Delegating certificate validation
First Claim
1. In a receiving computer system that is network connectable to a server computer system over a trusted link, the receiving computer system being configured to receive electronic messages, a method for checking the validity of a digital certificate in manner that conserves the resources of the receiving computer system, the method comprising:
- an act of receiving an electronic message, the electronic message including electronic message data that was sent from an sending entity to a recipient entity, the electronic message being transferred to the receiving computer system at the request of the recipient entity;
an act of receiving a digital signature corresponding to the electronic message, the digital signature having been generated from at least one private key;
an act of sending a certificate validation request to the server computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate that binds the sending entity to the private key, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate that binds the sending entity to the private key; and
an act of receiving a certificate status indication from the server computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate that binds the sending entity to the private key.
2 Assignments
0 Petitions
Accused Products
Abstract
The principles of the present invention provide for delegating certificate validation. A client computer system sends a certificate validation request to a server computer system over a trusted link. The certificate validation request includes at least enough certificate information for a certificate authority to identify a digital certificate that binds a sending entity to a private key. The server computer system checks a validation path to determine if the digital certificate is valid and at least one certificate revocation list to determine if the certificate has been compromised. The server computer system sends a certificate status indication to the client computer system over the trusted link. Accordingly, the resources of the server computer system, instead of the client computer system, are utilized to validate a digital certificate. Further, digital certificate validation can be delegated to a server computer system that attempts to pre-validate a digital certificate.
-
Citations
45 Claims
-
1. In a receiving computer system that is network connectable to a server computer system over a trusted link, the receiving computer system being configured to receive electronic messages, a method for checking the validity of a digital certificate in manner that conserves the resources of the receiving computer system, the method comprising:
-
an act of receiving an electronic message, the electronic message including electronic message data that was sent from an sending entity to a recipient entity, the electronic message being transferred to the receiving computer system at the request of the recipient entity;
an act of receiving a digital signature corresponding to the electronic message, the digital signature having been generated from at least one private key;
an act of sending a certificate validation request to the server computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate that binds the sending entity to the private key, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate that binds the sending entity to the private key; and
an act of receiving a certificate status indication from the server computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate that binds the sending entity to the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. The method as recited in claim 11, further comprising:
an act of presenting the status of the represented digital certificate to the recipient entity.
-
12. In a receiving computer system that is network connectable to a server computer system over a trusted link, the receiving computer system being configured to receive electronic messages, a method for checking the validity of a digital certificate in manner that conserves the resources of the receiving computer system, the method comprising:
-
an act of receiving an electronic message, the electronic message including electronic message data that was sent from an sending entity to a recipient entity, the electronic message being transferred to the receiving computer system at the request of the recipient entity;
an act of receiving a digital signature corresponding to the electronic message, the digital signature having been generated from at least one private key; and
a step for offloading validation of a digital certificate that binds the sending entity to the private key to the server computer system such that resources of the server computer system are consumed during certificate validation.
-
-
13. In a server computer system that is network connectable over a trusted link to a receiving computer system, a method for checking the validity of a digital certificate in a manner that conserves the resources of the receiving computer system, the method comprising:
-
an act of receiving a certificate validation request from the receiving computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate;
an act of checking a validation path to determine if the represented digital certificate is valid;
an act of checking at least one certificate revocation list to determine if the represented digital certificate has been compromised; and
an act of sending a certificate status indication to the receiving computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. In a server computer system that is network connectable over a trusted link to a receiving computer system, a method for checking the validity of a digital certificate in a manner that conserves the resources of the receiving computer system, the method comprising:
-
an act of receiving a certificate validation request from the receiving computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate;
a step for validating the status of the represented digital certificate for the receiving computer system so as to reduce the consumption of receiving computer system resources and reduce the workload associated with configuring the receiving computer system; and
an act of sending a certificate status indication to the receiving client computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate.
-
-
21. In a sending computer system that is network connectable over a trusted link to a server computer system, the sending computer system being configured to send electronic messages, a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the method comprising:
-
an act of receiving an indication that a private key is to be used to digitally sign an electronic message, the electronic message including electronic message data that a sending entity intends to be delivered to a recipient entity;
an act of identifying a digital certificate that binds the sending entity to the private key;
an act of sending a certificate validation request to the server computer system over the trusted link, the certificate validation request including certificate information representative of the identified digital certificate, the certificate information being at least enough information for a certificate authority to identify the identified digital certificate; and
an act of receiving a certificate status indication from the server computer system over the trusted link, the certificate status indication indicating the status of the identified digital certificate. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. In a sending computer system that is network connectable over a trusted link to a server computer system, the sending computer system being configured to send electronic messages, a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the method comprising:
-
an act of receiving an indication that a private key is to be used to digitally sign an electronic message, the electronic message including electronic message data that a sending entity intends to be delivered to a recipient entity;
an act of identifying a digital certificate that binds the sending entity to the private key; and
a step for delegating validation of the identified digital certificate to a trusted computer system such that the status of the identified digital certificate can be pre-validated.
