System and method of looking up and validating a digital certificate in one pass

US 20030212888A1
Filed: 03/03/2003
Published: 11/13/2003
Est. Priority Date: 08/26/1998
Status: Active Grant

First Claim

Patent Images

1. A system for accessing and validating a digital certificate, comprising:

a first set of certificate authorities connected to a communication network and able to receive and respond to requests for certificates;

said first set of certificate authorities having a set of hierarchical trust relationships among them, said set of hierarchical trust relationships being verified by a set of digital certificates;

a certificate holder having a digital certificate issued by one of said first set of certificate authorities;

a certificate verifier connected to said communication network and having a trust relationship with a second set of certificate authorities; and

a certificate distribution center connected to said communication network and operable to receive a request from said certificate verifier for a validated copy of said digital certificate, obtain said digital certificate from said one of said first set of certificate authorities, obtain a subset of digital certificates of said set of digital certificates necessary to validate said digital certificate, and return to said certificate verifier a validated copy of said digital certificate, wherein said certificate distribution server determines said subset of digital certificates of said set of digital certificates based on said second set of certificate authorities.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for a certificate verifier to make a request to a certificate distribution server for a copy of another entity'"'"'s digital certificate and to have the certificate distribution center validate it. The certificate distribution center can request the appropriate certificates and validation thereof from a number of certificate authorities or may alternatively obtain copies from a certificate cache and validate the copies against a revocation list server.

Citations

24 Claims

1. A system for accessing and validating a digital certificate, comprising:
- a first set of certificate authorities connected to a communication network and able to receive and respond to requests for certificates;
  
  said first set of certificate authorities having a set of hierarchical trust relationships among them, said set of hierarchical trust relationships being verified by a set of digital certificates;
  
  a certificate holder having a digital certificate issued by one of said first set of certificate authorities;
  
  a certificate verifier connected to said communication network and having a trust relationship with a second set of certificate authorities; and
  
  a certificate distribution center connected to said communication network and operable to receive a request from said certificate verifier for a validated copy of said digital certificate, obtain said digital certificate from said one of said first set of certificate authorities, obtain a subset of digital certificates of said set of digital certificates necessary to validate said digital certificate, and return to said certificate verifier a validated copy of said digital certificate, wherein said certificate distribution server determines said subset of digital certificates of said set of digital certificates based on said second set of certificate authorities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system for accessing and validating a digital certificate of claim 1, wherein said certificate distribution center is operable to indicate to said certificate verifier that said digital certificate has a status chosen from the group consisting of invalid, revoked, expired or non-existent.
  - 3. The system for accessing and validating a digital certificate of claim 1, additionally comprising:
    - at least one revocation list server having a list of digital certificates that have been revoked; and
      
      a certificate cache, wherein said certificate distribution center additionally obtains from said certificate cache a cached copy of one of said digital certificate and said set of digital certificates and verifies with said at least one revocation server the validity thereof prior to contacting said set of certificate authorities.
  - 4. The system for accessing and validating a digital certificate of claim 3, wherein said certificate cache resides at said certificate distribution center.
  - 5. The system for accessing and validating a digital certificate of claim 3, wherein said certificate cache serves a plurality of certificate verifiers.
  - 6. The system for accessing and validating a digital certificate of claim 3, wherein said certificate distribution center deposits a subset of said digital certificate and said subset of digital certificates obtained from said first set of certificate authorities in said certificate cache.
  - 7. The system for accessing and validating a digital certificate of claim 3, wherein said request from said certificate verifier indicates a desired level of confidence for said digital certificate'"'"'s validity.
  - 8. The system for accessing and validating a digital certificate of claim 3, wherein said request from said certificate verifier directs said certificate distribution center to ignore said certificate cache.
  - 9. The system for accessing and validating a digital certificate of claim 1, wherein said reply to said certificate verifier additionally comprises a formatted first certificate chain summary.
  - 10. The system for accessing and validating a digital certificate of claim 1, wherein said reply to said certificate verifier additionally comprises each of said subset of said set of digital certificates obtained from said first set of certificate authorities.
  - 11. The system for accessing and validating a digital certificate of claim 1, wherein said certificate distribution center additionally constructs and returns a second certificate chain, based on said second set of certificate authorities, to said certificate verifier permitting said certificate verifier to validate said digital certificate of said certificate distribution center.
  - 12. The system for accessing and validating a digital certificate of claim 1, wherein said certificate distribution center has prior knowledge of said second set of certificate authorities trusted by said certificate verifier.
  - 13. The system for accessing and validating a digital certificate of claim 1, wherein said request from said certificate verifier includes a requested certificate identifier from which each of said first set of certificate authorities in parent relationship to said certificate holder can be identified.

