Centralized certificate management system for two-way interactive communication devices in data networks
First Claim
1. A method for managing centralized certificates in a proxy scrver device for a plurality of thin client devices coupled to said proxy server through a data network, the method comprising:
- maintaining a user account database, wherein said user account database is not one of said thin client devices, said user account database accessible by said proxy server that performs communication on behalf of said thin client devices, said user account database comprising a plurality of user accounts, each of the thin client devices associated with one of said user accounts wherein each of the user accounts comprises a device ID and at least one certificate assigned to the user account; and
accessing a secure server from a first thin client device through said proxy server device using a first certificate assigned to a first user account associated with said first thin client device.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention discloses a centralized certificate management system for thin client devices in data networks and has particular applications to systems having a large number of the thin clients serviced by a proxy server through which the thin clients communicate with a plurality of secure server computers over a data network. According to one aspect, the present invention comprises a certificate management module that causes the server device to manage digital certificates for each of the thin client devices. To minimize the latency of obtaining certificates for each of the thin client devices, the certificate management module reserves a fixed number of free certificates signed by a certificate authority and their respective private keys in a certificate database and frequently updates the free certificate according to a certificate updating message. Whenever a user account is created for a thin client device, the certificate management module fetches one or more free certificates from the certificate database and associate the fetched certificates to the created account and meanwhile the certificate management module creates new free certificates with the certificate authority to fill in the certificate database. Apart from the tradition of obtaining certificates locally in client devices that normally have sufficient computing power, the present invention uses the computing resources in a server device to carry out the task of obtaining and maintaining certificates asynchronously in the proxy server and further. These and other features in the present invention dramatically minimize the demands for computing power and memory in thin client devices like mobile devices, cellular phones, landline telephones or Internet appliance controllers.
140 Citations
11 Claims
-
1. A method for managing centralized certificates in a proxy scrver device for a plurality of thin client devices coupled to said proxy server through a data network, the method comprising:
-
maintaining a user account database, wherein said user account database is not one of said thin client devices, said user account database accessible by said proxy server that performs communication on behalf of said thin client devices, said user account database comprising a plurality of user accounts, each of the thin client devices associated with one of said user accounts wherein each of the user accounts comprises a device ID and at least one certificate assigned to the user account; and
accessing a secure server from a first thin client device through said proxy server device using a first certificate assigned to a first user account associated with said first thin client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
maintaining a free certificate database accessible by said proxy server, the free certificate database comprising a plurality of free certificates issued by a Certificate Authority (CA) wherein each of the free certificates has a corresponding public key and a corresponding private key.
-
-
3. The method as recited in claim 2 further comprising:
-
receiving a certificate request when the number of free certificates in the certificate database is lower than a low threshold number; and
generating a new certificate wherein generating the new certificate comprises, generating a distinguished name for the new certificate;
generating a new private key and a new public key for the new certificate;
sending a certificate request to the CA wherein the certificate request comprises the generated new public key;
receiving the new certificate signed by the CA; and
depositing the new certificate in the free certificate database.
-
-
4. The method as recited in claim 1 further comprising:
-
retrieving one of the free certificates from said free certificate database when a new thin client device is activated;
establishing a new user account comprising a new device ID and a new subscriber ID; and
associating the retrieved free certificate and the corresponding private key and public key with the new user account having the new device ID.
-
-
5. The method as recited in claim 2 further comprising:
updating the free certificates in the free certificate database upon receiving a certificate updating request.
-
6. The method as recited in claim 5 wherein updating the free certificates in the free certificate database upon receiving the certificate updating request comprises removing an invalid certificate from the free certificate database when the certificate updating request is a certificate revocation list.
-
7. The method as recited in claim 1 further comprising:
updating a user account in the user account database associated with a valid device ID upon receiving a newly provisioned usemame and password from a thin client device having said valid device ID.
-
8. The method as recited in claim 5 wherein the updating the free certificates in the certificate database upon receiving the certificate updating request comprises deleting a certificate from the certificate database according to an insert/delete query in the certificate updating request.
-
9. The method as recited in claim 1 wherein a user account in the user account database may be accessed from a computer coupled to said proxy server through the global Internet.
-
10. The method as recited in claim 9 wherein a valid username and password must be supplied to access said user account.
-
11. The method as recited in claim 1 wherein said first computer system and said proxy server comprise a single server system.
Specification