-
-
32. In a server computer system that is network connectable over a trusted link to a sending computer system, the sending computer system being configured to send electronic messages, a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the method comprising:
-
an act of receiving a certificate validation request from the sending computer system over the trusted link, the certificate validation request including certificate information representative of an identified digital certificate, the certificate information being at least enough information for a certificate authority to identify the identified digital certificate;
an act of checking a validation path to determine if the identified digital certificate is valid;
an act of checking at least one certificate revocation list to determine if the identified digital certificate has been compromised; and
an act of sending a certificate status indication to the sending computer system over the trusted link, the certificate status indication indicating the status of the identified digital certificate. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. In a server computer system that is network connectable over a trusted link to a sending computer system, the sending computer system being configured to send electronic messages, a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the method comprising:
-
an act of receiving a certificate validation request from the sending computer system over the trusted link, the certificate validation request including certificate information representative of an identified digital certificate, the certificate information being at least enough information for a certificate authority to identify the identified digital certificate;
a step for pre-validating the status of the identified digital certificate for the sending computer system such that receiving side validation is more efficient; and
an act of sending a certificate status indication to the sending computer system over the trusted link, the certificate status indication indicating the status of the identified digital certificate.
-
-
42. A computer program product for use in a receiving computer system that is network connectable to a server computer system over a trusted link, the receiving computer system being configured to receive electronic messages, the computer program product for implementing a method for checking the validity of a digital certificate in manner that conserves the resources of the receiving computer system, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the receiving computer system to perform the following:
-
receive an electronic message, the electronic message including electronic message data that was sent from an sending entity to a recipient entity, the electronic message being transferred to the receiving computer system at the request of the recipient entity;
receive a digital signature corresponding to the electronic message, the digital signature having been generated from at least one private key;
send a certificate validation request to the server computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate that binds the sending entity to the private key, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate that binds the sending entity to the private key;
receive a certificate status indication from the server computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate that binds the sending entity to the private key.
-
-
43. A computer program product for use in a server computer system that is network connectable over a trusted link to a receiving computer system, the computer program product for implementing a method for checking the validity of a digital certificate in a manner that conserves the resources of the receiving computer system, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the server computer system to perform the following:
-
receive a certificate validation request from the receiving computer system over the trusted link, the certificate validation request including certificate information representative of a digital certificate, the certificate information being at least enough information for a certificate authority to identify the represented digital certificate;
check a validation path to determine if the represented digital certificate is valid;
check at least one certificate revocation list to determine if the represented digital certificate has been compromised; and
send a certificate status indication to the receiving computer system over the trusted link, the certificate status indication indicating the status of the represented digital certificate.
-
-
44. A computer program product for use in a sending computer system that is network connectable over a trusted link to a server computer system, the sending computer system being configured to send electronic messages, the computer program product for implanting a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the sending computer system to perform the following:
-
receive an indication that a private key is to be used to digitally sign an electronic message, the electronic message including electronic message data that a sending entity intends to be delivered to a recipient entity;
identify a digital certificate that binds the sending entity to the private key;
send a certificate validation request to the server over the trusted link, the certificate validation request including certificate information representative of the identified digital certificate, the certificate information being at least enough information for a certificate authority to identify the identified digital certificate; and
receive a certificate status indication from the server computer system over the trusted link, the certificate status indication indicating the status of the identified digital certificate.
-
-
45. A computer program product for use in a server computer system that is network connectable over a trusted link to a sending computer system, the sending computer system being configured to send electronic messages, the computer program product for implementing a method for checking the validity of a digital certificate before using the digital certificate to generate a digital signature based on the digital certificate, the computer program product comprising one or more computer-readable media having stored thereon computer executable instructions that, when executed by a processor, cause the server computer system to perform the following:
-
receive a certificate validation request from the sending computer system over the trusted link, the certificate validation request including certificate information representative of an identified digital certificate, the certificate information being at least enough information for a certificate authority to identify the identified digital certificate;
check a validation path to determine if the identified digital certificate is valid;
check at least one certificate revocation list to determine if the identified digital certificate has been compromised; and
send a certificate status indication to the sending computer system over the trusted link, the certificate status indication indicating the status of the identified digital certificate.
-
Specification