System and method for obtaining a digital certificate for an endpoint

US 20060174106A1
Filed: 01/25/2005
Published: 08/03/2006
Est. Priority Date: 01/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a digital certificate on an endpoint, the method comprising:

establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority;

generating authentication information at the endpoint;

transmitting at least a portion of the authentication information to the proxy function module, the proxy function module obtaining a digital certificate from a certificate authority based on the at least the portion of the authentication information; and

receiving the digital certificate at the endpoint from the proxy function module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the present invention, a method of establishing a digital certificate on an endpoint includes establishing a connection between a proxy function module and the endpoint. The proxy function module is remotely located from the endpoint and operable to communicate with the endpoint and a certificate authority. Authentication information is generated at the endpoint. A portion of the authentication information is transmitted to the proxy function module. The proxy function module obtains a digital certificate based on the portion of the authentication information. The digital certificate is received at the endpoint from the proxy function module.

110 Citations

View as Search Results

27 Claims

1. A method of establishing a digital certificate on an endpoint, the method comprising:
- establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority;
  
  generating authentication information at the endpoint;
  
  transmitting at least a portion of the authentication information to the proxy function module, the proxy function module obtaining a digital certificate from a certificate authority based on the at least the portion of the authentication information; and
  
  receiving the digital certificate at the endpoint from the proxy function module.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein generating authentication information at the endpoint further comprises:
    - receiving a hash at the endpoint from the proxy function module;
      
      encrypting the hash; and
      
      transmitting the at least the portion of the authentication information further comprises transmitting the encrypted hash as at least a portion of the at least the portion of the authentication information.
  - 3. The method of claim 1, wherein establishing a connection with a proxy function module further comprises:
    - receiving information digitally signed by the proxy function module; and
      
      authenticating the digitally signed information.
  - 4. The method of claim 1, wherein generating authentication information at the endpoint further comprises:
    - generating a private key; and
      
      generating a public key, the public key complementary to the private key.
  - 5. The method of claim 1, further comprising:
    - installing the digital certificate on the endpoint.

6. A method of establishing a digital certificate on an endpoint with a proxy function module, comprising:
- establishing a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority;
  
  receiving at least a portion of authentication information at the proxy function module, the at least the portion of authentication information generated at the endpoint;
  
  packaging the at least the portion of authentication information in a certificate request;
  
  transmitting the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receiving the digital certificate at the proxy function module; and
  
  transmitting the digital certificate to the endpoint.
- View Dependent Claims (7, 8)
- - 7. The method of claim 6, wherein transmitting the digital certificates to the endpoint further comprises:
    - verifying information on the digital certificate; and
      
      transmitting the digital certificate to the endpoint only if the information is verified.
  - 8. The method of claim 6, further comprising:
    - transmitting a hash to the endpoint prior to receiving at least the portion of authentication information, wherein receiving at least the portion of authentication information further comprises;
      
      receiving a public key generated by the endpoint;
      
      receiving an encrypted hash, encrypted by a private key generated by the endpoint.

9. A system for establishing a digital certificate on an endpoint, the system comprising:
- an endpoint; and
  
  a proxy function module in communication with the endpoint, operable to;
  
  generate authentication information; and
  
  transmit at least a portion of the authentication information to the proxy function module, and the proxy function module comprises logic encoded in media operable to;
  
  receive the at least the portion of the authentication information;
  
  package the at least the portion of the authentication information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receive the digital certificate; and
  
  transmit the digital certificate to the endpoint.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, proxy function module operable to:
    - transmit a hash to the endpoint.
  - 11. The system of claim 10, wherein the logic encoded in media in the endpoint is further operable to:
    - encrypt the hash, and transmit the encrypted hash as at least a portion of the at least the portion of the authentication information.
  - 12. The system of claim 9, wherein the logic encoded in media in the proxy function module is further operable to transmit digitally signed information;
    - and the logic encoded in media in the endpoint is further operable to authenticate the digitally signed information.
  - 13. The system of claim 9, wherein the logic encoded in media in the endpoint in the generation of the authentication information is further operable to:
    - generate a private key; and
      
      generate a public key, the public key complementary to the private key.
  - 14. The system of claim 9, wherein the logic encoded in media in the proxy function module is further operable to:
    - verify information on the digital certificate and only transmit the digital certificate to the endpoint if the information is correct.
  - 15. The system of claim 9, wherein the logic encoded in media in the proxy function module is further operable to:
    - install the digital certificate on the endpoint.

