Method and system for user generated keys and certificates
First Claim
1. A method of authenticating a user of a second system where the user has an authenticated identity in a first system, comprising the steps of:
- the second system causing a key to be generated for use in the second system;
the second system generating a certificate for the key; and
signing the certificate for the key using the authenticated identity of the user in the first system.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and system to allow user generation of a private-public key pair and an associated user generated certificate to establish the identity of a user based upon signing the user generated certificate with a private key of a private-public key pair associated with a certificate issued by a Certification Authority (CA). The user generated certificate thereby allows the user that generated the certificate to establish a secure session with a third party without multiple use of the certificate issued by the CA, typically for use on another network infrastructure. The method and system are particularly useful for establishing a secure session, such as a Secure Socket Layer session using a personal computer, where the CA certificate is associated with a wireless identity module of a wireless device.
141 Citations
65 Claims
-
1. A method of authenticating a user of a second system where the user has an authenticated identity in a first system, comprising the steps of:
-
the second system causing a key to be generated for use in the second system;
the second system generating a certificate for the key; and
signing the certificate for the key using the authenticated identity of the user in the first system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of authenticating a user in a network environment where the user has an authenticated identity not associated with said network environment, comprising the steps of:
-
generating a key for use in the network environment;
generating a certificate for the key; and
signing the certificate for the key using the user'"'"'s authenticated identity.
-
-
30. A system for authenticating a user of a second system where the user has an authenticated identity in a first system, comprising:
-
a device forming part of the second system, the device having means for causing a key to be generated for use in the second system, said device of the second system having means for generating a certificate for the key; and
a second device forming part of the first system, the second device having means for storing information regarding the authenticated identity of the user in the first system, said second device further having means for communicating said information; and
wherein the device of the first system has means for receipt of said information from the second device, and further has means for signing the certificate for the key using the authenticated identity of the user in the first system. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 62)
-
-
58. A system for authenticating a user in a network environment where the user has an authenticated identity not associated with said network environment, comprising:
-
means for generating a certificate for the key; and
means for signing the certificate for the key using the user'"'"'s authenticated identity.
-
-
59. A device for authenticating a user of a second system where the user has an authenticated identity in a first system, wherein the device forms part of the second system comprising:
-
means for generating a key for use in the second system;
means for generating a certificate for the key;
means for transferring the certificate to a device forming part of the first system, said device of the first system having information concerning the authenticated identity of the user in the first system, so as to sign the certificate using the authenticated identity of the user in the first system; and
wherein said device of the second system further comprises means for receipt of said signed certificate and means for transferring the signed certificate to a third party of said second system.
-
-
60. A wireless device for use in authenticating a user of a second system where the user has an authenticated identity in a first system associated with the wireless device, wherein the second system includes a device having means for causing a key to be generated for use in the second system, means for generating a certificate for the key, and means for transferring the certificate to another device;
wherein the wireless device comprises;
means for storing information regarding the authenticated identity of the user in the first system;
means for receipt of the certificate from the second device; and
means for signing the certificate using the authenticated identity of the user in the first system and transferring the signed certificate to the device of the second system. - View Dependent Claims (61, 63, 64)
-
65. A computer program product for implementing the authentication of a user of a second system where the user has an authenticated identity in a first system, comprising:
-
a computer readable medium;
a device forming part of the second system, the device having program code in said computer readable medium for generating a key for use in the second system, said device of the second system having program code in said computer readable medium for generating a certificate for the key; and
a second device forming part of the first system, the second device having program code in said computer readable medium for storing the authenticated identity of the user in the first system; and
wherein the second device has program code in said computer readable medium for signing the certificate generated by the device of the second system using the information regarding the authenticated identity of the user in the first system and transferring the signed certificate to the device of the second system.
-
Specification