Apparatuses for authenticating client devices with client certificate management

US 20050076204A1
Filed: 08/13/2004
Published: 04/07/2005
Est. Priority Date: 08/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A system for managing digital certificates on a network device, comprising:

a client device;

an electronic communication network;

a service provider device accessible by said client device by way of said electronic communication network;

a certificate store accessible by said service provider device;

a revocation server accessible by said service provider device;

wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;

a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;

a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;

instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;

(i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

80 Citations

View as Search Results

16 Claims

1. A system for managing digital certificates on a network device, comprising:
- a client device;
  
  an electronic communication network;
  
  a service provider device accessible by said client device by way of said electronic communication network;
  
  a certificate store accessible by said service provider device;
  
  a revocation server accessible by said service provider device;
  
  wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
  
  a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;
  
  a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A system according to claim 1, wherein said authenticating indicates authentication of an individual for a financial transaction.
  - 3. A system according to claim 1, wherein said authenticating indicates authentication of an individual for a contractual transaction.
  - 4. A system according to claim 1, wherein said authenticating indicates authentication of an individual for a loan application.
  - 5. A system according to claim 1, wherein following said authenticating said service provider device permits access to resources within an organization based on an individual'"'"'s access rights.
  - 6. A system according to claim 1, wherein following said authenticating said service provider device permits access to email messages.
  - 7. A system according to claim 1, wherein following said authenticating said service provider device permits access to applications on said client device.
  - 8. A system according to claim 1, wherein said client executable component is an agent installed to and apart from the client base operating system.

9. A system for managing digital certificates on client devices accessible over an electronic communication network, wherein each of the client devices has installed thereon a client executable component providing access to at least one digital certificate in a certificate store on the device, the system comprising:
- a service provider device accessible by client devices by way of the electronic communication network;
  
  a certificate store accessible by said service provider device;
  
  a revocation server accessible by said service provider device;
  
  wherein each of said service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
  
  a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from a client device by way of said network facilities and a client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A system according to claim 9, wherein said authenticating indicates authentication of an individual for a financial transaction.
  - 11. A system according to claim 9, wherein said authenticating indicates authentication of an individual for a contractual transaction.
  - 12. A system according to claim 9, wherein said authenticating indicates authentication of an individual for a loan application.
  - 13. A system according to claim 9, wherein following said authenticating said service provider device permits access to resources within an organization based on an individual'"'"'s access rights.
  - 14. A system according to claim 9, wherein following said authenticating said service provider device permits access to email messages.
  - 15. A system according to claim 9, wherein following said authenticating said service provider device permits access to applications on a client device.

16. A system for managing digital certificates on a network device, comprising:
- a client device;
  
  an electronic communication network;
  
  a service provider device accessible by said client device by way of said electronic communication network;
  
  a certificate store accessible by said service provider device;
  
  a revocation server accessible by said service provider device;
  
  wherein each of said client device, service provider device, certificate server and revocation server each include network facilities for communication over said network, further wherein said service provider device, said certificate server and said revocation server are not necessarily distinct nodes or computing devices on said network;
  
  a client executable component installed to said client device providing access to at least one digital certificate in a certificate store on the device;
  
  a storage device group installed to said service provider device, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving requests for connections from clients, (ii) attempting to retrieve a digital certificate from the client device by way of said network facilities and said client executable component, (iii) if in said attempting a digital certificate is retrieved, checking for expiration of the retrieved digital certificate, (iv) if in said attempting a digital certificate is retrieved, querying a revocation server by way of said network facilities for revocation of the retrieved digital certificate, (v) if the retrieved digital certificate is expired or revoked, retrieving a newly issued certificate from the network certificate server, (vi) if in said attempting a digital certificate is not retrieved, accessing said network certificate store to retrieve an authentication certificate, by way of said network, (vii) following said accessing a network certificate server to retrieve an authentication certificate, placing the retreived authentication certificate in the certificate store of said client device, and (viii) authenticating the client device for data transfer, wherein the data transfer is a transaction for a purposes selected from the group of financial transactions, contractual transactions, sales transactions and loan applications;
  
  wherein following said authenticating said service provider device permits access to resources within an organization based on an individual'"'"'s access rights; and
  
  wherein said client executable component is an agent installed to and apart from the client base operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imcentric Incorporated, Venafi,Inc.
Original Assignee
Imcentric Incorporated
Inventors
Thornton, Russell S., Seegmiller, Jayson, Hodson, Benjamin

Application Number

US10/918,710
Publication Number

US 20050076204A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Apparatuses for authenticating client devices with client certificate management

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatuses for authenticating client devices with client certificate management

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links