Chain of Trust Processing
First Claim
1. A method of automatically obtaining a second certificate for a user in a Public Key Infrastructure (PKI) enterprise using a first certificate, the method comprising:
- accessing a server platform using a user'"'"'s server and the first certificate of the user to create a connection that authenticates both the user'"'"'s server identity via a server certificate of the user server and the user'"'"'s identity via the user'"'"'s first certificate;
tracking a pedigree of the user'"'"'s first certificate;
accessing a registration web page having a level of security that is commensurate with the pedigree of the user'"'"'s first certificate;
creating a secure data channel between the server platform and the user server;
forwarding a request for the second certificate from the user server to the server platform;
and generating at the server platform the second certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for automatically obtaining a second certificate for a user using a first certificate includes accessing a server platform using a user'"'"'s server and the first certificate of the user to create a connection that authenticates both the user'"'"'s server identity via a server certificate of the user server and the user'"'"'s identity via the user'"'"'s first certificate. A secure data channel is then created between the server platform and the user platform. A request for the second certificate is forwarded by the user from the user server to the server platform and the sever platform then generates the second certificate. The first certificate may be a signature certificate and the second certificate may be an encryption certificate.
-
Citations
25 Claims
-
1. A method of automatically obtaining a second certificate for a user in a Public Key Infrastructure (PKI) enterprise using a first certificate, the method comprising:
-
accessing a server platform using a user'"'"'s server and the first certificate of the user to create a connection that authenticates both the user'"'"'s server identity via a server certificate of the user server and the user'"'"'s identity via the user'"'"'s first certificate;
tracking a pedigree of the user'"'"'s first certificate;
accessing a registration web page having a level of security that is commensurate with the pedigree of the user'"'"'s first certificate;
creating a secure data channel between the server platform and the user server;
forwarding a request for the second certificate from the user server to the server platform;
and generating at the server platform the second certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for automatically obtaining a replacement certificate for a user in a Public Key Infrastructure (PKI) enterprise using a signature certificate the apparatus comprising:
-
a user server and a registration server, the user server accessing the registration server using the signature certificate of the user to create a connection that authenticates both the user'"'"'s server identity via a server certificate of the user server and the user'"'"'s identity via the user'"'"'s signature certificate;
a secure data channel, the secure data channel being disposed between the registration server and the user server, the user server forwarding a request for the replacement certificate to the registration server through the secure data channel;
a first authority, the registration server determining that the user is entitled to the replacement certificate and, upon said determination, revoking a certificate which the replacement certificate is replacing and forwarding a request to the first authority sending the private/public key pair associated with the replacement certificate, the first authority sending the private key to the user via the secure data channel;
a second authority, the first authority sending the public key to the second authority to be signed; and
a directory, the second authority forwarding the replacement certificate to the directory. - View Dependent Claims (13, 14, 15, 16)
-
-
17. An apparatus for automatically obtaining a second certificate for a user in a Public Key Infrastructure (PKI) enterprise using a signature certificate, the apparatus comprising:
-
a user server and a server platform, the user server accessing the server platform using the signature certificate of the user to create a connection that authenticates both the user'"'"'s server identity via a server certificate of the user server and the user'"'"'s identity via the user'"'"'s signature certificate;
a secure data channel, the secure data channel being disposed between the server platform and the user server and being encrypted using the signature certificate;
the user server forwarding a request for the second certificate to the server platform; and
the server platform generating the second certificate. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
Specification