Virtual certificate authority

US 6,308,277 B1
Filed: 12/23/1999
Issued: 10/23/2001
Est. Priority Date: 12/20/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of operating a network connecting a user, a certificate-issuing authority, and a registration database of registered users maintained by a registration authority, comprising the steps of:

requesting said certificate-issuing authority to issue a certificate for said user, storing said certificate request at said certificate-issuing authority, accessing said certificate request by said registration authority, comparing said certificate request with said database to make a decision by said registration authority relative to said certificate request, and sending to said certificate-issuing authority said decision.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for creating and administering certificates digitally signed by a trusted entity (certificate authority) to ensure that certificated transactions are authenticated as that of a particular entity. Requests for a certificate, along with verification information, are directed to the certificate authority, where they are held and accessed by an entity having verification responsibilities (registration authority) and approved or disapproved.

Citations

49 Claims

1. A method of operating a network connecting a user, a certificate-issuing authority, and a registration database of registered users maintained by a registration authority, comprising the steps of:
- requesting said certificate-issuing authority to issue a certificate for said user, storing said certificate request at said certificate-issuing authority, accessing said certificate request by said registration authority, comparing said certificate request with said database to make a decision by said registration authority relative to said certificate request, and sending to said certificate-issuing authority said decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the step of requesting a certificate is made on a public network and the step of accessing said certificate request is performed over a dedicated communications link.
  - 3. The method of claim 1 wherein the step of requesting a certificate is made using a network browser.
  - 4. The method of claim 1 wherein the step of accessing said certificate request is made on a public network.
  - 5. The method of claim 1 wherein the step of accessing said certificate request is made using a network browser.
  - 6. The method of claim 5 wherein the step of accessing said certificate request is made using a network browser in a secure session mode.
  - 7. The method of claim 1 further comprising the steps of:
8. The method of claim 7 wherein the step of requesting said certificate request is made using a network browser and the step of providing said user data is made using a network browser in a secure session mode.
9. The method of claim 1 further comprising the steps of:
- generating at said certificate-issuing authority a certificate for said user, and making available said certificate on said network to said user.
10. The method of claim 1 further comprising the step of hosting by said certificate-issuing authority a web site to which said certificate request is directed.
11. The method of claim 10 further comprising the steps of generating at said web site web pages associated with different registration databases.
12. The method of claim 1 further comprising the steps of:
- hosting at said registration database a web site logically linked to said certificate-issuing authority to which said certificate request is first directed, and transferring said certificate request to said certificate-issuing authority.

13. A method of operating a computer system for providing digital certificates on a network, comprising the steps of:
- receiving via said network from a requester a request for issuance of a certificate, storing said certificate request, providing access via said network by a database-serving node to said stored certificate request, receiving from said database-serving node approval for issuance of a certificate, and generating a certificate in accordance with said certificate request and said approval.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 wherein the step of providing access to said certificate request is made over a dedicated communications link.
  - 15. The method of claim 13 wherein the step of providing access to said certificate request is made on a secure session link.
  - 16. The method of claim 13 further comprising the steps of:
17. The method of claim 16 wherein the step of receiving said user data is made on a secure session link.
18. The method of claim 13 further comprising the step of hosting a web site to which said certificate request is directed.
19. The method of claim 18 further comprising the steps of generating at said web site web pages associated with different registration databases.
20. The method of claim 13 further comprising the steps of:
- receiving a higher-level certificate, and incorporating in generation of said certificate said higher level certificate.

21. Apparatus for providing digital certificates on a network comprising:
- means for receiving via said network from a requester a request for issuance of a certificate and associated data, means for storing said certificate request and data, means for providing access via said network by a database-serving node to said stored certificate request and data, means for receiving from said database-serving node approval for issuance of a certificate, and means for generating a certificate in accordance with said certificate request and said approval.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The apparatus of claim 21 wherein the means for receiving said certificate request and data comprises means for hosting a web site.
  - 23. The apparatus of claim 22 wherein the means for receiving said certificate request and data comprises means for generating at said web site web pages associated with different database-serving nodes.
  - 24. The apparatus of claim 21 wherein the means for receiving said certificate request and data comprises means for distinguishing certificate requests and data associated with different database-serving nodes.
  - 25. The apparatus of claim 21 wherein the means for providing access to said certificate request and data includes a link encryptor.
  - 26. The apparatus of claim 21 wherein the means for providing access to said certificate request and data distinguishes between different database-serving nodes.
  - 27. The apparatus of claim 21 further comprising:

