System and method for electronic transmission, storage and retrieval of authenticated documents
First Claim
1. A method of providing a Certificate Status Service (“
- CSS”
) for checking validities of authentication certificates issued by respective issuing Certification Authorities (“
CAs”
), comprising the steps of;
identifying information needed for retrieving a status of an authentication certificate from an issuing CA that issued the authentication certificate;
configuring a connector based on the identified information for communicating with the issuing CA;
communicating with the issuing CA according to the configured connector when the status of the authentication certificate is queried; and
retrieving the status of the authentication certificate;
wherein the issuing CA and the connector are designated on a list of approved CAs in a configuration store.
5 Assignments
0 Petitions
Accused Products
Abstract
A Certificate Status Service that is configurable, directed, and able to retrieve status from any approved Certification Authority (CA) is disclosed. The CSS may be used by a Trusted Custodial Utility (TCU) and comparable systems or applications whose roles are validating the right of an individual to perform a requisite action, the authenticity of submitted electronic information objects, and the status of authentication certificates used in digital signature verification and user authentication processes. The validity check on authentication certificates is performed by querying an issuing CA. Traditionally, to create a trusted Public Key Infrastructure (PKI) needed to validate certificates, complex relationships are formed by cross-certification among CAs or by use of PKI bridges. The PKI and CA interoperability problem is addressed from a different point of view, with a focus on establishing a trust environment suitable for the creation, execution, maintenance, transfer, retrieval and destruction of electronic original information objects that may also be transferable records (ownership may change hands). A TCU is concerned only with a known set of “approved CAs” although they may support a multitude of business environments, and within that set of CAs, only with those certificates that are associated with TCU user accounts. Building PKI/CA trusted relationships is not required as the CSS achieves a trusted environment by querying only approved CAs and maintaining caches of valid certificates'"'"' status.
276 Citations
33 Claims
-
1. A method of providing a Certificate Status Service (“
- CSS”
) for checking validities of authentication certificates issued by respective issuing Certification Authorities (“
CAs”
), comprising the steps of;
identifying information needed for retrieving a status of an authentication certificate from an issuing CA that issued the authentication certificate;
configuring a connector based on the identified information for communicating with the issuing CA;
communicating with the issuing CA according to the configured connector when the status of the authentication certificate is queried; and
retrieving the status of the authentication certificate;
wherein the issuing CA and the connector are designated on a list of approved CAs in a configuration store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- CSS”
-
11. A method of retrieving a status of an authentication certificate issued by an issuing Certification Authority (“
- CA”
) in response to a query from a Trusted Custodial Utility (“
TCU”
) to a Certificate Status Service (“
CSS”
) to validate the authentication certificate'"'"'s status, comprising the steps of;
locating and reporting the status if the status is present and current in a cache memory of the CSS;
otherwise performing the steps of;
obtaining a status type and retrieval method from a CSS configuration store;
if the status type is Certificate Revocation List (“
CRL”
) and the status is not found in the cache memory, then reporting the status as valid;
if the status type is not CRL, then composing a certificate status request according to the status type;
establishing a communication session with the issuing CA;
retrieving the status from a status reporting component of the issuing CA using the obtained retrieval method and ending the communication session;
interpreting the retrieved status;
associating, with the interpreted retrieved status, a time-to-live value representing a period specified by a CSS policy for the status type;
adding at least the authentication certificate'"'"'s identification, status, and time-to-live values to the cache memory; and
reporting the status to the TCU in response to the query. - View Dependent Claims (12, 13, 14)
- CA”
-
15. A Certificate Status Service (“
- CSS”
) for providing accurate and timely status indications of authentication certificates issued by issuing Certification Authorities (“
CAs”
), comprising;
providing a status of an authentication certificate as indicated by a Certificate Revocation List (“
CRL”
) when the certificate'"'"'s issuing CA uses CRLs for indicating status;
otherwise, providing the status indicated by a cache memory when the cache memory includes a status and a time-to-live data element is not exceeded;
if the time-to-live data element is exceeded, clearing the status from the cache memory;
requesting and retrieving the status using a real-time certificate status reporting protocol when the status is not in the cache memory;
adding at least the certificate'"'"'s identification, status, and time-to-live data element to the cache memory; and
providing the retrieved status. - View Dependent Claims (16, 17, 18)
- CSS”
Specification