Multi-server location-independent authentication certificate management system

US 6,134,658 A
Filed: 06/09/1997
Issued: 10/17/2000
Est. Priority Date: 06/09/1997
Status: Expired due to Term

First Claim

Patent Images

1. An authentication certificate management apparatus comprising:

means, responsive to a user initiating a request for issuance of an authentication certificate, for automatically generating an authentication certificate request, which has a predetermined format and content including a plurality of fields of data, wherein the means for automatically generating an authentication certificate request includes;

means for prompting said user to input at least one set of data for entry into at least one of said plurality of fields of data,means for verifying form and format of said user input data,means for automatically generating at least one set of data,means for processing said automatically generated at least one set of data and said user input data into said predetermined authentication certificate request format and content; and

means for transmitting said generated authentication certificate request to an authentication certificate granting authority.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The multi-server, location-independent authentication certificate management system overcomes the limitations of the existing systems by automating the authentication certificate request, grant and installation processes. Much of the data used to create the authentication certificate request is readily available information, such as: requestor identification, Internet locus, date, time. The authentication certificate management system populates the certificate request with the available data and then prompts the user to provide the additional data in a simple manner, verifying the form and format of the input data. This automation of the authentication certificate request generation minimizes the number of malformed authentication certificate requests. In addition, the authentication certificate management system is capable of being installed on a shared basis, wherein multiple servers and/or multiple services are provided with the authentication certificate from a centralized source. The authentication certificate management system automatically tracks the expiration date of the authentication certificate and also ensures the secure storage of the RSA encryption cryptographic key pair as well as the authentication certificate itself.

231 Citations

38 Claims

1. An authentication certificate management apparatus comprising:
- means, responsive to a user initiating a request for issuance of an authentication certificate, for automatically generating an authentication certificate request, which has a predetermined format and content including a plurality of fields of data, wherein the means for automatically generating an authentication certificate request includes;
  
  means for prompting said user to input at least one set of data for entry into at least one of said plurality of fields of data,means for verifying form and format of said user input data,means for automatically generating at least one set of data,means for processing said automatically generated at least one set of data and said user input data into said predetermined authentication certificate request format and content; and
  
  means for transmitting said generated authentication certificate request to an authentication certificate granting authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1 wherein said means for automatically generating at least one set of data comprises:
    - means for automatically generating a private-public encryption cryptographic key pair.
  - 3. The apparatus of claim 2 wherein said means for processing comprises:
    - means for incorporating a public encryption cryptographic key of said private-public encryption cryptographic key pair into said authentication certificate request; and
      
      means for storing said generated private-public encryption cryptographic key pair in said server.
  - 4. The apparatus of claim 3 wherein said means for processing further comprises:
    - means for storing said generated authentication certificate request in said server.
  - 5. The apparatus of claim 4 further comprising:
    - means, responsive to receipt of a signed authentication certificate from an authentication certificate granting authority, for installing said signed authentication certificate on a server for at least one target machine.
  - 6. The apparatus of claim 5 wherein said means for installing comprises:
    - means, responsive to a user inputting a password, for unlocking said private-public encryption cryptographic key pair;
      
      means for matching said signed authentication certificate with said private-public encryption cryptographic key pair and said stored authentication certificate request to validate said signed authentication certificate; and
      
      means, responsive to a validated signed authentication certificate, for storing said validated signed authentication certificate in said server for said at least one target machine.
  - 7. The apparatus of claim 6 further comprising:
    - means, responsive to receipt of a request from a user located external to said server for a signed authentication certificate from said target machine, for utilizing a public encryption cryptographic key received from said user to access said stored private-public encryption cryptographic key pair stored in said server to validate said request; and
      
      means, responsive to validation of said user provided public encryption cryptographic keys, for transmitting said stored signed authentication certificate to said user.
  - 8. The apparatus of claim 7 further comprising:
    - means, responsive to receipt of a request from a user for a signed authentication certificate, for checking the expiration date of the signed authentication certificate stored in said server to ascertain its validity; and
      
      means, responsive to said means for checking, for generating an alert about pending or actual expiration of the signed authentication certificate where said expiration date is within a predetermined time range of expiration or has expired.

