CERTIFICATE DISTRIBUTION USING SECURE HANDSHAKE

US 20090327708A1
Filed: 05/09/2008
Published: 12/31/2009
Est. Priority Date: 05/09/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for certificate distribution, the computer implemented method comprising:

sending an indication in a request, the request being a part of a secure data communication with a directory, the indication indicating an ability to accept a certificate as a part of a response;

receiving, responsive to the indication, a new certificate in the response corresponding to the request;

separating the new certificate from the response; and

using the new certificate in the secure data communication.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer usable program product for certificate distribution using a secure handshake are provided in the illustrative embodiments. A client sends an indication in a request, the request being a part of a secure data communication with a server. The indication indicates an ability of the client to accept a certificate as a part of a response from the server. The server retrieves a new certificate. The server sends as a result of the indication, a new certificate in the response corresponding to the request. The client receives as a result of the indication, the new certificate in a response that corresponds to the request. The client separates the new certificate from the response and uses the new certificate in the secure data communication with the server. The server uses the new certificate in the secure data communication with the client.

Citations

20 Claims

1. A computer implemented method for certificate distribution, the computer implemented method comprising:
- sending an indication in a request, the request being a part of a secure data communication with a directory, the indication indicating an ability to accept a certificate as a part of a response;
  
  receiving, responsive to the indication, a new certificate in the response corresponding to the request;
  
  separating the new certificate from the response; and
  
  using the new certificate in the secure data communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer implemented method of claim 1, further comprising:
    - storing the new certificate in a certificate repository.
  - 3. The computer implemented method of claim 1, wherein the indication is a control in an LDAP request.
  - 4. The computer implemented method of claim 3, wherein the LDAP request is a bind operation with a directory.
  - 5. The computer implemented method of claim 1, wherein sending the indication in the request is executing an operation, and the response is a result of executing the operation, the result including the new certificate.
  - 6. The computer implemented method of claim 5, wherein the operation is an extended operation in a directory, and the result is a special response resulting from the extended operation.
  - 7. The computer implemented method of claim 1, wherein sending the indication in the request is responsive to determining that an old certificate is one of (i) expired, (ii) expiring within a predetermined period, (iii) revoked, and (iv) flagged for revocation.
  - 8. The computer implemented method of claim 1, wherein the request is a part of one of (i) a secure handshake and (ii) a bind operation.

9. A computer implemented method for certificate distribution, the computer implemented method comprising:
- receiving, at a directory, an indication in a request, the request being a part of a secure data communication, the indication indicating an ability to accept a certificate as a part of a response;
  
  retrieving a new certificate;
  
  sending, responsive to the indication, the new certificate in the response corresponding to the request; and
  
  using the new certificate in the secure data communication.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer implemented method of claim 9, wherein retrieving the new certificate is one of (i) obtaining the new certificate from a certificate authority, (ii) generating the new certificate, and (iii) retrieving the new certificate from a certificate repository.
  - 11. The computer implemented method of claim 9, wherein receiving the indication in the request is one of (i) receiving a parameter in the request, (ii) receiving a control in an LDAP request, (iii) receiving a control in a bind operation, and (iv) receiving a command to execute an extended operation in a directory.
  - 12. The computer implemented method of claim 9, wherein the indication indicates that an old certificate is one of (i) expired, (ii) expiring within a predetermined period, (iii) revoked, and (iv) flagged for revocation.
  - 13. The computer implemented method of claim 9, wherein the request is a part of one of (i) a secure handshake and (ii) a bind operation.

14. A computer usable program product comprising a computer usable medium including computer usable code for certificate distribution, the computer usable code comprising:
- computer usable code for sending an indication in a request, the request being a part of a secure handshake in a secure data communication, the indication indicating an ability to accept a certificate as a part of a response;
  
  computer usable code for receiving, responsive to the indication, a new certificate in the response corresponding to the request;
  
  computer usable code for separating the new certificate from the response; and
  
  computer usable code for using the new certificate in the secure data communication.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer usable program product of claim 14, wherein the indication is one of (i) a parameter in the request, (ii) a control in an LDAP request and (ii) a control in a bind operation.
  - 16. The computer usable program product of claim 14, wherein the computer usable code for sending the indication in the request is one of (i) computer usable code for sending a command to execute an operation, the operation resulting in the response, and (ii) computer usable code for sending a command to execute an extended operation in a directory, the extended operation resulting in the response.
  - 17. The computer usable program product of claim 14, wherein the computer usable code for sending the indication in the request is responsive to executing computer usable code for determining that an old certificate is one of (i) expired, (ii) expiring within a predetermined period, (iii) revoked, and (iv) flagged for revocation.
  - 18. The computer usable program product of claim 14, wherein the request is a part of one of (i) a secure handshake and (ii) a bind operation.

19. A data processing system for certificate distribution, the data processing system comprising:
- a storage device, wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises;
  
  computer usable code for sending an indication in a request, the request being a part of a secure handshake in a secure data communication, the indication indicating an ability to accept a certificate as a part of a response;
  
  computer usable code for receiving, responsive to the indication, a new certificate in the response corresponding to the request;
  
  computer usable code for separating the new certificate from the response; and
  
  computer usable code for using the new certificate in the secure data communication.

20. The data processing system of claim 20, wherein the indication is one of (i) a parameter in the request, (ii) a control in an LDAP request, and (ii) a control in a bind operation, wherein the computer usable code for sending the indication in the request is one of (i) computer usable code for sending a command to execute an operation, the operation resulting in the response, and (ii) computer usable code for sending a command to execute an extended operation in a directory, the extended operation resulting in the response, and wherein the computer usable code for sending the indication in the request is responsive to executing computer usable code for determining that an old certificate is one of (i) expired, (ii) expiring within a predetermined period, (iii) revoked, and (iv) flagged for revocation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Fitterer, Annemarie Rose, Hazlewood, Kristin Marie

Granted Patent

US 8,862,874 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

CERTIFICATE DISTRIBUTION USING SECURE HANDSHAKE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CERTIFICATE DISTRIBUTION USING SECURE HANDSHAKE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links