Method and apparatus for creating communities of trust in a secure communication system

US 6,134,327 A
Filed: 10/24/1997
Issued: 10/17/2000
Est. Priority Date: 10/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computing device comprising:

a processing unit; and

memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to;

(a) obtain an arbitrary list of trusted public key certificates;

(b) determine whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community; and

(c) add trusted public key certificates of the arbitrary list to a trusted public key list when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for creating communities of trust within a secure communications system is accomplished by allowing end-users to obtain arbitrary lists of trusted public keys from other end-users and from associated authorities. Once an arbitrary list has been obtained by an end-user, the end-user determines whether it was obtained in a manner consistent with a security policy of the secured community. The security policy may enable an end-user to receive trusted public keys from other end-users, from associated authorities only, to receive public keys of associated authorities, other end users, or any combination thereof. When the arbitrary lists of trusted keys are obtained in a manner consistent with the security policy, the end-user adds keys of the arbitrary lists to a trusted key list. When a security-related operation is to be performed (e.g., verifying a signature of a received message or retrieving the encryption public key of a recipient for an outgoing message), any of the trusted keys contained within the trusted list may be used for authentication purposes.

138 Citations

16 Claims

1. A computing device comprising:
- a processing unit; and
  
  memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to;
  
  (a) obtain an arbitrary list of trusted public key certificates;
  
  (b) determine whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community; and
  
  (c) add trusted public key certificates of the arbitrary list to a trusted public key list when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to:
    - obtain the arbitrary list which includes at least one public key certificate of at least one of an associated authority and an end-user.
  - 3. The computing device of claim 2 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to obtain the public key certificate from another end-user.
  - 4. The computing device of claim 2 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to obtain the public key certificate from an associated authority.
  - 5. The computing device of claim 2 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to maintain a record indicating whether a certificate contained in the trusted public key list was obtained by importing an end-user certificate from the another end-user, importing the end-user certificate from an associated authority, importing an associated authority public key certificate from the another end-user, or importing the associated authority public key certificate from the associated authority.
  - 6. The computing device of claim 1 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to:
    - receive a request to perform a security related operation;
      
      determine whether an associated public key certificate of the security related operation is verified as authentic; and
      
      perform the security related operation using a subject public key of the associated public key certificate when the associated public key certificate is authentic.
  - 7. The computing device of claim 6 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to:
    - determine whether the associated public key certificate substantially matches a public key certificate stored in the trusted public key list;
      
      flag the associated public key certificate as being verified when the associated public key certificate substantially matches a public key certificate stored in the trusted public key list.
  - 8. The computing device of claim 6 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to determine that the manner of obtaining is consistent with the security policy when the arbitrary list is received via at least one of:
    - importing the arbitrary list from another end-user, importing the arbitrary list from an associated authority, importing a certificate of an end-user from another end-user, importing a certificate of an associated authority from the another end-user, importing the certificate of the associated authority from the associated authority, and importing the certificate of the end-user from the associated authority.

9. A digital storage medium that stores programming instructions that, when read by a processing unit, causes the processing unit to create communities of trust, the digital storage medium comprises:
- first means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain an arbitrary list of trusted public key certificates;
  
  second means for storing programming instructions that, when read by the processing unit, causes the processing unit to determine whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community; and
  
  third means for storing programming instructions that, when read by the processing unit, causes the processing unit to add trusted public key certificates of the arbitrary list to a trusted public key list when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The digital storage medium of claim 9 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - obtain the arbitrary list which includes at least one public key certificate of at least one of an associated authority and an end-user.
  - 11. The digital storage medium of claim 10 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain the at least one public key certificate from another end-user.
  - 12. The digital storage medium of claim 10 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain the at least one public key certificate from an associated authority.
  - 13. The digital storage medium of claim 10 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to provide feedback as to maintain a record indicating whether a certificate contained in the trusted public key list was obtained by importing an end-user certificate from the another end-user, importing the end-user certificate from an associated authority, importing an associated authority public key certificate from the another end-user, or importing the associated authority public key certificate from the associated authority.
  - 14. The digital storage medium of claim 9 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - receive a request to perform a security related operation;
      
      determine whether an associated public key certificate of the security related operation is verified as authentic; and
      
      perform the security related operation using a subject public key of the associated public key certificate when the associated public key certificate is authentic.
  - 15. The digital storage medium of claim 14 further comprises programming instructions that, when read by the processing unit, causes the processing unit to:
    - determine whether the associated public key certificate substantially matches a public key certificate stored in the trusted public key list;
      
      flag the associated public key certificate as being verified when the associated public key certificate substantially matches a public key certificate stored in the trusted public key list.
  - 16. The digital storage medium of claim 9 further comprises programming instructions that, when read by the processing unit, causes the processing unit to determine that the manner of obtaining is consistent with the security policy when the arbitrary list is received via at least one of:
    - importing the arbitrary list from another end-user, importing the arbitrary list from an associated authority, importing a certificate of an end-user from another end-user, importing a certificate of an associated authority from the another end-user, importing the certificate of the associated authority from the associated authority and importing the certificate of the end-user from the associated authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Van Oorschot, Paul C.
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
JACK, TODD M

Application Number

US08/957,612
Time in Patent Office

1,089 Days
Field of Search

380/49, 380/21, 380/45, 380/30, 340/825.31
US Class Current

380/30
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2117   User registration

G06F 2221/2145   Inheriting rights or proper...

H04L 2463/102   applying security measure f...

H04L 63/0272   Virtual private networks

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 9/3263   involving certificates, e.g...

Method and apparatus for creating communities of trust in a secure communication system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for creating communities of trust in a secure communication system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links