9. A method of providing network services to at least one application process on at least one target machine, the method comprising:
- automatically generating, in response to a user initiating a request for issuance of an authentication certificate, an authentication certificate request, which has a predetermined format and content including a plurality of fields of data, wherein the step of automatically generating an authentication certificate request includes;
  
  prompting said user to input at least one set of data for entry into at least one of said plurality of fields of data,verifying form and format of said user input data,automatically generating at least one set of data,processing said automatically generated at least one set of data and said user input data into said predetermined authentication certificate request format and content; and
  
  transmitting said generated authentication certificate request to an authentication certificate granting authority.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9 wherein said step of automatically generating at least one set of data comprises:
    - automatically generating a private-public encryption cryptographic key pair.
  - 11. The method of claim 10 wherein said step of processing comprises:
    - incorporating a public encryption cryptographic key of said private-public encryption cryptographic key pair into said authentication certificate request; and
      
      storing said generated private-public encryption cryptographic key pair in a server.
  - 12. The method of claim 11 wherein said step of processing further comprises:
    - storing said generated authentication certificate request in said server.
  - 13. The method of claim 12 further comprising the step of:
    - installing, in response to receipt of a signed authentication certificate from an authentication certificate granting authority, said signed authentication certificate on said server for said at least one target machine.
  - 14. The method of claim 13 wherein said step of installing comprises:
    - unlocking, in response to a user inputting a password, said private-public encryption cryptographic key pair;
      
      matching said signed authentication certificate with said private-public encryption cryptographic key pair and said stored authentication certificate request to validate said signed authentication certificate; and
      
      storing, in response to a validated signed authentication certificate, said validated signed authentication certificate in said server for said at least one target machine.
  - 15. The method of claim 14 further comprising:
    - utilizing, in response to receipt of a request from a user located external to said server for a signed authentication certificate from said target machine, a public encryption cryptographic key received from said user to access said stored private-public encryption cryptographic key pair stored in said server to validate said request; and
      
      transmitting, in response to validation of said user provided public encryption cryptographic key, said stored signed authentication certificate to said user.
  - 16. The method of claim 15 further comprising:
    - checking, in response to receipt of a request from a user for a signed authentication certificate, the expiration date of the signed authentication certificate stored in said server to ascertain its validity; and
      
      generating a warning about pending or actual expiration of the signed authentication certificate if said expiration date is within a predetermined time range of expiration or has expired.
  - 17. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 9.

18. An authentication certificate management apparatus comprising:
- means, responsive to a user initiating a request for issuance of an authentication certificate, for automatically generating an authentication certificate request, which has a predetermined format and content including a plurality of fields of data, wherein the means for automatically generating an authentication certificate request includes;
  
  means for prompting said user to input at least one set of data for entry into at least one of said plurality of fields of data,means for verifying form and format of said user input data,means for automatically generating at least one set of data, wherein the at least one set of data includes a private-public encryption cryptographic key pair,means for processing said automatically generated at least one set of data and said user input data into said predetermined authentication certificate request format and content;
  
  means for transmitting said generated authentication certificate request to an authentication certificate granting authority;
  
  means, responsive to receipt of a signed authentication certificate from said authentication certifying granting authority, for installing said signed authentication certificate on a server for at least one target machine, wherein the means for installing includes;
  
  means, responsive to a user inputting a password, for unlocking said private-public encryption cryptographic key pair,means for matching said signed authentication certificate with said private-public encryption cryptographic key pair and said stored authentication certificate request,means, responsive to a validated signed authentication certificate, for storing said validated signed authentication certificate in said server for said at least one target machine.
- View Dependent Claims (19, 20, 24)
- - 19. The apparatus of claim 18 wherein said means for processing further comprises:
    - means for storing said generated private-public encryption cryptographic key pair in said server.
  - 20. The apparatus of claim 18 wherein said means for processing further comprises:
    - means for storing said generated authentication certificate request in said server.
  - 24. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 20.

21. A method of providing network services to at least one application process on at least one target machine, the method comprising:
- automatically generating, in response to a user initiating a request for issuance of an authentication certificate, an authentication certificate request, which has a predetermined format and content including a plurality of fields of data, wherein the step of automatically generating an authentication certificate request includes;
  
  prompting said user to input at least one set of data for entry into at least one of said plurality of fields of data,verifying form and format of said user input data,automatically generating at least one set of data, wherein the at least one set of data includes a private-public encryption cryptographic key pair,processing said automatically generated at least one set of data and said user input data into said predetermined authentication certificate request format and content;
  
  transmitting said generated authentication certificate request to an authentication certificate granting authority;
  
  installing, in response to receipt of a signed authentication certificate from said authentication certifying granting authority, said signed authentication certificate on a server for at least one target machine, wherein the step of installing includes;
  
  unlocking, in response to a user inputting a password, said private-public encryption cryptographic key pair,matching said signed authentication certificate with said private-public encryption cryptographic key pair and said stored authentication certificate request,storing, in response to a validated signed authentication certificate, said validated signed authentication certificate in said server for said at least one target machine.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21 wherein said step of processing further comprises:
    - storing said generated private-public encryption cryptographic key pair in said server.
  - 23. The method of claim 21 wherein said step of processing further comprises:
    - storing said generated authentication certificate request in said server.

