System and method for suspending and resuming digital certificates in a certificate-based user authentication application system
First Claim
1. A method for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the method comprising the computer-implemented steps of:
- receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
extracting a distinguished name from the received digital certificate;
searching a data structure of user information within the second computer system using the extracted distinguished name;
extracting user information from the data structure based on the extracted distinguished name; and
preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for certificating and authenticating an identity of a customer of a financial institution using digital certificates is provided. The customer and the financial institution communicate via a communications medium. The financial institution receives a digital registration request from the customer and verifies the identity of the customer by reconciling identification data in the digital registration request with identification data in a customer data structure at the financial institution. Responsive to verifying the identity of the customer, the financial institution generates a digital certificate and sends the digital certificate to the customer. When the customer desires access to an on-line application at the financial institution, the customer sends the previously issued digital certificate to the financial institution via the communications link. The financial institution authenticates the digital certificate and grants on-line application access based upon the authenticated digital certificate. The digital certificate may be suspended without being revoked by associatively storing certificate-state information with the distinguished name of the certificate owner, thereby providing a mechanism for suspending and resuming access privileges of the customer.
195 Citations
19 Claims
-
1. A method for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the method comprising the computer-implemented steps of:
-
receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
extracting a distinguished name from the received digital certificate;
searching a data structure of user information within the second computer system using the extracted distinguished name;
extracting user information from the data structure based on the extracted distinguished name; and
preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for suspending and reinstating a digital certificate in a data processing system, the method comprising the computer-implemented steps of:
-
storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.
-
-
10. A data processing system for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the data processing system comprising:
-
receiving means for receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
extracting means for extracting a distinguished name from the received digital certificate;
searching means for searching a data structure of user information within the second computer system using the extracted distinguished name;
extracting means for extracting user information from the data structure based on the extracted distinguished name; and
preventing means for preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A data processing system for suspending and reinstating a digital certificate, the data processing system comprising:
-
storing means for storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
storing means for storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.
-
-
17. A computer program product in a computer readable medium for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the computer program product comprising:
-
first instructions for receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
second instructions for extracting a distinguished name from the received digital certificate;
third instructions for searching a data structure of user information within the second computer system using the extracted distinguished name;
fourth instructions for extracting user information from the data structure based on the extracted distinguished name; and
fifth instructions for preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information. - View Dependent Claims (18)
-
-
19. A computer program product in a computer readable medium for suspending and reinstating a digital certificate, the computer program product comprising:
-
first instructions for storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
second instructions for storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.
-
Specification