Dynamic authentication of electronic messages using a reference to a certificate
First Claim
1. In a public key authentication system, a method of sending an authenticated message to a recipient via a network, the method comprising:
- digitally signing a message using a first private key associated with the sender;
retrieving a first certificate reference associated with a first certificate, the first certificate including a first public key corresponding to the first private key, wherein the first certificate and the associated first certificate reference are stored in a public key infrastructure; and
transmitting to the recipient via the network an authenticated message comprising the digitally signed message and the first certificate reference.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for dynamic authentication of a digital signature included in an electronic message are provided. The sender sends a certificate reference together with a digitally signed electronic message. The certificate reference uniquely maps to a certificate stored in a public key infrastructure (PKI). Upon receipt of the message, including the certificate reference, the recipient requests the certificate from the PKI by sending the certificate reference to the PKI. The PKI responds by mapping the certificate reference to the corresponding certificate and providing the certificate, which may then be used to authenticate the digital signature.
66 Citations
19 Claims
-
1. In a public key authentication system, a method of sending an authenticated message to a recipient via a network, the method comprising:
-
digitally signing a message using a first private key associated with the sender;
retrieving a first certificate reference associated with a first certificate, the first certificate including a first public key corresponding to the first private key, wherein the first certificate and the associated first certificate reference are stored in a public key infrastructure; and
transmitting to the recipient via the network an authenticated message comprising the digitally signed message and the first certificate reference. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a public key authentication system, a method for authenticating a message received from a sender via a network, the received message including a digitally signed message and a first certificate reference, the method comprising:
-
transmitting the first certificate reference to a public key infrastructure via the network;
receiving from the public key infrastructure via the network a first certificate corresponding to the first certificate reference, the first certificate including a first public key;
determining whether the first certificate is trusted; and
if the first certificate is trusted, authenticating the digitally signed message using the first public key. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. In a public key authentication system, a method for obtaining a public key for authenticating a received message comprising a digitally signed message and a first certificate reference, the method comprising:
-
determining whether the first certificate reference is stored within a local keystore;
if the first certificate reference is stored within the local keystore;
retrieving from the local keystore a first public key associated with the first certificate reference; and
if the first certificate reference is not stored within the local keystore;
transmitting the first certificate reference to a public key infrastructure;
receiving from the public key infrastructure a first certificate corresponding to the first certificate reference, the first certificate including the first public key;
determining whether to trust the first certificate; and
adding information to the local keystore, the information including at least the first certificate reference and the first public key. - View Dependent Claims (14)
-
-
15. A method of operating a public key infrastructure, the method comprising:
-
receiving a certificate from a first user;
computing a unique certificate reference from data contained in the certificate;
storing the certificate in association with the unique certificate reference;
receiving a request from a second user, the request including the unique certificate reference; and
transmitting the certificate to the second user in response to the request. - View Dependent Claims (16)
-
-
17. In a public key authentication system comprising a sender, a recipient, a public key infrastructure and a network, a method of authenticating a message sent by the sender to the recipient, the method comprising:
-
at the sender side;
digitally signing a message using a first private key belonging to the sender;
retrieving a first certificate reference associated with a first certificate, the first certificate including a first public key corresponding to the first private key, wherein the first certificate and the associated first certificate reference are stored in the public key infrastructure; and
transmitting a message comprising the digitally signed message and the first certificate reference to the recipient via the network; and
at the recipient side;
receiving the message;
transmitting the first certificate reference to the public key infrastructure via the network;
receiving the first certificate from the public key infrastructure via the network; and
authenticating the digitally signed message using the first public key.
-
-
18. A public key infrastructure comprising:
-
a data store containing at least one certificate, wherein each of the at least one certificate is associated with a different one of at least one certificate reference; and
a server coupled to the data store, wherein the server is configured to receive a certificate, to compute a certificate reference for the received certificate from data included in the certificate, and to store the received certificate in association with the computed certificate reference in the data store, and wherein the server is further configured to respond to a request for a certificate, the request including a received certificate reference, by identifying and providing the one of the at least one stored certificate associated with the received certificate reference.
-
-
19. An electronic communication system comprising:
-
a public key infrastructure configured to store a plurality of certificates, to associate with each of the plurality of certificates a different one of a plurality of certificate references, and in response to a request including one of the plurality of certificate references, to return the corresponding one of the plurality of certificates;
a sender configured to digitally sign a message using a first private key and to send a message including the digitally signed message and a first certificate reference; and
a recipient configured to receive the message, to send a request including the first certificate reference to the public key infrastructure, to receive a corresponding first certificate from the public key infrastructure, and to use the first certificate to authenticate the digitally signed message.
-
Specification