Relying party trust anchor based public key technology framework

US 20060282670A1
Filed: 06/08/2005
Published: 12/14/2006
Est. Priority Date: 06/08/2005
Status: Active Grant

First Claim

Patent Images

1. A public key (PK) framework having a relying party user authentication system for allowing a relying party to authenticate a user, wherein the PK framework places user credentials under the control of the relying party, and wherein the relying party user authentication system includes:

a storage system for storing certificates received from users in a user credentials data repository, wherein the certificates are issued by a plurality of different certificate authorities;

a management system for managing records in the user credentials data repository associated with users; and

a validation system that allows the relying party to retrieve certificates from the user credentials data repository in order to authenticate users.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A public key (PK) framework for allowing a relying party to act as a trust anchor to authenticate a subscriber. The framework provides a directory system under the control of the relying party, wherein the directory system includes: a storage system for storing certificates received from subscribers in a database, wherein the certificates are issued by a plurality of different certificate authorities; a management system for managing records in the database associated with subscribers; and a validation system that allows the relying party to retrieve certificates from the database in order to authenticate subscribers.

Citations

20 Claims

1. A public key (PK) framework having a relying party user authentication system for allowing a relying party to authenticate a user, wherein the PK framework places user credentials under the control of the relying party, and wherein the relying party user authentication system includes:
- a storage system for storing certificates received from users in a user credentials data repository, wherein the certificates are issued by a plurality of different certificate authorities;
  
  a management system for managing records in the user credentials data repository associated with users; and
  
  a validation system that allows the relying party to retrieve certificates from the user credentials data repository in order to authenticate users.
- View Dependent Claims (2, 3, 4)
- - 2. The PK framework of claim 1, wherein the certificates stored in the user credentials data repository include self-signed certificates.
  - 3. The PK framework of claim 1, wherein the certificates received from users are received via a secure channel.
  - 4. The PK framework of claim 1, wherein the users subscribe to a service provided by the relying party.

5. A relying party authentication server that authenticates users using public key infrastructure (PKI) credentials, wherein the relying party authentication server includes a plurality of trust anchors for authenticating the users, and wherein the trust anchors include:
- a key store containing trusted certificate authority certificates;
  
  a directory of registered certificates; and
  
  a custom web services user credentials verification application.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The relying party authentication server of claim 5, wherein the relying party authentication server further includes a selection mechanism for selecting at least one trust anchor from the plurality of trust anchors to authenticate the user.
  - 7. The relying party authentication server of claim 5, wherein the directory of registered certificates is linked to a user credentials data repository implemented using an access protocol selected from the group consisting of:
    - JDBC (Java DataBase Connectivity), ODBC (Open DataBase Connectivity), SQL (Structured Query Language), and an LDAP (Lightweight Directory Access Protocol) Directory.
  - 8. The relying party authentication server of claim 5, further comprising:
    - a user credentials data repository for storing certificates received from users, wherein the certificates are issued by a plurality of different certificate authorities;
      
      a management system for managing records in the user credentials data repository associated with users; and
      
      a validation system that allows the relying party to retrieve certificates from the user credentials data repository in order to authenticate users.
  - 9. The relying party authentication server of claim 5, wherein the users subscribe to a service provided by the relying party.

10. A method for allowing a relying party to authenticate a user within a public key (PK) framework in which the user credentials are under the control of the relying party, comprising:
- providing a user credentials data repository that is under the control of a relying party;
  
  storing certificates received from users in the user credentials data repository, wherein the certificates are issued by a plurality of different certificate authorities;
  
  receiving a request at the relying party to authenticate a user; and
  
  retrieving a certificate from the user credentials data repository in order to authenticate the user.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, comprising the further step of allowing the relying party to manage records in the user credentials data repository associated with users.
  - 12. The method of claim 10, wherein the certificates stored in the user credentials data repository include self-signed certificates.
  - 13. The method of claim 10, wherein the certificates received from users are received via a secure channel.
  - 14. The method of claim 10, wherein the users subscribe to a service provided by the relying party.

15. A method for authenticating users using public key infrastructure (PKI) credentials, comprising the steps of:
- receiving a request to authenticate a user at a relying party authentication server; and
  
  selecting at least one trust anchor from a plurality of trust anchors to authenticate the user, wherein the plurality of trust anchors for authenticating the subscriber include;
  
  a key store containing trusted certificate authority certificates;
  
  a directory of registered certificates; and
  
  a custom web services user credentials verification application.
- View Dependent Claims (16, 17, 18, 20)
- - 16. The method of claim 15, wherein the directory of registered certificates comprises an LDAP Directory.
  - 17. The method of claim 15, wherein the directory of registered certificates comprises a database using an access protocol selected from the group consisting of:
    - JDBC (Java DataBase Connectivity), ODBC (Open DataBase Connectivity), and SQL (Structured Query Language).
  - 18. The method of claim 17, wherein the users subscribe to a service provided by the relying party.
  - 20. The method of claim 15, wherein the relying party user authentication application is further operable to:
    - receive a request to authenticate a user; and
      
      select at least one trust anchor from a plurality of trust anchors to authenticate the user, wherein the plurality of trust anchors for authenticating the user includes;
      
      a key store containing trusted certificate authority certificates;
      
      a directory of registered certificates; and
      
      a custom web services user credentials verification application.

19. A method for deploying a relying party user authentication application in which user credentials are under the control of a relying party, comprising:
- providing a computer infrastructure being operable to;
  
  store certificates received from users in a user credentials data repository that is under the control of the relying party, wherein the certificates are issued by a plurality of different certificate authorities;
  
  manage records in the user credentials data repository associated with the relying party; and
  
  allow the relying party to retrieve certificates from the user credentials data repository in order to authenticate users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Karchov, David

Granted Patent

US 7,844,816 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/3268   using certificate validatio...

Relying party trust anchor based public key technology framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Relying party trust anchor based public key technology framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links