Apparatuses for authenticating client devices with client certificate management
First Claim
Patent Images
1. A system for managing digital certificates on a network device, comprising:
- a client device;
an electronic communication network;
a service provider device accessible by said client device by way of said electronic communication network;
a certificate store accessible by said service provider device;
a revocation server accessible by said service provider device;
wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;
a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
80 Citations
16 Claims
-
1. A system for managing digital certificates on a network device, comprising:
-
a client device;
an electronic communication network;
a service provider device accessible by said client device by way of said electronic communication network;
a certificate store accessible by said service provider device;
a revocation server accessible by said service provider device;
wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;
a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for managing digital certificates on client devices accessible over an electronic communication network, wherein each of the client devices has installed thereon a client executable component providing access to at least one digital certificate in a certificate store on the device, the system comprising:
-
a service provider device accessible by client devices by way of the electronic communication network;
a certificate store accessible by said service provider device;
a revocation server accessible by said service provider device;
wherein each of said service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from a client device by way of said network facilities and a client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system for managing digital certificates on a network device, comprising:
-
a client device;
an electronic communication network;
a service provider device accessible by said client device by way of said electronic communication network;
a certificate store accessible by said service provider device;
a revocation server accessible by said service provider device;
wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;
a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer, wherein the data transfer is a transaction for a purposes selected from the group of financial transactions, contractual transactions, sales transactions and loan applications;
wherein following said authenticating said service provider device permits access to resources within an organization based on an individual'"'"'s access rights; and
wherein said client executable component is an agent installed to and apart from the client base operating system.
-
Specification