Binding a digital certificate to multiple trust domains

US 20090210703A1
Filed: 01/16/2009
Published: 08/20/2009
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. A public key infrastructure comprising a participant that issues a digital certificate, wherein the digital certificate can be relied upon in at least two different trust domains, wherein:

said public key infrastructure does not employ policy mapping between or among the trust domains; and

said public key infrastructure does not link any pair of trust domains via cross-certificates.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.

128 Citations

View as Search Results

13 Claims

1. A public key infrastructure comprising a participant that issues a digital certificate, wherein the digital certificate can be relied upon in at least two different trust domains, wherein:
- said public key infrastructure does not employ policy mapping between or among the trust domains; and
  
  said public key infrastructure does not link any pair of trust domains via cross-certificates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The public key infrastructure of claim 1 wherein at least one trust domain is a closed contractual domain.
  - 3. The public key infrastructure of claim 1 wherein at least one trust domain is an open trust domain.
  - 4. The public key infrastructure of claim 3 wherein the digital certificate is qualified under the law of a European country that complies with the European Digital Signature Directive.
  - 5. The public key infrastructure of claim 1 wherein just one trust domain is bound to the digital certificate at any given moment.
  - 6. The public key infrastructure of claim 1 wherein the digital certificate is relied upon by a relying party;
    - andthe current trust domain that is to be bound to the digital certificate is elected by the relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.
  - 7. The public key infrastructure of claim 6 wherein the certificate validation methodology is a methodology from the group of methodologies consisting of:
    - a signed validation request made via an Online Certificate Status Protocol; and
      
      making reference to a publicly posted Certificate Revocation List issued by the participant.
  - 8. The public key infrastructure of claim 1 wherein different trust domains have different rules governing liability, recourse, and dispute resolution.
  - 9. The public key infrastructure of claim 1 wherein each trust domain comprises a policy that is uniquely identified by an Object Identifier.
  - 10. The public key infrastructure of claim 9 wherein each Object Identifier comprises at least one of:
    - a customer agreement;
      
      documents incorporated by reference in a customer agreement;
      
      public law under which a policy is enforced;
      
      a Certificate Policy;
      
      a Certification Practices Statement;
      
      public law under which digital signatures are locally enforceable and digital certificates are locally valid.
  - 11. The public key infrastructure of claim 1 wherein a first trust domain is trust anchored by a root digital certificate issued to the participant, and a second trust domain is trust anchored by a digital certificate self-signed by a certificate authority of the participant.
  - 12. The public key infrastructure of claim 1 wherein a first trust domain is trust anchored by a first digital certificate that is issued to the participant by a first root certificate authority, and a second trust domain is trust anchored by a second digital certificate that is issued to the participant by a second root certification authority.
  - 13. The public key infrastructure of claim 1 wherein a first trust domain is trust anchored by a first digital certificate issued to the participant by a first root certificate authority, and a second trust domain is trust anchored by a second digital certificate that is coupled to the participant by a bridge certification authority digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IdenTrust, Inc. (Assa Abloy AB)
Original Assignee
IdenTrust, Inc. (Assa Abloy AB)
Inventors
Epstein, William C., Miller, Lawrence R.

Granted Patent

US 8,793,487 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/02   involving a neutral party, ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 9/006   involving public key infras...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3265   using certificate chains, t...

Binding a digital certificate to multiple trust domains

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

128 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Binding a digital certificate to multiple trust domains

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links