25. A method of generating an authentication certificate request, the method comprising:
- prompting a user to input at least one set of data for entry into at least one field of data in the authentication certificate request;
  
  verifying form and format of said user input data;
  
  generating at least one set of data for entry into at least one field of data in the authentication certificate request;
  
  processing said automatically generated data and said user input data to create an authentication certificate request, wherein the authentication certificate request complies with a predetermined authentication certificate request format and content, and wherein the authentication certificate request is capable of being transmitted to an authentication certificate granting authority.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method of claim 25 wherein the step of automatically generating at least one set of data comprises generating a private-public encryption cryptographic key pair.
  - 27. The method of claim 26 wherein the step of processing comprises:
    - incorporating a public encryption cryptographic key of said private-public encryption cryptographic key pair into said authentication certificate request; and
      
      storing said generated private-public encryption cryptographic key pair in a server.
  - 28. The method of claim 27 further comprising:
    - installing a signed authentication certificate on said server for at least one target machine.
  - 29. One or more computer-readable memories containing a computer program that is executable by a processor to perform the method recited in claim 25.

30. One or more computer-readable media having stored thereon a computer program comprising the following steps:
- prompting a user to input at least one set of data for entry into at least on field of data in an authentication certificate request;
  
  verifying form and format of said user input data;
  
  automatically generating at least one set of data for entry into at least one field of data in the authentication certificate request;
  
  processing said user input data and said automatically generated data to create an authentication certificate request, wherein the authentication certificate request complies with a predetermined authentication certificate request format and content, and wherein the authentication certificate request is capable of being transmitted to an authentication certificate granting authority.
- View Dependent Claims (31, 32)
- - 31. One or more computer-readable media as recited in claim 30 wherein the step of automatically generating at least one set of data comprises generating a private-public encryption cryptographic key pair.
  - 32. One or more computer-readable media as recited in claim 30 wherein the step of processing comprises incorporating a public encryption cryptographic key of said private-public encryption cryptographic key pair into said authentication certificate request.

33. An authentication certificate management apparatus comprising:
- an interface module to prompt a user to input at least one set of data for entry into at least one of a plurality of data fields;
  
  a verification module to verify form and format of said data input by the user;
  
  a data generation module to automatically generate at least one set of data;
  
  a processor to process the data input by the user and the automatically generated data into an authentication certificate request having a predetermined format and content; and
  
  a transmitter to transmit the authentication certificate request to an authentication certificate granting authority.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The apparatus of claim 33 wherein the data generation module is further to generate a private-public encryption cryptographic key pair.
  - 35. The apparatus of claim 33 wherein the processor is further to store the authentication certificate request.
  - 36. The apparatus of claim 33 further including an installation module to install a signed authentication certificate on a server for at least one target machine in response to receiving a signed authentication certificate from an authentication certificate granting authority.
  - 37. The apparatus of claim 36 further including a matching module to match the signed authentication certificate with a private-public encryption cryptographic key pair and a stored authentication certificate request to validate the signed authentication certificate.
  - 38. The apparatus of claim 33 further including an expiration checking module to check the expiration date of a signed authentication certificate stored in a server, thereby determining the validity of the signed authentication certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Multerer, Boyd, Schwartz, Kerry S., Stebbens, Kim
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/871,753
Time in Patent Office

1,226 Days
Field of Search

380/4, 380/9, 380/23, 380/24, 380/25, 380/29, 380/30, 380/49, 380/50, 380/59, 380/21, 380/255, 380/287, 713/150, 713/155-161, 713/168-182, 713/189, 713/200
US Class Current

713/175
CPC Class Codes

G06F 21/33 using certificates

Multi-server location-independent authentication certificate management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

231 Citations

38 Claims

Specification

Use Cases

Quick Links

Others

Multi-server location-independent authentication certificate management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

231 Citations

38 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others