Sender driven certification enrollment system
First Claim
1. An apparatus for generating a digital certificate for a recipient by a sender, comprising:
- a sending computer for use by said sender;
a receiving computer for use by said recipient;
a database for storing recipient information;
means for initiating certificate enrollment in response to a request for a public key by the sending computer;
means for querying said database by said sender for said stored recipient information;
means for gathering private recipient information from said recipient;
means for comparing said gathered private recipient information and said stored recipient information;
means for controllably generating a digital certificate comprising a public key and a private key at said receiving computer;
means for storing said digital certificate; and
means for transferring said public key to said sending computer.
5 Assignments
0 Petitions
Accused Products
Abstract
A sender driven certificate enrollment system and methods of its use are provided, in which a sender controls the generation of a digital certificate that is used to encrypt and send a document to a recipient in a secure manner. The sender compares previously stored recipient information to gathered information from the recipient. If the information matches, the sender transfers key generation software to the recipient, which produces the digital certificate, comprising a public and private key pair. The sender can then use the public key to encrypt and send the document to the recipient, wherein the recipient can use the matching private key to decrypt the document.
-
Citations
41 Claims
-
1. An apparatus for generating a digital certificate for a recipient by a sender, comprising:
-
a sending computer for use by said sender;
a receiving computer for use by said recipient;
a database for storing recipient information;
means for initiating certificate enrollment in response to a request for a public key by the sending computer;
means for querying said database by said sender for said stored recipient information;
means for gathering private recipient information from said recipient;
means for comparing said gathered private recipient information and said stored recipient information;
means for controllably generating a digital certificate comprising a public key and a private key at said receiving computer;
means for storing said digital certificate; and
means for transferring said public key to said sending computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
a server interposed between said sending computer and said receiving computer.
-
-
3. The apparatus of claim 2, wherein said database for storing recipient information is located on said server.
-
4. The apparatus of claim 2, wherein said means for querying said database by said sender for said stored recipient information is located on said server.
-
5. The apparatus of claim 2, wherein said means for gathering private recipient information from said recipient is located on said server.
-
6. The apparatus of claim 2, wherein said means for comparing said gathered private recipient information and said stored recipient information is located on said server.
-
7. The apparatus of claim 2, wherein said means for storing said digital certificate is located on said server.
-
8. The apparatus of claim 1, further comprising:
a certificate digest comprising said stored recipient information and sender selectable options for said digital certificate.
-
9. The apparatus of claim 1, wherein said means for gathering private recipient information from said recipient includes an e-mail message to said recipient.
-
10. The apparatus of claim 9, wherein said e-mail message to said recipient contains an URL reference.
-
11. The apparatus of claim 1, wherein said means for gathering private recipient information takes place over a secure socket layer channel.
-
12. The apparatus of claim 1, wherein said means for gathering private recipient information includes HTML forms to be filled by said recipient.
-
13. The apparatus of claim 1, wherein said means for controllably generating a digital certificate is a Java applet™
- .
-
14. The apparatus of claim 1, wherein said digital certificate is stored using a PKCS12 format.
-
15. A method of generating a digital certificate for a recipient by a sender, comprising the steps of:
-
initiating certificate enrollment in response to a request for a public key by the sender;
querying a database for stored recipient information;
gathering information from said recipient;
comparing said gathered information with said queried, stored recipient information;
selectively transferring software to said recipient based upon said comparison;
selectively generating said digital certificate at said recipient with said software, said digital certificate comprising a public key and a private key; and
transferring a copy of said public key to said sender. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27)
transferring a copy of said public key to said sender.
-
-
17. The method of claim 15, wherein said database for storing recipient information is located on a server.
-
18. The method of claim 15, wherein said step of querying said database is performed by a server.
-
19. The method of claim 15, wherein said step of gathering information from said recipient is performed by a server.
-
20. The method of claim 15, wherein said step of comparing said gathered information with said queried, stored recipient information is performed by a server.
-
21. The method of claim 15, further comprising the step of:
generating a certificate digest comprising said stored recipient information and sender selectable options for said digital certificate.
-
22. The method of claim 15, wherein said step of gathering information from said recipient includes an e-mail message to said recipient.
-
24. The method of claim 15, wherein said step of gathering information from said recipient takes place over a secure socket layer channel.
-
25. The method of claim 15, wherein said step of gathering information from said recipient uses HTML forms to be filled by said recipient.
-
26. The method of claim 15, wherein said software is a Java applet™
- .
-
27. The method of claim 15, wherein said digital certificate is stored using a PKCS12 format.
-
23. The method of claim 23, wherein said e-mail message to said recipient contains an URL reference.
-
28. An apparatus for controlling generating a digital certificate for a recipient by a sender, comprising:
-
a sending computer for use by said sender;
a receiving computer for use by said recipient;
a database for storing recipient information;
means for initiating certificate enrollment in response to a request for a public key by the sending computer;
means for gathering information from said recipient; and
means for controllably generating a digital certificate for said recipient if said gathered information and said stored recipient information match. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
a server interposed between said sending computer and said receiving computer.
-
-
30. The apparatus of claim 29, wherein said database for storing recipient information is located on said server.
-
31. The apparatus of claim 29, wherein said means for gathering information from said recipient is located on said server.
-
32. The apparatus of claim 29, wherein said means for controllably generating a digital certificate is located on said server.
-
33. The apparatus of claim 29, wherein said means for controllably generating a digital certificate includes software that is downloadable from said server to said receiving computer.
-
34. The apparatus of claim 29, wherein said server includes means for storing said digital certificate.
-
35. The apparatus of claim 28, further comprising:
a certificate digest comprising said stored recipient information and sender selectable options for said digital certificate.
-
36. The apparatus of claim 28, wherein said means for gathering information from said recipient includes an e-mail message to said recipient.
-
37. The apparatus of claim 36, wherein said e-mail message to said recipient contains an URL reference.
-
38. The apparatus of claim 28, wherein said means for gathering information from said recipient takes place over a secure socket layer channel.
-
39. The apparatus of claim 28, wherein said means for gathering information from said recipient includes HTML forms to be filled by said recipient.
-
40. The apparatus of claim 28, wherein said means for controllably generating a digital certificate is a Java applet™
- .
-
41. The apparatus of claim 28, wherein said digital certificate is stored using a PKCS12 format.
Specification