Authority-neutral certification for multiple-authority PKI environments
First Claim
1. A method for facilitating electronic certification, comprising:
- receiving, on a server, a service request from an application, the service request containing public key encryption data;
based on information contained in the service request, selecting a certification authority, from a plurality of available certification authorities;
generating a data object including information associated with the information in the service request;
transmitting the data object from the server to the selected certification authority;
receiving, on the server, a response from the selected certification authority;
generating a response object including information associated with information contained in the response; and
transmitting the response object to the application.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for facilitating electronic certification, and systems for use therewith, are presented in the context of public key encryption infrastructures. Some aspects of the invention provide methods for facilitating electronic certification using authority-neutral service requests sent by an application, which are then formatted by a server comprising a middleware that can convert the authority-neutral request into certification authority specific objects. The server and middleware then return a response from a selected certification authority back to the service requesting application. Thus, the server and/or middleware act as intermediaries that facilitate user transactions in an environment having multiple certification authorities without undue burden on the applications or the expense and reliability problems associated therewith.
-
Citations
37 Claims
-
1. A method for facilitating electronic certification, comprising:
-
receiving, on a server, a service request from an application, the service request containing public key encryption data;
based on information contained in the service request, selecting a certification authority, from a plurality of available certification authorities;
generating a data object including information associated with the information in the service request;
transmitting the data object from the server to the selected certification authority;
receiving, on the server, a response from the selected certification authority;
generating a response object including information associated with information contained in the response; and
transmitting the response object to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system for facilitating electronic certification in a public key infrastructure (PKI), comprising:
-
a server connecting an application with a PKI certification authority; and
middleware, implemented on the server, the middleware comprising;
a responder for responding to a service request received from the application;
a dispatcher for routing communication through the server;
a selector for selecting a certification authority from among a plurality of available certification authorities based on the service request; and
a certification service request formatter corresponding to the selected certification authority. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method for facilitating an electronic certification transaction in a public key infrastructure (PKI), comprising:
-
(A) storing user profile data, corresponding to a user, on a database;
(B) storing application data, corresponding to an application, on the database;
(C) storing permission data, indicative of an application'"'"'s permission to access user profile data, on the database;
(D) determining whether an application requesting a portion of the user profile data has permission to access said portion of the user profile data, based on the permission data; and
(E) if said application in (D) does have permission to access said portion of the user profile data, selectively allowing said application in (D) to access said portion of the user profile data to conduct said electronic certification transaction. - View Dependent Claims (37)
-
Specification