16. An endpoint comprising:
- logic encoded in media such that when executed is operable to;
  
  establish a connection between a proxy function module and the endpoint, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority;
  
  generate authentication information at the endpoint;
  
  transmit at least a portion of the authentication information to the proxy function module, the proxy function module obtaining a digital certificate from a certificate authority based on the at least the portion of the authentication information; and
  
  receive the digital certificate at the endpoint from the proxy function module.
- View Dependent Claims (17, 18, 19)
- - 17. The endpoint of claim 16, wherein the logic encoded in media is further operable to:
    - encrypt a hash, and transmit the encrypted hash as at least a portion of the at least the portion of the authentication information.
  - 18. The endpoint of claim 16, wherein the logic encoded in media is further operable to:
    - received digitally signed information from the proxy function module, and authenticate the digitally signed information.
  - 19. The endpoint of claim 16, wherein the logic encoded in media in the generation of the authentication information is further operable to:
    - generate a private key; and
      
      generate a public key, the public key complementary to the private key.

20. A proxy function module for establishing a digital certificate on an endpoint, the proxy function module comprising:
- an interface operable to establish a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority;
  
  a processor operable to;
  
  receive at least a portion of authentication information at the proxy function module, the at least the portion of authentication information generated at the endpoint;
  
  package the at least the portion of authentication information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receive the digital certificate at the proxy function module; and
  
  transmit the digital certificate to the endpoint.
- View Dependent Claims (21, 22)
- - 21. The proxy function module of claim 20, wherein the processor is further operable to transmit the digital certificates to the endpoint by:
    - verifying information on the digital certificate; and
      
      transmitting the digital certificate to the endpoint only if the information is verified.
  - 22. The proxy function module of claim 20, wherein the processor is further operable to:
    - transmit a hash to the endpoint prior to receiving at least the portion of authentication information, wherein the processor in receipt of at least the portion of authentication information is further operable to;
      
      receive a public key generated by the endpoint; and
      
      receive an encrypted hash, encrypted by a private key generated by the endpoint.

23. Logic embodied in media such that when executed is operable to:
- establish a connection between the endpoint and the proxy function module, wherein the proxy function module is remotely located from the endpoint; and
  
  the proxy function module is operable to communicate with the endpoint and a certificate authority;
  
  receive at least a portion of authentication information at the proxy function module, the at least the portion of authentication information generated at the endpoint;
  
  package the at least the portion of authentication information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the request and issuing a digital certificate;
  
  receive the digital certificate at the proxy function module; and
  
  transmit the digital certificate to the endpoint.
- View Dependent Claims (24, 25)
- - 24. The logic of claim 23, wherein the logic encoded in media in the transmittal of the digital certificates to the endpoint is further operable to:
    - verify information on the digital certificate; and
      
      transmit the digital certificate to the endpoint only if the information is verified.
  - 25. The logic of claim 23, wherein the logic encoded in media is further operable to:
    - transmit a hash to the endpoint prior to receipt of at least the portion of authentication information, wherein the executed computer code in the receipt of the at least the portion of authentication information is further operable to;
      
      receive a public key generated by the endpoint; and
      
      receive an encrypted hash, encrypted by a private key generated by the endpoint.

26. A proxy function for establishing a digital certificate on an endpoint, the proxy function comprising:
- means for establishing a connection between the endpoint and the proxy function, wherein the proxy function is remotely located from the endpoint; and
  
  the proxy function is operable to communicate with the endpoint and a certificate authority;
  
  means for receiving at least a portion of authentication information at the proxy function, the at least the portion of authentication information generated at the endpoint;
  
  means for packaging the at least the portion of authentication information in a certificate request;
  
  means for transmitting the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  means for receiving the digital certificate at the proxy function; and
  
  means for transmitting the digital certificate to the endpoint.

27. A method of establishing a digital certificate on an endpoint, the method comprising:
- establishing a connection with a proxy function module, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority;
  
  generating a private key at the endpoint;
  
  generating a public key at the endpoint, the public key complementary to the private key;
  
  receiving a hash at the endpoint from the proxy function module;
  
  encrypting the hash with the public key;
  
  transmitting the encrypted hash and the public key to the proxy function module, the proxy function module obtaining a digital certificate from a certificate authority based on the encrypted hash and the public key; and
  
  receiving the digital certificate at the endpoint from the proxy function module. receiving a hash at the endpoint from the proxy function module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bell, Robert T., Dexter, Douglas Q.

Granted Patent

US 8,943,310 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

System and method for obtaining a digital certificate for an endpoint

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

110 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for obtaining a digital certificate for an endpoint

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links