System and method for installing and using a temporary certificate at a remote site
DCFirst Claim
1. A computer-based method for installing a temporary certificate on a client site, comprising the steps of:
- receiving a public key from a client site;
generating a temporary certificate containing the public key and a validity period; and
delivering the temporary certificate and a certificate installation downloadable to the client site, thereby enabling installing of the certificate on the client site without requiring network transfer of a client private key.
8 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system installs and enables the use of a temporary certificate at a remote site. The system comprises a global server site, a temporary client site and a web site. The global server site includes a security module that identifies and authenticates the user at the temporary client site, and a web server engine that downloads a key generation downloadable and a certificate request engine downloadable upon user authentication to the client site. The client site includes a web engine that executes the key generation downloadable to generate a public key and a private key, and executes the certificate request engine downloadable to send the a temporary certificate request (including the public key) to the global server site. A temporary certificate generator at the global server site generates a temporary certificate having the public key and a validity period. The web server on the global server site sends the temporary certificate and a certificate installation downloadable to the web engine on the client site, which executes the downloadable thereby installing the temporary certificate. The web server on the global server site can also send a certificate maintenance downloadable and a certificate de-installation downloadable to the client site. The web server engine maintains a revocation list that contains information identifying revoked temporary certificates, so that a revoked but thusfar unexpired certificate cannot be improperly used. The web site reviews the temporary certificate for authenticity and contacts the global server site to review the revocation list and determine whether the temporary certificate has been revoked.
-
Citations
44 Claims
-
1. A computer-based method for installing a temporary certificate on a client site, comprising the steps of:
-
receiving a public key from a client site;
generating a temporary certificate containing the public key and a validity period; and
delivering the temporary certificate and a certificate installation downloadable to the client site, thereby enabling installing of the certificate on the client site without requiring network transfer of a client private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for installing a temporary certificate in a client site, comprising:
-
a server for receiving a public key from a client site;
a temporary certificate generator coupled to the server for generating a temporary certificate containing the public key and a validity period; and
a certificate installation downloadable coupled to the server for causing the client site to install the temporary certificate, thereby enabling installing of the certificate in the client site without requiring network transfer of a client private key. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer-readable storage medium storing program code for causing a computer to perform the steps of:
-
receiving a public key from a client site;
generating a temporary certificate containing the public key and a validity period; and
delivering the temporary certificate and a certificate installation downloadable to the client site, thereby enabling installation of the certificate at the client site without requiring network transfer of a client site private key.
-
-
30. A method for installing a temporary certificate in a web engine, comprising the steps of:
-
generating a public key and a private key;
sending the public key to a certificate authority;
providing identification and authentication information to the certificate authority;
if identified and authenticated, receiving a certificate installation downloadable and a temporary certificate having a short validity period from the certificate authority; and
using the certificate installation downloadable to install the temporary certificate and the private key in the web engine, thereby enabling installing of the certificate at a client site corresponding to the web engine without requiring network transfer of the private key. - View Dependent Claims (31, 32, 33)
-
-
34. A system for installing a temporary certificate on an unconfigured web engine, comprising:
-
a key generation module for generating a public and private key pair;
a certificate request module for transmitting the pubic key to a certificate authority;
a certificate installation module for installing a temporary certificate having a short validity period and the private key in an unconfigured web engine, thereby creating a temporarily configured web engine; and
a certificate maintenance module for monitoring the short validity period to determine if the temporary certificate has expired, thereby enabling installing of the certificate at a client site corresponding to the web engine without requiring network transfer of the private key. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
-
41. A method of generating a self-certified temporary certificate, comprising the steps of:
-
receiving a temporary public key and user-identification information from a remote client;
retrieving a long-term public key certificate and a long-term private key from memory;
packaging the temporary public key, the user-identification information, a validity period and the long-term public certificate into a package; and
using the long-term private key to sign the package, thereby generating a self-certified temporary certificate without requiring network transfer of the long-term private key.
-
-
42. A method of examining a self-certified temporary certificate, comprising the steps of:
-
receiving a self-certified temporary certificate, which includes a signature, a validity period, a temporary public key, and a long-term public certificate containing a long-term public key and signed by a certificate authority private key associated with a certificate authority;
using a well-known public key associated with the certificate authority private key to verify the certificate authority signing the long-term certificate;
using the long-term public key to verify the signature of the temporary certificate, and thus to verify the client; and
enabling access to services during the validity period if the certificate authority and the temporary certificate have been verified, thereby enabling examining of the certificate of the client without requiring network transfer of a client private key.
-
-
43. A method of installing a temporary certificate, comprising the steps of:
-
generating a public and private key pair;
receiving a user-selected certificate duration request;
packaging the public key and the user-selected certificate duration request into a certificate generation request;
sending the certificate generation request to a certificate authority;
receiving a temporary certificate containing the public key and a limited validity period based on the user-selected temporary certificate duration request;
installing the temporary certificate and the private key in a web engine, thereby enabling installing of the certificate at the client without requiring network transfer of the client private key.
-
-
44. A method of generating a temporary certificate, comprising the steps of:
-
receiving a certificate generation request containing a public key and a user-selected certificate duration request from a remote client;
packaging the public key and a certificate validity period based on the user-selected certificate duration request into a package;
signing the package, thereby generating a temporary certificate; and
transmitting the temporary certificate to the remote client, thereby enabling generating of the certificate of the remote client without requiring network transfer of a remote client private key.
-
Specification