14. A method of validating and serving a digital certificate, comprising the steps of:
- (a) receiving a first request from a certificate verifier for a digital certificate;
  
  (b) sending a second request to a first certificate authority having issued said digital certificate requested by said certificate verifier;
  
  (c) receiving said digital certificate from said first certificate authority;
  
  (d) if said first certificate authority is not trusted by said certificate verifier;
  
  (i) requesting an additional digital certificate from a subsequent parent certificate authority;
  
  (ii) receiving said additional digital certificate from said subsequent parent certificate authority;
  
  (iii) validating a previous digital certificate with said additional digital certificate; and
  
  (iv) in the event that said subsequent parent certificate authority is not trusted by said certificate verifier, repeating steps (i) to (iii) as necessary; and
  
  (e) returning said digital certificate to said certificate verifier.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of validating and serving a digital certificate of claim 14, wherein steps (c) and (d) (ii) alternatively comprises receiving an indication that said digital certificate or said additional digital certificate is invalid, step (d) (iv) additionally comprises a condition that said previous digital certificate is validated and said additional digital certificate exists and was not revoked, and step (e) alternatively comprise returning a notification that said digital certificate is invalid.
  - 16. The method of validating and serving a digital certificate of claim 14, additionally comprising the step of obtaining said digital certificate or said additional digital certificate from a certificate cache and validating said digital certificate or said additional digital certificate using a revocation list in place of obtaining said digital certificate or said additional digital certificate from said first or subsequent parent certificate authorities, in the event that said digital certificate or said additional digital certificate is available from said certificate cache.
  - 17. The method of validating and serving a digital certificate of claim 16, additionally comprising the step of placing at least one of said digital certificate and said additional digital certificates in said certificate cache once received from said first or subsequent parent certificate authority.
  - 18. The method of validating and serving a digital certificate of claim 16, wherein step (a) additionally comprises receiving a desired level of confidence from said certificate verifier, and the step of validating said digital certificate and said additional digital certificates reflects said desired level of confidence.
  - 19. The method of validating and serving a digital certificate of claim 16, wherein step (a) additionally comprises receiving from said certificate verifier a direction to ignore said certificate cache.
  - 20. The method of validating and serving a digital certificate of claim 14, wherein step (e) additionally comprises constructing a first certificate chain from said digital certificate and said additional digital certificates, if any, and returning said first certificate chain, along with said digital certificate, to said certificate verifier.
  - 21. The method of validating and serving a digital certificate of claim 20, wherein step (e) additionally comprises formatting said first certificate chain and said digital certificate prior to returning said first certificate chain to said certificate verifier.
  - 22. The method of validating and serving a digital certificate of claim 14, additionally comprising the step of;
    - (f) following step (d), constructing a second certificate chain, based on said second set of certificate authorities, to said certificate verifier permitting said certificate verifier to validate said certificate distribution center, and returning said second certificate chain to said certificate verifier.
  - 23. The method of validating and serving a digital certificate of claim 22, additionally comprising the step of formatting said second certificate chain prior to returning said second certificate chain to said certificate verifier.
  - 24. The method of validating and serving a digital certificate of claim 14, wherein said first request in step (a) identifies said first certificate authority and each of said subsequent parent certificate authorities, and step (d) (i) is performed prior to receiving said digital certificate from said first certificate authority is step (c).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Original Assignee
Diversinet Corporation
Inventors
Ansell, Steven M., Crerar, Michael C., Wildish, Michael Andrew

Granted Patent

US 7,383,434 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

G06Q 30/06   Buying, selling or leasing ...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 40/04   Trading; Exchange, e.g. sto...

H04L 9/3297   involving time stamps, e.g....

System and method of looking up and validating a digital certificate in one pass

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of looking up and validating a digital certificate in one pass

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links