IDENTITY-BASED CERTIFICATE MANAGEMENT
First Claim
Patent Images
1. A method for validating a digital certificate issued to a client system and associated with a specific client identity, the method comprising:
- receiving the digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period identifier, the user identifier corresponding to the specific client identity;
generating a first query to a directory service having a plurality of entries each associated with different client identities, the first query including a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity;
receiving the directory validity time value returned by the first query; and
validating the digital certificate in response to a first evaluation of the certificate validity period identifier against the received directory validity time value.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.
-
Citations
23 Claims
-
1. A method for validating a digital certificate issued to a client system and associated with a specific client identity, the method comprising:
-
receiving the digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period identifier, the user identifier corresponding to the specific client identity; generating a first query to a directory service having a plurality of entries each associated with different client identities, the first query including a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity; receiving the directory validity time value returned by the first query; and validating the digital certificate in response to a first evaluation of the certificate validity period identifier against the received directory validity time value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for issuing a digital certificate to a client system, the digital certificate being associated with a client identity, the method comprising:
-
receiving a certificate issuance request from the client system; generating a first query to a directory service for a first entry associated with the client identity in response to the certificate issuance request, the first entry having an attribute including an issuance count value; generating the digital certificate in response to a comparison of the issuance count value being less than a predefined issuance limit value; and issuing the digital certificate to the client system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for revoking digital certificates associated with a client identity, the method comprising:
-
receiving a revocation request for a one of the digital certificates associated with the client identity, the revocation request including a validity time stamp; setting a directory validity time value in a first entry of a directory service to the validity time stamp; and incrementing an issuance count value in the first entry, the issuance count value being representative of a number of digital certificates issued to the client identity; wherein the digital certificates include a user identifier corresponding to the client identity and a certificate validity period identifier, the directory validity time value being subsequent to the certificate validity period identifier of the one of the digital certificates. - View Dependent Claims (20, 21, 22, 23)
-
Specification