Method and apparatus for obtaining status of public key certificate updates

US 6,442,688 B1
Filed: 08/29/1997
Issued: 08/27/2002
Est. Priority Date: 08/29/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method fo r obtaining certificate status changes, the method comprising the steps of:

a) generating, by an end user, certificates update subscription information that includes at least identity of a plurality of subscriber subjects that the end user is interested in and their associated public keys, and providing the certificates update subscription information to a server;

b) providing an indication of a local replica of current certificates for those subscriber subjects that the end user has a desire to communicate with to the server while on-line with the server;

c) receiving an indication of updated certificate for those subscriber subjects that the end user has a desire to communicate with, from the server when the updated certificate is inconsistent with the local replica of the current certificates; and

d) while on-line, receiving an indication of a newly updated certificate from the server, wherein the newly updated certificate relates to information of interest as identified in the certificates update subscription information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for public key certificate updates is accomplished when a user of a secured communications system provides, from time to time, a public key certificate update subscription update to a server. The public key certificate update subscription information identifies at least one subscriber subject (i.e., another end-user) that the user desires to obtain real time public key updates when they occur. In response to the subscription information, the server monitors public key certificates of the at least one subscriber subject. When a change occurs to the public key certificate of the at least one subscriber, the server provides an indication of the change to the requesting user. As such, while the user is on-line with the secured communications system, the server can provide the user with real-time updates of subscriber subjects'"'"' encryption public key certificates and/or signature public key certificates. In addition, or as an alternative, to providing the subscription information, the user may provide an indication of a local replica of the public key certificates that it has stored to the server. Upon receiving the replica, the server determines whether the user'"'"'s replica is consistent with the system'"'"'s most current public key certificates of the subscriber subjects. If the user'"'"'s replica is consistent with the current public key certificate, the server provides no response to the user or provides a response indicating that the user'"'"'s list is current. If, however, the user'"'"'s replica is not consistent with the current public key certificate, the server provides an indication of the differences to the user. The indication allows the user to update its local lists to be consistent with the most current public key certificate list.

345 Citations

27 Claims

1. A method fo r obtaining certificate status changes, the method comprising the steps of:
- a) generating, by an end user, certificates update subscription information that includes at least identity of a plurality of subscriber subjects that the end user is interested in and their associated public keys, and providing the certificates update subscription information to a server;
  
  b) providing an indication of a local replica of current certificates for those subscriber subjects that the end user has a desire to communicate with to the server while on-line with the server;
  
  c) receiving an indication of updated certificate for those subscriber subjects that the end user has a desire to communicate with, from the server when the updated certificate is inconsistent with the local replica of the current certificates; and
  
  d) while on-line, receiving an indication of a newly updated certificate from the server, wherein the newly updated certificate relates to information of interest as identified in the certificates update subscription information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprises acknowledging receipt of the indication of the updated certificate.
  - 3. The method of claim 1 further comprises providing the certificate update subscription information to include at least one of:
    - identity of at least one of subscriber subject, a public key certificate of the at least one subscriber subject, an attribute certificate of the subscriber subject, identity of a certification authority and a cross-certificate.
  - 4. The method of claim 1 further comprises providing the certificate update subscription information to include at least one of:
    - signature public key certificate of at least one subscriber subject and an encryption public key certificate of the at least one subscriber subject.
  - 5. The method of claim 1 further comprises, within step (d), receiving, as the indication of the newly updated certificate, at least one of:
    - a new public key certificate for a subscriber subject, a revocation of a public key certificate of the subscriber subject, a change to the public key certificate of the subscriber subject.
  - 6. The method of claim 1 further comprises, within step (b), providing the indication of the local replica as at least one of:
    - a copy of the current certificate and a message indicating the current certificate.
  - 7. The method of claim 1 further comprises, within step (c), receiving the updated certificate as at least one of:
    - updates to the current certificate and a message regarding updates to the current certificate.

8. A method for providing certificate updates, the method comprises the steps of:
- a) generating, by an end user, certificate update subscription information that includes at least identity of a plurality of subscriber subjects that the end user is interested in and their associated public keys and receiving the certificate update subscription information from the user, wherein the certificate update subscription information includes current certificates for those subscriber subjects that the end user has a desire to communicate with, at least one of identity of at least one of subscriber subject, a public key certificate of the at least one subscriber subjects an attribute certificate of the subscriber subject, identity of a certification authority and a cross-certificate;
  
  b) monitoring certificate of the at least one subscriber subject;
  
  c) when a change occurs to the certificate, providing an indication of the change to the user, the method further comprising receiving an indication of a user replica of the certificate from the user, when the use is on-line;
  
  determining whether the user replica of the certificate is consistent with server replica of the certificate; and
  
  when the user replica of the certificate is inconsistent with the server replica of the certificate, providing an indication of the server replica of the certificate to the user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 further comprises providing the indication as at least one of:
    - the server replica of the current certificate and an encoded message identifying differences between the user replica of the certificate and the server replica of the certificate.
  - 10. The method of claim 8 further comprises, within step (c), providing the indication as an encoded message identifying the change to the certificate of the at least one subscriber subject.
  - 11. The method of claim 8 further comprises, within step (b), monitoring the certificate by pulling the certificate and status of the at least one subscriber subject from a certification authority.
  - 12. The method of claim 8 further comprises receiving information to change the certificate of the at least one subscriber subject.
  - 13. The method of claim 8 further comprises, within step (a) receiving from an enduser or system administrator the certificate update subscription information.

