System, Method and Structure for generating and using a compressed digital certificate
First Claim
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for representing a digital certificate, the program module including instructions for;
A. using a common data object header in substantially all communicated data including communicated certificates;
B. providing a plurality of public keys including a first public key and a second public key in a single certificate, each of said at least first and second public keys being associated with its own purpose;
C. providing a Tag Field that functions as a discriminator of different Certificates issued to the same Subject; and
D. representing a Subject Name and a Certificate Issuer Name in one fixed character set determined by the Version Field.
1 Assignment
0 Petitions
Accused Products
Abstract
System, method, signal, operating model, and computer program for electronic messaging. Systems and method for providing security for communication of electronic messages, interactive sessions, software downloads, software upgrades, and other content from a source to a receiving device as well as signals used for such communications. Systems, methods, signals, device architectures, data formats, and computer program structures for providing authentication, integrity, confidentiality, non-repudiation, replay protection, and other security properties while minimizing the network bandwidth, computational resources, and manual user interactions required to install, enable, deploy and utilize these security properties. System, device, method, computer program, and computer program product for searching and selecting data and control elements in message procedural/data sets for automatic and complete portrayal of message to maintain message intent. System, device, method, computer program, and computer program product for adapting content for sensory and physically challenged persons using embedded semantic elements in a procedurally based message file.
434 Citations
24 Claims
-
1. A computer program product for use in conjunction with a computer system having a server and a client, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism, comprising:
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for representing a digital certificate, the program module including instructions for;
A. using a common data object header in substantially all communicated data including communicated certificates;
B. providing a plurality of public keys including a first public key and a second public key in a single certificate, each of said at least first and second public keys being associated with its own purpose;
C. providing a Tag Field that functions as a discriminator of different Certificates issued to the same Subject; and
D. representing a Subject Name and a Certificate Issuer Name in one fixed character set determined by the Version Field.
- a program module that directs the computer system and/or components thereof including at least one or the client or server, to function in a specified manner to provide message communications, the message communications occurring in a computer system hardware architecture neutral and operating system neutral and network transport protocol neutral manner for representing a digital certificate, the program module including instructions for;
-
2. A hardware architecture neutral and operating system neutral and network transport neutral method for representing a digital certificate that enables at least encryption and digital signatures using substantially less storage and bandwidth than conventional digital certificates, said method comprising:
-
A. using a common data object header in substantially all communicated data including communicated certificates;
B. providing a plurality of public keys including a first public key and a second public key in a single certificate, each of said at least first and second public keys being associated with its own purpose;
C. providing a Tag Field that functions as a discriminator of different Certificates issued to the same Subject; and
D. representing a Subject Name and a Certificate Issuer Name in one fixed character set determined by the Version Field. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A hardware architecture neutral and operating system neutral and network transport neutral method for representing a digital certificate that enables at least encryption and digital signatures using substantially less storage and bandwidth than conventional digital certificates, said method comprising the steps of:
-
using a common data object header in substantially all communicated data including communicated certificates;
providing a plurality of public keys including a first public key and a second public key in a single certificate, each of said at least first and second public keys being associated with its own purpose;
providing a Tag Field that functions as a discriminator of different Certificates issued to the same Subject; and
representing a Subject Name and a Certificate Issuer Name in one fixed character set determined by the Version Field;
said common data object header includes a plurality of fields including a Type field, a Version field, and a Content-Length field;
said purpose is selected from the group of purposes consisting of encrypting messages, encrypting session keys, signing messages, signing and encrypting data, and combinations thereof;
at most two bytes are used to represent a type and a version for the Type Field the Version Field; and
at most three bytes are used to represent Content-Length in the Content-Length Field;
the Type field is used to identify that the object is a Certificate;
the Version number is used to represent a plurality of attributes selected from the set of attributes consisting of;
(i) Algorithm used by Certificate Issuer to sign the certificate, (ii) Algorithm to be used with the Subject'"'"'s first public key, (iii) Algorithm to be used the Subject'"'"'s second or subsequent public key, (iv) Length of each public key, (v) Length of Certificate Issuer'"'"'s signature, (vi) exponent to use with RSA public key, (vii) Character Set of Subject Name, and (vii) Issuer Name;
said plurality of public keys include at least two public keys that have the same size and the same system parameters;
the Tag Field is treated as an unsigned integer that is incremented with each Certificate issued to the Subject;
said treatment as an unsigned integer providing a mechanism for identifying which of a plurality of certificates having the same Subject Name is more recent than another certificate having that Subject;
the Tag Field is treated as ASCII characters to represent the expiration date of the Certificate;
the two-byte characters comprise two-byte Unicode characters; and
the Version Field is used to indicate any additional fields that are present in the certificate.
-
-
24. A method for representing a digital certificate, said method comprising:
using a common data object header in all communicated data including communicated certificates;
providing a plurality of public keys including a first public key and a second public key in a single certificate;
providing a first field that functions as a discriminator of different certificates issued to the same subject; and
representing a subject name and a certificate issuer name in one fixed character set determined by a second field.
Specification