System and method of looking up and validating a digital certificate in one pass
First Claim
Patent Images
1. A system for accessing and validating a digital certificate, comprising:
- a first set of certificate authorities connected to a communication network and able to receive and respond to requests for certificates;
said first set of certificate authorities having a set of hierarchical trust relationships among them, said set of hierarchical trust relationships being verified by a set of digital certificates;
a certificate holder having a digital certificate issued by one of said first set of certificate authorities;
a certificate verifier connected to said communication network and having a trust relationship with a second set of certificate authorities; and
a certificate distribution center connected to said communication network and operable to receive a request from said certificate verifier for a validated copy of said digital certificate, obtain said digital certificate from said one of said first set of certificate authorities, obtain a subset of digital certificates of said set of digital certificates necessary to validate said digital certificate, and return to said certificate verifier a validated copy of said digital certificate, wherein said certificate distribution server determines said subset of digital certificates of said set of digital certificates based on said second set of certificate authorities.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method for a certificate verifier to make a request to a certificate distribution server for a copy of another entity'"'"'s digital certificate and to have the certificate distribution center validate it. The certificate distribution center can request the appropriate certificates and validation thereof from a number of certificate authorities or may alternatively obtain copies from a certificate cache and validate the copies against a revocation list server.
-
Citations
24 Claims
-
1. A system for accessing and validating a digital certificate, comprising:
-
a first set of certificate authorities connected to a communication network and able to receive and respond to requests for certificates;
said first set of certificate authorities having a set of hierarchical trust relationships among them, said set of hierarchical trust relationships being verified by a set of digital certificates;
a certificate holder having a digital certificate issued by one of said first set of certificate authorities;
a certificate verifier connected to said communication network and having a trust relationship with a second set of certificate authorities; and
a certificate distribution center connected to said communication network and operable to receive a request from said certificate verifier for a validated copy of said digital certificate, obtain said digital certificate from said one of said first set of certificate authorities, obtain a subset of digital certificates of said set of digital certificates necessary to validate said digital certificate, and return to said certificate verifier a validated copy of said digital certificate, wherein said certificate distribution server determines said subset of digital certificates of said set of digital certificates based on said second set of certificate authorities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of validating and serving a digital certificate, comprising the steps of:
-
(a) receiving a first request from a certificate verifier for a digital certificate;
(b) sending a second request to a first certificate authority having issued said digital certificate requested by said certificate verifier;
(c) receiving said digital certificate from said first certificate authority;
(d) if said first certificate authority is not trusted by said certificate verifier;
(i) requesting an additional digital certificate from a subsequent parent certificate authority;
(ii) receiving said additional digital certificate from said subsequent parent certificate authority;
(iii) validating a previous digital certificate with said additional digital certificate; and
(iv) in the event that said subsequent parent certificate authority is not trusted by said certificate verifier, repeating steps (i) to (iii) as necessary; and
(e) returning said digital certificate to said certificate verifier. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification