Architecture for web-based on-line-off-line digital certificate authority
First Claim
1. A method of issuing digital certificates, comprising the steps of:
- accepting a digital certificate request from a client in a servlet implemented in a web server, the digital certificate request comprising at least one client parameter;
passing the client parameter to a user exit external to the servlet to determine if a digital certificate should be issued to the client; and
transmitting the digital certificate to the client if the external processing module indicates that the digital certificate should be issued to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, article of manufacture, and a memory structure for issuing digital certificates to a client is disclosed. The method comprises the steps of accepting a digital certificate request from a client in a web server, the digital certificate request comprising at least one client parameter, passing the client parameter to user exit external to the web server via an interface implemented by a servlet property file to determine if a digital certificate should be issued to the client, and transmitting the digital certificate to the client if the external processing module indicates that the digital certificate should be issued to the client. The article of manufacture comprises a data storage device tangibly embodying instructions to perform the method steps described above.
The apparatus comprises means for accepting a digital certificate request with a client parameter from a client in a web server, means for passing the client parameter to an external processing module to determine, among other things, if the digital certificate should be issued to the client, and a means for transmitting the digital certificate to the client.
157 Citations
21 Claims
-
1. A method of issuing digital certificates, comprising the steps of:
-
accepting a digital certificate request from a client in a servlet implemented in a web server, the digital certificate request comprising at least one client parameter;
passing the client parameter to a user exit external to the servlet to determine if a digital certificate should be issued to the client; and
transmitting the digital certificate to the client if the external processing module indicates that the digital certificate should be issued to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
computing a private key and a public key for the client when user exit indicates that the digital certificate should be issued to the client;
preparing a digital certificate using the public key and the private key; and
transmitting the digital certificate to the client.
-
-
3. The method of claim 2, wherein the private key and the public key are computed in the servlet.
-
4. The method of claim 2, wherein the digital certificate request further comprises a client password, and the step of transmitting the digital certificate to the client further comprises the steps of:
-
encrypting the digital certificate with the client password; and
transmitting the encrypted digital certificate to the client.
-
-
5. The method of claim 4, wherein the step of transmitting the digital certificate to the client comprises the steps of:
-
providing a link to a response page to the client, the response page comprising an entry field for accepting an entered password;
transmitting the response page to the client when the link to the response page is selected;
receiving the entered password from the client; and
transmitting the encrypted digital certificate to the client when the entered password matches the client password.
-
-
6. The method of claim 5, wherein the link to the response page is provided by transmitting an e-mail having a link to the response page to the client.
-
7. The method of claim 5, wherein the step of transmitting the encrypted digital certificate to the client when the entered password matches the client password comprises the steps of:
-
decrypting the digital certificate with the entered password; and
transmitting the encrypted digital certificate to the client when the decrypted digital certificate is a valid certificate.
-
-
8. An apparatus for issuing digital certificates, comprising:
-
means for accepting a digital certificate request from a client in a servlet implemented in a web server, the digital certificate request comprising at least one client parameter;
means for passing the client parameter to a user exit external to the servlet to determine if a digital certificate should be issued to the client; and
means for transmitting the digital certificate to the client if the external processing module indicates that the digital certificate should be issued to the client. - View Dependent Claims (9, 10, 11, 12, 13, 14)
means for computing a private key and a public key for the client when user exit indicates that the digital certificate should be issued to the client;
means for preparing a digital certificate using the public key and the private key; and
means for transmitting the digital certificate to the client.
-
-
10. The apparatus of claim 9, wherein the private key and the public key are computed in the servlet.
-
11. The apparatus of claim 9, wherein the digital certificate request further comprises a client password, and the means for transmitting the digital certificate to the client further comprises:
-
means for encrypting the digital certificate with the client password; and
means for transmitting the encrypted digital certificate to the client.
-
-
12. The apparatus of claim 11, wherein the means for transmitting the digital certificate to the client comprises:
-
means for providing a link to a response page to the client, the response page comprising an entry field for accepting an entered password;
means for transmitting the response page to the client when the link to the response page is selected;
means for receiving the entered password from the client; and
means for transmitting the encrypted digital certificate to the client when the entered password matches the client password.
-
-
13. The apparatus of claim 12, wherein the link to the response page is provided by transmitting an e-mail having a link to the response page to the client.
-
14. The apparatus of claim 12, wherein the means for transmitting the encrypted digital certificate to the client when the entered password matches the client password comprises:
-
means for decrypting the digital certificate with the entered password; and
means for transmitting the encrypted digital certificate to the client when the decrypted digital certificate is a valid certificate.
-
-
15. A program storage device, readable by a computer, tangibly embodying at least one program of instructions executable by the computer to perform method steps of issuing digital certificates, the method comprising the steps of:
-
accepting a digital certificate request from a client in a servlet implemented in a web server, the digital certificate request comprising at least one client parameter;
passing the client parameter to a user exit external to the servlet to determine if a digital certificate should be issued to the client; and
transmitting the digital certificate to the client if the external processing module indicates that the digital certificate should be issued to the client. - View Dependent Claims (16, 17, 18, 19, 20, 21)
computing a private key and a public key for the client when user exit indicates that the digital certificate should be issued to the client;
preparing a digital certificate using the public key and the private key; and
transmitting the digital certificate to the client.
-
-
17. The program storage device of claim 16, wherein the private key and the public key are computed in the servlet.
-
18. The program storage device of claim 16, wherein the digital certificate request further comprises a client password, and the method step of transmitting the digital certificate to the client further comprises the method steps of:
-
encrypting the digital certificate with the client password; and
transmitting the encrypted digital certificate to the client.
-
-
19. The program storage device of claim 18, wherein the method step of transmitting the digital certificate to the client comprises the method steps of:
-
providing a link to a response page to the client, the response page comprising an entry field for accepting an entered password;
transmitting the response page to the client when the link to the response page is selected;
receiving the entered password from the client; and
transmitting the encrypted digital certificate to the client when the entered password matches the client password.
-
-
20. The program storage device of claim 19, wherein the link to the response page is provided by transmitting an e-mail having a link to the response page to the client.
-
21. The program storage device of claim 19, wherein the method step of transmitting the encrypted digital certificate to the client when the entered password matches the client password comprises the method steps of:
-
decrypting the digital certificate with the entered password; and
transmitting the encrypted digital certificate to the client when the decrypted digital certificate is a valid certificate.
-
Specification