MULTI-FACTOR CERTIFICATE AUTHORITY

US 20130339740A1
Filed: 03/08/2012
Published: 12/19/2013
Est. Priority Date: 03/08/2012
Status: Abandoned Application

First Claim

Patent Images

1. A computer readable medium having a plurality of instructions configured to enable a certificate authority server of a certificate authority, in response to execution of the instructions by a processor of the certificate authority server, to:

receive a certificate request to provide a multi-factor digital security certificate, wherein the certificate request includes a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device;

digitally sign the certificate request, and associate the cryptographic key with the plurality of factors to generate the digital security certificate, wherein the co-existence of the plurality of factors and the cryptographic key in the digital security certificate implicitly binds the plurality of factors to each other, and to the cryptographic key; and

issue the digital security certificate to respond to the certificate request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein is a certificate authority server configured to provide multi-factor digital certificates. A processor readable medium may include a plurality of instructions configured to enable a certificate authority server of a certificate authority, in response to execution of the instructions by a processor, to receive a request to provide a multi-factor digital security certificate by digitally signing a certificate request having a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device. The instructions are also configured to enable the certificate authority server to associate the cryptographic key with the plurality of factors and issue the digital security certificate based on the certificate request. Also disclosed is a method of using a multi-factor digital certificate as part of the authorization process to implicitly bind the plurality of factors. Other embodiments may be described and claimed.

31 Citations

View as Search Results

22 Claims

1. A computer readable medium having a plurality of instructions configured to enable a certificate authority server of a certificate authority, in response to execution of the instructions by a processor of the certificate authority server, to:
- receive a certificate request to provide a multi-factor digital security certificate, wherein the certificate request includes a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device;
  
  digitally sign the certificate request, and associate the cryptographic key with the plurality of factors to generate the digital security certificate, wherein the co-existence of the plurality of factors and the cryptographic key in the digital security certificate implicitly binds the plurality of factors to each other, and to the cryptographic key; and
  
  issue the digital security certificate to respond to the certificate request.
- View Dependent Claims (2, 3, 4, 5, 7)
- - 2. The computer readable medium of claim 1, wherein the plurality of factors further comprise a third factor that is an identifier of another user to be associated with the device through the digital security certificate.
  - 3. The computer readable medium of claim 1, wherein the plurality of factors further comprise a third factor that is an identifier of another device to be associated with the user through the digital security certificate.
  - 4. The computer readable medium of claim 1, wherein the identifier of the user includes a user name and a password.
  - 5. The computer readable medium of claim 1, wherein the user identifier is an email address.
  - 7. The computer readable medium of claim 1, wherein the plurality of instructions configured to enable the certificate authority server to issue the digital security certificate further includes instructions to enable the certificate authority server to transmit the digital security certificate to the device, to enable the digital security certificate to be saved and used by the device.

8. A method, comprising:
- receiving, by a certificate authority server, a certificate request to provide a multi-factor digital security certificate, wherein the certificate request includes a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device;
  
  digitally signing the certificate request, by the certificate authority server, and associating the cryptographic key with the plurality of factors to generate the digital security certificate, wherein the co-existence of the plurality of factors and the cryptographic key in the digital security certificate implicitly binds the plurality of factors to each other, and to the cryptographic key; and
  
  issuing, by the certificate authority server, the digital security certificate to respond to the certificate request.
- View Dependent Claims (9, 10, 11)
- - 9. The method claim 8, wherein issuing the digital security certificate includes digitally signing the digital security certificate with a digital signature of a certificate authority, the digital signature being based on a cryptographic key of the certificate authority.
  - 10. The method of claim 9, wherein the device is one of a laptop, a netbook, a mobile telephone, a desktop computer, a smart phone, and a personal digital assistant.
  - 11. The method of claim 8, wherein the plurality of factors further include a third factor that is an identifier of another user.

12. An apparatus, comprising:
- a network interface; and
  
  a processor communicatively coupled to the network interface, the processor configured to;
  
  receive a certificate request to provide a multi-factor digital security certificate, wherein the certificate request includes a plurality of factors and a cryptographic key, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device;
  
  digitally sign the certificate request, and associate the cryptographic key with the plurality of factors to generate the digital security certificate, wherein the co-existence of the plurality of factors and the cryptographic key in the digital security certificate implicitly binds the plurality of factors to each other, and to the cryptographic key; and
  
  issue the digital security certificate to respond to the certificate request.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, wherein the plurality of factors further includes a third factor that is an identifier of another user, and the processor is further configured to associate the identifiers of the users with the device.

14. A computer readable medium having a plurality of instructions configured to enable a server, in response to execution of the instructions by a processor of the server, to:
- receive a multi-factor digital security certificate, wherein the multi-factor digital security certificate includes a plurality of factors, a cryptographic key, and a signature of a certificate authority, wherein a first of the plurality of factors is an identifier of a device and a second of the plurality of factors is an identifier of a user of the device;
  
  authenticate the multi-factor digital security certificate, wherein the co-existence of the plurality of factors and the cryptographic key in the digital security certificate implicitly binds the plurality of factors to each other, and to the cryptographic key; and
  
  establish a connection with the device based on the cryptographic key.
- View Dependent Claims (6, 15, 16, 17)
- - 6. The computer readable medium of claim 15, wherein the plurality of instructions configured to enable the certificate authority server to issue the digital security certificate further includes instructions to enable the certificate authority server to digitally sign the certificate request to generate the digital security certificate, with a digital signature of the certificate authority, the digital signature being based on a cryptographic key of the certificate authority.
  - 15. The computer readable medium of claim 14, wherein authenticate includes verify that an identifier of the certificate authority exists in a trusted list of certificate authorities accessible by the server.
  - 16. The computer readable medium of claim 14, wherein authenticate includes verify that the device possesses a private key corresponding to the cryptographic key, wherein the cryptographic key is a public key.
  - 17. The computer readable medium of claim 14, wherein the server is gateway server configured to control access to a content server.

18. A computer readable medium having a plurality of instructions configured to enable an electronic device, in response to execution of the instructions by a processor of the electronic device, to:
- authorize use of a multi-factor digital security certificate by a user, wherein the multi-factor digital security certificate includes a plurality of factors, a cryptographic key, and a signature of a certificate authority, wherein a first of the plurality of factors is an identifier of the electronic device and a second of the plurality of factors is an identifier of the user of the electronic device; and
  
  transmit the multi-factor digital security certificate to a server to establish a secure connection between the electronic device and the server.
- View Dependent Claims (19, 20, 21)
- - 19. The computer readable medium of claim 18, where the instructions are configured to enable the electronic device to transmit the multi-factor digital security certificate if use of the multi-factor digital security certificate is authorized by the electronic device.
  - 20. The computer readable medium of claim 18, wherein authorize includes verify that the second of the plurality of factors matches an access control to the electronic device.
  - 21. The computer readable medium of claim 18, wherein the electronic device is one of a smart phone, a personal computer, a computing tablet, a personal digital assistant, a netbook, a laptop, and a gaming console.

22-25. -25. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Ben-Shalom, Omer, Nayshtut, Alex

Application Number

US13/994,884
Publication Number

US 20130339740A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/205   involving negotiation or de...

H04L 9/3268   using certificate validatio...

MULTI-FACTOR CERTIFICATE AUTHORITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-FACTOR CERTIFICATE AUTHORITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links