Method for creating communities of trust in a secure communication system
First Claim
1. A method for creating communities of trust, the method comprises the steps of:
- a) obtaining an arbitrary list of trusted public key certificates;
b) determining whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community; and
c) when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, adding trusted public key certificates of the arbitrary list to a trusted public key list.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for creating communities of trust within a secure communications system is accomplished by allowing end-users to obtain arbitrary lists of trusted public keys from other end-users and from associated authorities. Once an arbitrary list has been obtained by an end-user, the end-user determines whether it was obtained in a manner consistent with a security policy of the secured community. The security policy may enable an end-user to receive trusted public keys from other end-users, from associated authorities only, to receive public keys of associated authorities, other end users, or any combination thereof. When the arbitrary lists of trusted keys are obtained in a manner consistent with the security policy, the end-user adds keys of the arbitrary lists to a trusted key list. When a security-related operation is to be performed (e.g., verifying a signature of a received message or retrieving the encryption public key of a recipient for an outgoing message), any of the trusted keys contained within the trusted list may be used for authentication purposes.
41 Citations
16 Claims
-
1. A method for creating communities of trust, the method comprises the steps of:
-
a) obtaining an arbitrary list of trusted public key certificates;
b) determining whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community; and
c) when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, adding trusted public key certificates of the arbitrary list to a trusted public key list. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 11)
obtaining the arbitrary list which includes at least one public key certificate of at least one of an associated authority and an end-user.
-
-
3. The method of claim 2 further comprises obtaining the at least one public key certificate from another end-user.
-
4. The method of claim 2 further comprises obtaining the at least one public key certificate from an associated authority.
-
5. The method of claim 2 further comprises maintaining a record indicating whether a certificate contained in the trusted public key list was obtained by importing an end-user certificate from the another end-user, importing the end-user certificate from an associated authority, importing an associated authority public key certificate from the another end-user, or importing the associated authority public key certificate from the associated authority.
-
6. The method of claim 2 further comprises:
-
receiving a request to perform a security related operation;
determining whether an associated public key certificate of the security related operation is verified as authentic; and
when the associated public key certificate is authentic, performing the security related operation using a subject public key of the associated public key certificate.
-
-
8. The method of claim 1 further comprises, within step (a), receiving the arbitrary list from another end-user, wherein the arbitrary list includes a plurality of public key certificates of end-users.
-
9. The method of claim 1 further comprises, within step (a), receiving the arbitrary list from an associated authority, wherein the arbitrary list includes at least one public key certificate of an end-user.
-
11. The method according to claim 1,
wherein a community of trust includes a plurality of end-users; -
wherein the arbitrary list of trusted public key certificates is obtained by a respective end-user of the plurality of end-users;
wherein whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community is determined by the respective end-user; and
wherein, when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, trusted public key certificates of the arbitrary list are added to a trusted public key list by the respective end-user.
-
-
7. A method for creating communities of trust, the method comprises the steps of:
-
obtaining an arbitrary list of trusted public key certificates including at least one public key certificate of at least one of an associated authority and an end-user;
determining whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community;
when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, adding trusted public key certificates of the arbitrary list to a trusted public key list;
receiving a request to perform a security related operation;
determining whether the associated public key certificate substantially matches a public key certificate stored in the trusted public key list; and
when the associated public key certificate substantially matches a public key certificate stored in the trusted public key list, performing the security related operation using a subject public key of the associated public key certificate. - View Dependent Claims (12, 13, 14)
wherein a community of trust includes a plurality of end-users; wherein the arbitrary list of trusted public key certificates is obtained by a respective end-user of the plurality of end-users;
wherein whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community is determined by the respective end-user; and
wherein, when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, trusted public key certificates of the arbitrary list are added to a trusted public key list by the respective end-user.
-
-
10. A method for creating communities of trust, the method comprises the steps of:
-
obtaining an arbitrary list of trusted public key certificates;
determining whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community when the arbitrary list is received via at least one of;
importing the arbitrary list from another end-user, importing the arbitrary list from an associated authority, importing a certificate of an end-user from another end-user, importing a certificate of an associated authority from the another end-user, importing the certificate of the associated authority from the associated authority, and importing the certificate of the end-user form the associated authority; and
when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, adding trusted public key certificates of the arbitrary list to a trusted public key list. - View Dependent Claims (15, 16)
determining whether the associated public key certificate substantially matches a public key certificate stored in the trusted public key list; and
when the associated public key certificate substantially matches a public key certificate stored in the trusted public key list, performing the security related operation using a subject public key of the associated public key certificate.
-
-
16. The method according to claim 10,
wherein a community of trust includes a plurality of end-users; -
wherein the arbitrary list of trusted public key certificates is obtained by a respective end-user of the plurality of end-users;
wherein whether the arbitrary list of the trusted public key certificates was obtained in a manner consistent with a security policy of a secure community is determined by the respective end-user; and
wherein, when the arbitrary list of trusted public key certificates was obtained in a manner consistent with a security policy, trusted public key certificates of the arbitrary list are added to a trusted public key list by the respective end-user.
-
Specification