificate is valid based on a multi-user root certificate store containing user identification data for a plurality of wireless mobile units and data representing a plurality of root certificates associated with each of the wireless mobile units; and
verifying, by the first wireless mobile unit, the trusted first certificate validation response indicating whether the first certificate is valid, without accessing a local root certificate store.
-
-
14. A method for validating a certificate comprising:
-
maintaining a multi-user root certificate store containing user identification data for a plurality of subscribers and data representing a plurality of root certificates associated with each of the plurality of subscribers;
sending, by a first user, a request to validate a first certificate that includes data representing the first certificate to be validated and user identification data for the fist user;
receiving the request to validate the first certificate containing the data representing the first certificate to be validated and the user identification data;
obtaining, based on the received first user identification data, those root certificates trusted by the first user from the multi-root certificate store; and
receiving, by the first user, a trusted first certificate validation response indicating whether the first certificate is valid based on the multi-user root certificate store containing user identification data for a plurality of subscriber and data representing a plurality of root certificates associated with each of the users; and
verifying, by the first user, the trusted first certificate validation response to determine whether the first certificate is valid, without accessing a local root certificate store.
-
-
20. A server comprising:
-
a central root certificate managing module; and
memory containing a multi-user root certificate store containing user identification data for a plurality of subscribers and data representing a plurality of root certificates associated with each of the plurality of subscribers;
wherein the central root certificate managing module maintains the multi-user root certificate store by at least responding to subscriber requests to change root CA entries. - View Dependent Claims (21, 22, 23, 25, 26)
-
-
24. A wireless mobile unit comprising:
-
a cryptographic engine operative to determine whether a received certificate is valid without referencing a local root certificate store; and
memory, operatively coupled to the cryptographic engine, containing at least data representing a verification key associated with a central root certificate managing unit.
-
Specification