SYSTEM AND METHOD FOR STORING CLIENT-SIDE CERTIFICATE CREDENTIALS

US 20090240936A1
Filed: 03/20/2008
Published: 09/24/2009
Est. Priority Date: 03/20/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for storing a plurality of client certificate credentials via a client web browser into a keystore file, the method comprising:

establishing a secure data transfer link between a client and a server via the client web browser, the client web browser having a plug-in software component for generating the keystore file and a key pair during the process of establishing the secure data transfer link;

generating a certificate request on the client, the certificate request having a public key from the key pair generated by the plug-in software component;

transmitting the certificate request to a certificate server, the certificate server being configured to sign the certificate request;

receiving a signed certificate request on the client web browser; and

storing the plurality of client certificate credentials associated with the signed certificate request in the keystore file.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system is provided for storing a plurality of client certificate credentials via a client web browser into one or more keystore file(s). The client web browser is used to establish the secure data transfer link between the client and the server. The client web browser includes a plug-in software component. The plug-in software component is configured to generate the keystore file and a key pair. The method may continue with generating a certificate request on the client. The certificate request generated is then transmitted to a certificate server. The certificate server is configured to digitally sign the certificate request generated. The method continues with the client receiving a signed certificate request. The signed certificate request is received by the client via the client web browser. The method may conclude by storing the plurality of client certificate credentials associated with the signed certificate request in one or more keystore file(s).

Citations

19 Claims

1. A method for storing a plurality of client certificate credentials via a client web browser into a keystore file, the method comprising:
- establishing a secure data transfer link between a client and a server via the client web browser, the client web browser having a plug-in software component for generating the keystore file and a key pair during the process of establishing the secure data transfer link;
  
  generating a certificate request on the client, the certificate request having a public key from the key pair generated by the plug-in software component;
  
  transmitting the certificate request to a certificate server, the certificate server being configured to sign the certificate request;
  
  receiving a signed certificate request on the client web browser; and
  
  storing the plurality of client certificate credentials associated with the signed certificate request in the keystore file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the plurality of client certificate credentials include a digital certificate, a private key, a public key, a certificate chain, and a plurality of client identifying information.
  - 3. The method of claim 1, wherein establishing the secure data transfer link between the client and the server requires a user to provide the server with client identifying information via the client web browser to successfully complete a multi-factor authentication process with the server.
  - 4. The method of claim 1, wherein the plug-in software component is a browser-executable code transmitted to the client web browser from the server.
  - 5. The method of claim 1, wherein the server is a Secure Sockets Layer (SSL) Virtual Private Network (VPN).
  - 6. The method of claim 1, wherein the server hosts a server software application in communication with the client.
  - 7. The method of claim 6, wherein the server software application is configured to receive or transmit the certificate request or the signed certificate request.
  - 8. The method of claim 1, wherein the plug-in software component is configured to generate a plurality of keystore files.
  - 9. The method of claim 1, wherein the certificate server is a certificate authority remote from the client and the server.
  - 10. The method of claim 8, wherein the plug-in software component is configured to selectively store the plurality of client certificate credentials associated with the signed certificate request in the plurality of keystore files.
  - 11. The method of claim 1, wherein the keystore file is selected from the group consisting of:
    - Microsoft crypto API keystore, Java keystore, Apple keystore and NSS keystore.
  - 12. The method of claim 1, wherein the plug-in software component is configured to identify the client web browser and store the plurality of client certificate credentials in the keystore files associated with the client web browser'"'"'s coded libraries.
  - 13. The method of claim 1, wherein the keystore file and the key pair are generated in response to the client establishing a valid identity and connection with the server prior to completing the secure data transfer link.

14. A system for storing a plurality of client certificate credentials, the system comprising:
- a client web browser on a client for establishing a secure data transfer link between the client and a server;
  
  a plurality of keystore files, the plurality of keystore files being generated by the client web browser;
  
  a certificate server for receiving a certificate request generated by the client, the certificate server being configured to sign the certificate request; and
  
  a plug-in software component to be processed by the client web browser for generating a key pair, the plug-in software component being configured to selectively store the plurality of client certificate credentials in at least one keystore file from the plurality of keystore files.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the plurality of client certificate credentials include a digital certificate, a client private key, a client public key, a certificate chain, and a plurality of client identifying information.
  - 16. The system of claim 14, wherein establishing the secure data transfer link requires the client to successfully complete a multi-factor authentication process with the server.
  - 17. The system of claim 14, wherein the certificate server is a certificate authority remote from the client and the server.
  - 18. The system of claim 14, wherein the client web browser generates a digital certificate in response to receiving a signed certificate request.
  - 19. The system of claim 14, wherein the plug-in software component is a browser-executable code transmitted to the client web browser from the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecureAuth Incorporated
Original Assignee
SecureAuth Incorporated
Inventors
LAMBIASE, MARK, Moore, Stephen, Grajek, Garret

Application Number

US12/052,630
Publication Number

US 20090240936A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 9/3263   involving certificates, e.g...

SYSTEM AND METHOD FOR STORING CLIENT-SIDE CERTIFICATE CREDENTIALS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR STORING CLIENT-SIDE CERTIFICATE CREDENTIALS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links