Virtual certificate authority
First Claim
Patent Images
1. A method of operating a network connecting a user, a certificate-issuing authority, and a registration database of registered users maintained by a registration authority, comprising the steps of:
- requesting said certificate-issuing authority to issue a certificate for said user, storing said certificate request at said certificate-issuing authority, accessing said certificate request by said registration authority, comparing said certificate request with said database to make a decision by said registration authority relative to said certificate request, and sending to said certificate-issuing authority said decision.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for creating and administering certificates digitally signed by a trusted entity (certificate authority) to ensure that certificated transactions are authenticated as that of a particular entity. Requests for a certificate, along with verification information, are directed to the certificate authority, where they are held and accessed by an entity having verification responsibilities (registration authority) and approved or disapproved.
-
Citations
49 Claims
-
1. A method of operating a network connecting a user, a certificate-issuing authority, and a registration database of registered users maintained by a registration authority, comprising the steps of:
-
requesting said certificate-issuing authority to issue a certificate for said user, storing said certificate request at said certificate-issuing authority, accessing said certificate request by said registration authority, comparing said certificate request with said database to make a decision by said registration authority relative to said certificate request, and sending to said certificate-issuing authority said decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
providing user data to said certificate-issuing authority to be compared against said registration database, storing with a link to said certificate request at said certificate-issuing authority said user data, accessing from said registration database said user data, and comparing at said registration database said user data with said database to make a decision relative to said certificate request.
-
-
8. The method of claim 7 wherein the step of requesting said certificate request is made using a network browser and the step of providing said user data is made using a network browser in a secure session mode.
-
9. The method of claim 1 further comprising the steps of:
-
generating at said certificate-issuing authority a certificate for said user, and making available said certificate on said network to said user.
-
-
10. The method of claim 1 further comprising the step of hosting by said certificate-issuing authority a web site to which said certificate request is directed.
-
11. The method of claim 10 further comprising the steps of generating at said web site web pages associated with different registration databases.
-
12. The method of claim 1 further comprising the steps of:
-
hosting at said registration database a web site logically linked to said certificate-issuing authority to which said certificate request is first directed, and transferring said certificate request to said certificate-issuing authority.
-
-
13. A method of operating a computer system for providing digital certificates on a network, comprising the steps of:
-
receiving via said network from a requester a request for issuance of a certificate, storing said certificate request, providing access via said network by a database-serving node to said stored certificate request, receiving from said database-serving node approval for issuance of a certificate, and generating a certificate in accordance with said certificate request and said approval. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
receiving user data to be compared against the database of said database-serving node, storing with a link to said certificate request said user data, and providing access via said network by said database-serving node to said stored user data.
-
-
17. The method of claim 16 wherein the step of receiving said user data is made on a secure session link.
-
18. The method of claim 13 further comprising the step of hosting a web site to which said certificate request is directed.
-
19. The method of claim 18 further comprising the steps of generating at said web site web pages associated with different registration databases.
-
20. The method of claim 13 further comprising the steps of:
-
receiving a higher-level certificate, and incorporating in generation of said certificate said higher level certificate.
-
-
21. Apparatus for providing digital certificates on a network comprising:
-
means for receiving via said network from a requester a request for issuance of a certificate and associated data, means for storing said certificate request and data, means for providing access via said network by a database-serving node to said stored certificate request and data, means for receiving from said database-serving node approval for issuance of a certificate, and means for generating a certificate in accordance with said certificate request and said approval. - View Dependent Claims (22, 23, 24, 25, 26, 27)
means for receiving a higher-level certificate, and means for incorporating in generation of said certificate said higher-level certificate.
-
-
28. Apparatus for certifying a transaction comprising:
-
an interface to a network, a storage device, and an application processor adapted for accepting from said network interface a request for issuance of a certificate, for writing said certificate issuance request to said storage device, for accepting from said network interface a request for access to said certificate issuance request written on said storage device, for reading said certificate issuance request from said storage device, for communicating to said network interface for transmission to the source of said request for access to said certificate issuance request, for accepting from said network interface an approval of said certificate issuance request, for directing the generation of a certificate in accordance with said certificate issuance request and said approval and for communicating to said network interface for transmission to the source of said certificate issuance request said generated certificate. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. Apparatus for issuing a plurality of types of certificates for a transaction comprising:
-
an interface to a network, a storage device, a plurality of cryptographic processors each associated with a type of certificate, and an application processor adapted for accepting from said network interface a request for issuance of a type of certificate, for writing said certificate issuance request to said storage device, for accepting from said network interface a request associated with said type of certificate for access to said certificate issuance request written on said storage device, for reading said certificate issuance request from said storage device, for communicating to said network interface for transmission to the source of said request for access to said certificate issuance request, for accepting from said network interface an approval of said certificate issuance request, for directing the cryptographic processor associated with said type of certificate to generate a certificate in accordance with said certificate issuance request and said approval and for communicating to said network interface for transmission to the source of said certificate issuance request said generated certificate. - View Dependent Claims (35)
a web server processor, a security processor for screening communications from said network, and a firewall processor connected to and supporting said web server processor, said security processor and said application processor.
-
-
36. A method of authenticating a network transaction comprising the steps of:
-
receiving a request to authenticate a network transaction;
providing an authorizing agent with access to the request to determine whether identifying information in the request corresponds to stored registration information on the requester;
generating a certificate in accordance with the determination of the authorizing agent; and
notifying the requester of the generated certificate. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
enabling the requester to access a server via the network.
-
-
38. The method of claim 36, wherein the receiving step includes the substep of:
permitting the requester to provide the identifying information.
-
39. The method of claim 36, wherein the receiving step includes the substep of:
receiving a unique identification code for the requester.
-
40. The method of claim 36, wherein the receiving step includes the substep of:
encrypting the request using a unique code of the requester.
-
41. The method of claim 37, wherein the providing step includes the substep of:
decrypting the request using a stored code corresponding to the requester'"'"'s unique code.
-
42. The method of claim 39, wherein the code receiving step includes the substep of:
verifying the request using the requester'"'"'s code.
-
43. The method of claim 36, wherein the providing step includes the substep of:
storing the request in a memory.
-
44. The method of claim 36, wherein the receiving step includes the substep of:
-
storing the request in a memory of a server, and wherein the providing step includes the substep, of;
receiving a request from the authorizing agent for access to the memory of the server.
-
-
45. The method of claim 36, wherein the notifying step includes the substep of:
transmitting the certificate to the requester.
-
46. A method of authenticating a network transaction comprising the steps of:
-
receiving requests to authenticate network transactions;
providing authorizing agents with access to specific requests to determine whether identifying information in the request corresponds with stored registration information; and
notifying a specific requester in accordance with the determination of one of the authorizing agents. - View Dependent Claims (47, 48, 49)
generating a certificate reflecting the determination; and
transmitting the certificate to the requester.
-
-
48. The method of claim 46, wherein the providing step includes the substep of:
permitting each authorizing agent with access to one of the requests at a predetermined time.
-
49. The method of claim 46, wherein the providing step includes the substep of:
notifying a specific authorizing agent of receipt of one of the requests.
Specification