Secure server using public key registration and methods of operation

US 6,715,073 B1
Filed: 12/31/1998
Issued: 03/30/2004
Est. Priority Date: 06/04/1998
Status: Expired due to Fees

First Claim

Patent Images

1. Apparatus for use in establishing a secure exchange of information between an end user and a server in a distributed network environment, the apparatus comprising:

a network-based controller associated with the server and operative to;

(i) control one or more secure areas accessible by one or more authenticated entities for storing data and for executing one or more processes;

(ii) interact with a registration authority, via one of the secure areas, for registering to obtain certification information for use by the end user in establishing a secure exchange of information between the end user and the server, wherein the secure area through which the controller and the registration authority interact is operative to execute a registration process for use in registering the end user to obtain the certification information; and

(iii) interact with a certification authority, via one of the secure areas, for obtaining the certification information, wherein the secure area through which the controller and the certification authority interact is operative to execute a certification process for use in at least one of issuing, renewing and revoking the certification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure-end-to-end communication system for electronic business system and method of operation, e.g., the Internet, includes a web server—vault controller having personal storage vaults in the controller for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. A registration authority running as a software application in the controller processes requests to issue, renew and revoke digital certificates issued by a certification authority using two pairs of public-private keys. The registration authority interacts with the vault controller to decide whether an applicant qualifies to receive a digital certificate. The certification authority running as software application in the controller includes a certificate management system that provides services such as issuing, revoking, suspending, resuming, and renewing a user'"'"'s right to digital certificates.

98 Citations

View as Search Results

23 Claims

1. Apparatus for use in establishing a secure exchange of information between an end user and a server in a distributed network environment, the apparatus comprising:
- a network-based controller associated with the server and operative to;
  
  (i) control one or more secure areas accessible by one or more authenticated entities for storing data and for executing one or more processes;
  
  (ii) interact with a registration authority, via one of the secure areas, for registering to obtain certification information for use by the end user in establishing a secure exchange of information between the end user and the server, wherein the secure area through which the controller and the registration authority interact is operative to execute a registration process for use in registering the end user to obtain the certification information; and
  
  (iii) interact with a certification authority, via one of the secure areas, for obtaining the certification information, wherein the secure area through which the controller and the certification authority interact is operative to execute a certification process for use in at least one of issuing, renewing and revoking the certification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the controller is further operative to interact with a directory to obtain information for use in accordance with accessing the one or more secure areas.
  - 3. The apparatus of claim 1, wherein the certification information comprises a digital certificate.
  - 4. The apparatus of claim 1, wherein at least a portion of the secure areas comprise user secure areas for storing user data and executing user processes.
  - 5. The apparatus of claim 1, wherein the controller is further operative to interact with an agent remote from the controller, the remote agent being enabled to execute a certification information process independent of the server.
  - 6. The apparatus of claim 1, wherein the controller is further operative to map a secure area and a user when a user identifier and a digital certificate are presented.
  - 7. The apparatus of claim 1, wherein the controller is further operative to exchange one or more messages between one or more secure areas and at least one of the certification authority and the registration authority, wherein the one or more messages are one of encrypted and digitally signed.
  - 8. The apparatus of claim 1, wherein the controller is further operative to interact with the end user via a network browser.
  - 9. The apparatus of claim 8, wherein the certification information is stored in association with the network browser for use in authenticating the end user when establishing the secure exchange of information between the end user and the server.
  - 10. The apparatus of claim 1, wherein the one or more secure areas comprise one or more vaults.
  - 11. The apparatus of claim 1, wherein a secure area executes a process therein under a unique user identifier.

12. A method for use in establishing a secure exchange of information between an end user and a server in a distributed network environment, the method comprising the steps of:
- in accordance with a network-based controller associated with the server, the controller;
  
  controlling one or more secure areas accessible by one or more authenticated entities for storing data and for executing one or more processes;
  
  interacting with a registration authority, via one of the secure areas, for registering to obtain certification information for use by the end user in establishing a secure exchange of information between the end user and the server, wherein the secure area through which the controller and the registration authority interact is operative to execute a registration process for use in registering the end user to obtain the certification information; and
  
  interacting with a certification authority, via one of the secure areas, for obtaining the certification information, wherein the secure area through which the controller and the certification authority interact is operative to execute a certification process for use in at least one of issuing, renewing and revoking the certification information.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the controller interacts with a directory to obtain information for use in accordance with accessing the one or more secure areas.
  - 14. The method of claim 12, wherein the certification information comprises a digital certificate.
  - 15. The method of claim 12, wherein at least a portion of the secure areas comprise user secure areas for storing user data and executing user processes.
  - 16. The method of claim 12, wherein the controller interacts with an agent remote from the controller, the remote agent being enabled to execute a certification information process independent of the server.
  - 17. The method of claim 12, wherein the controller maps a secure area and a user when a user identifier and a digital certificate are presented.
  - 18. The method of claim 12, wherein the controller exchanges one or more messages between one or more secure areas and at least one of the certification authority and the registration authority, wherein the one or more messages are one of encrypted and digitally signed.
  - 19. The method of claim 12, wherein the controller interacts with the end user via a network browser.
  - 20. The method of claim 19, wherein the certification information is stored in association with the network browser for use in authenticating the end user when establishing the secure exchange of information between the end user and the server.
  - 21. The method of claim 12, wherein the one or more secure areas comprise one or more vaults.
  - 22. The method of claim 12, wherein a secure area executes a process therein under a unique user identifier.

23. An article of manufacture for use in establishing a secure exchange of information between an end user and a server in a distributed network environment, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
- in accordance with a network-based controller associated with the server, the controller;
  
  controlling one or more secure areas accessible by one or more authenticated entities for storing data and for executing one or more processes;
  
  interacting with a registration authority, via one of the secure areas, for registering to obtain certification information for use by the end user in establishing a secure exchange of information between the end user and the server, wherein the secure area through which the controller and the registration authority interact is operative to execute a registration process for use in registering the end user to obtain the certification information; and
  
  interacting with a certification authority, via one of the secure areas, for obtaining the certification information, wherein the secure area through which the controller and the certification authority interact is operative to execute a certification process for use in at least one of issuing, renewing and revoking the certification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Burns, Robert, Carroll, Robert B., Briggs, Robert, Patel, Paresh, Fisk, Mark, Bacha, Hamid, Ghafir, Hatem, Good, Raymond, Kittel, Drew, Kasturi, Srinivasa, Asad, Khalid, Poetzschke, Dieter, Reider, Roger, Lee, Ku, Pamecha, Amit, Lasida, Lolo, An, Larry, Maruyama, Hiroshi
Primary Examiner(s)
Darrow, Justin T.
Assistant Examiner(s)
Zand, Kambiz

Application Number

US09/223,766
Time in Patent Office

1,916 Days
Field of Search

713/151-152, 713/155-156, 713/201, 713/193, 380/30
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

Secure server using public key registration and methods of operation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

98 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure server using public key registration and methods of operation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links