14. A method for obtaining public key certificate updates, the method comprising the steps of:
- a) generating, by a user, certificate update subscription information that includes at least identity of at least one subscriber subject that the end user is interested in and their associated public keys, and providing by the user, the public key certificate update subscription information to a server, wherein the public key certificate update subscription information identifies at least one subscriber subject that the end user is interested in and their associated public keys;
  
  b) monitoring, by the server, public key certificate of the at least one subscriber subject;
  
  c) when a change occurs to the public key certificate, providing, by the serverd an indication of the change to the user;
  
  d) while on-line, receiving, by the user, the indication of the change; and
  
  e) determining, by the user, newly updated public key certificate based on the indication of the change;
  
  f) providing, by the user, an indication of a local replica of public key certificate to the server while on-line with the server;
  
  g) determining, by the server, whether the local replica of the public kev certificate is inconsistent with current public key certificate of the at least one subscriber subject; and
  
  h) when the local replica of the public key certificate is inconsistent with the current public key certificate, providing, by the server, an indication of a difference between the local replica of the public key certificate and the current public key certificate.

15. A user of secure communication system, wherein the user comprises:
- processing unit; and
  
  memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to (a) generate certificate update subscription information that includes at least identity of at least one subscriber subject that the user is interested in and their associated public keys, and provide the public key certificate update subscription information to a server;
  
  (b) provide an indication of a local replica of current certificate for those subscriber subjects that the end user has a desire to communicate with to the server while on-line with the server;
  
  (c) receive updated certificate from the server when the updated certificate is inconsistent with the local replica of the current certificate; and
  
  (d) while on-line, receive newly updated certificate from the server, wherein the newly updated certificate relates to information of interest as identified in the certificate update subscription information.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to acknowledge receipt of the indication of the updated certificate.
  - 17. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to provide the certificate update subscription information to include identity of at least one subscriber subject and a public key of the at least one subscriber subject.
  - 18. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to provide the certificate update subscription information to include at least one of:
    - signature public key certificate of at least one subscriber subject and an encryption public key certificate of the at least one subscriber subject.
  - 19. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to receive, as the indication of the newly updated certificate, at least one of a new public key certificate for a subscriber subject, a revocation of a public key certificate of the subscriber subject, a change to the public key certificate of the subscriber subject.
  - 20. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to provide the indication of the local replica as at least one of a copy of the current public key certificate and a message indicating the current public key certificate.
  - 21. The user of claim 15 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to receive the updated certificate as at least one of:
    - updates to the current public key certificate and a message regarding updates to the current public key certificate.

22. A server of secure communication system, wherein the server comprises:
- processing unit;
  
  memory operably coupled to the processing unit, wherein the memory stores programming instructions that, when read by the processing unit, causes the processing unit to (a) generate by a user certificate update subscription information that includes at least identity of at least one subscriber subject that the end user is interested in and their associated public keys, and receive the certificate update subscription information from the user, wherein the certificate update subscription information for those subscriber subjects that the end-user has a desire to communicate with includes at least one of;
  
  identity of at least one of subscriber subject, a public key certificate of the at least one subscriber subject, an attribute certificate of the subscriber subject, identity of a certification authority and a cross-certificate;
  
  (b) monitor certificate of the at least one subscriber subject and the certification authority;
  
  (c) provide an indication of a change to the user when the change occurs to the certificate; and
  
  (i) receive an indication of a user replica of the certificate from the user, when the user is on-line;
  
  (ii) determine whether the user replica of the certificate is consistent with server replica of the certificate; and
  
  (iii) provide an indication of the server replica of the certificate to the use when the user replica of the certificate is inconsistent with the server replica of the certificate.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The server of claim 22 further comprises, within the memory, programming instructions that when read by the processing unit, causes the processing unit to provide the indication as at least one of:
    - the server replica of the current certificate and an encoded message identifying differences between the user replica of the certificate and the server replica of the certificate.
  - 24. The server of claim 22 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to provide the indication as an encoded message identifying the change to the public key certificate of the at least one subscriber subject.
  - 25. The server of claim 22 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to monitor the certificate by pulling a public key certificate and status of the at least one subscriber subject from a certification authority.
  - 26. The server of claim 22 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to receive information to change the certificate of the at least one subscriber subject.
  - 27. The server of claim 22 further comprises, within the memory, programming instructions that, when read by the processing unit, causes the processing unit to receive from an end-user or system administrator the certificate update subscription information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Boeyen, Sharon M., Moses, Timothy E.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
DI LORENZO, ANTHONY

Application Number

US08/924,707
Time in Patent Office

1,824 Days
Field of Search

380/21, 380/23, 380/30, 707/6, 707/8, 707/9, 707/10, 713/155, 713/156, 713/157, 713/158, 713/168, 713/175, 705/76
US Class Current

713/158
CPC Class Codes

G06Q 20/3821 Electronic credentials

H04L 9/3268 using certificate validatio...

Method and apparatus for obtaining status of public key certificate updates

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

345 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for obtaining status of public key certificate updates

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

345 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links