28. Apparatus for certifying a transaction comprising:
- an interface to a network, a storage device, and an application processor adapted for accepting from said network interface a request for issuance of a certificate, for writing said certificate issuance request to said storage device, for accepting from said network interface a request for access to said certificate issuance request written on said storage device, for reading said certificate issuance request from said storage device, for communicating to said network interface for transmission to the source of said request for access to said certificate issuance request, for accepting from said network interface an approval of said certificate issuance request, for directing the generation of a certificate in accordance with said certificate issuance request and said approval and for communicating to said network interface for transmission to the source of said certificate issuance request said generated certificate.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The apparatus of claim 28 wherein said network interface comprises a firewall system.
  - 30. The apparatus of claim 29 further comprises a web server processor connected, along with said application processor, to said firewall system.
  - 31. The apparatus of claim 30 further comprises a security processor connected to said firewall system for screening communications from said network.
  - 32. The apparatus of claim 28 further comprising a cryptographic processor responsive to said direction by-said application processor for generation of said certificate.
  - 33. The apparatus of claim 32 wherein said cryptographic processor comprises a secure cryptographic card and card reader.

34. Apparatus for issuing a plurality of types of certificates for a transaction comprising:
- an interface to a network, a storage device, a plurality of cryptographic processors each associated with a type of certificate, and an application processor adapted for accepting from said network interface a request for issuance of a type of certificate, for writing said certificate issuance request to said storage device, for accepting from said network interface a request associated with said type of certificate for access to said certificate issuance request written on said storage device, for reading said certificate issuance request from said storage device, for communicating to said network interface for transmission to the source of said request for access to said certificate issuance request, for accepting from said network interface an approval of said certificate issuance request, for directing the cryptographic processor associated with said type of certificate to generate a certificate in accordance with said certificate issuance request and said approval and for communicating to said network interface for transmission to the source of said certificate issuance request said generated certificate.
- View Dependent Claims (35)
- - 35. The apparatus of claim 34 wherein said network interface comprises:

36. A method of authenticating a network transaction comprising the steps of:
- receiving a request to authenticate a network transaction;
  
  providing an authorizing agent with access to the request to determine whether identifying information in the request corresponds to stored registration information on the requester;
  
  generating a certificate in accordance with the determination of the authorizing agent; and
  
  notifying the requester of the generated certificate.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 37. The method of claim 36, wherein the receiving step includes the substep of:
38. The method of claim 36, wherein the receiving step includes the substep of:
- permitting the requester to provide the identifying information.
39. The method of claim 36, wherein the receiving step includes the substep of:
- receiving a unique identification code for the requester.
40. The method of claim 36, wherein the receiving step includes the substep of:
- encrypting the request using a unique code of the requester.
41. The method of claim 37, wherein the providing step includes the substep of:
- decrypting the request using a stored code corresponding to the requester'"'"'s unique code.
42. The method of claim 39, wherein the code receiving step includes the substep of:
- verifying the request using the requester'"'"'s code.
43. The method of claim 36, wherein the providing step includes the substep of:
- storing the request in a memory.
44. The method of claim 36, wherein the receiving step includes the substep of:
- storing the request in a memory of a server, and wherein the providing step includes the substep, of;
  
  receiving a request from the authorizing agent for access to the memory of the server.
45. The method of claim 36, wherein the notifying step includes the substep of:
- transmitting the certificate to the requester.

46. A method of authenticating a network transaction comprising the steps of:
- receiving requests to authenticate network transactions;
  
  providing authorizing agents with access to specific requests to determine whether identifying information in the request corresponds with stored registration information; and
  
  notifying a specific requester in accordance with the determination of one of the authorizing agents.
- View Dependent Claims (47, 48, 49)
- - 47. The method of claim 46, wherein the notifying step includes the substep of:
48. The method of claim 46, wherein the providing step includes the substep of:
- permitting each authorizing agent with access to one of the requests at a predetermined time.
49. The method of claim 46, wherein the providing step includes the substep of:
- notifying a specific authorizing agent of receipt of one of the requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GTE CyberTrust Solutions, Inc. (Oryx International Growth Fund Ltd.)
Original Assignee
GTE CyberTrust Solutions, Inc. (Oryx International Growth Fund Ltd.)
Inventors
Walton, Charles S., Vaeth, J. Stuart
Primary Examiner(s)
Beausoleil, Robert
Assistant Examiner(s)
Baderman, Scott T.

Application Number

US09/470,801
Time in Patent Office

670 Days
Field of Search

713/201-200, 713/202, 713/153, 713/155, 713/156-157, 713/158, 713/173, 713/175, 709/225, 709/229, 707/9, 705/53, 705/64, 705/75
US Class Current

726/10
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

Virtual certificate authority

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual certificate authority

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links