System and method for suspending and resuming digital certificates in a certificate-based user authentication application system

US 6,775,782 B1
Filed: 03/31/1999
Issued: 08/10/2004
Est. Priority Date: 03/31/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the method comprising the computer-implemented steps of:

receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;

extracting a distinguished name from the received digital certificate;

searching a data structure of user information within the second computer system using the extracted distinguished name;

extracting user information from the data structure based on the extracted distinguished name; and

preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for certificating and authenticating an identity of a customer of a financial institution using digital certificates is provided. The customer and the financial institution communicate via a communications medium. The financial institution receives a digital registration request from the customer and verifies the identity of the customer by reconciling identification data in the digital registration request with identification data in a customer data structure at the financial institution. Responsive to verifying the identity of the customer, the financial institution generates a digital certificate and sends the digital certificate to the customer. When the customer desires access to an on-line application at the financial institution, the customer sends the previously issued digital certificate to the financial institution via the communications link. The financial institution authenticates the digital certificate and grants on-line application access based upon the authenticated digital certificate. The digital certificate may be suspended without being revoked by associatively storing certificate-state information with the distinguished name of the certificate owner, thereby providing a mechanism for suspending and resuming access privileges of the customer.

195 Citations

19 Claims

1. A method for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the method comprising the computer-implemented steps of:
- receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
  
  extracting a distinguished name from the received digital certificate;
  
  searching a data structure of user information within the second computer system using the extracted distinguished name;
  
  extracting user information from the data structure based on the extracted distinguished name; and
  
  preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the digital certificate is formatted according to the X.509 standard.
  - 3. The method of claim 1 wherein the data structure implements a directory service.
  - 4. The method of claim 1 wherein the data structure implements an X.500 directory service.
  - 5. The method of claim 1 wherein the certificate state parameter indicates a suspended state with a “
    - ;
      
      SUSPEND”
      
      string appended to a logon ID in the user information.
  - 6. The method of claim 1 wherein a customizable web server receives the digital certificate and searches for the distinguished name in a directory in which the user'"'"'s distinguished name was previously stored in response to a self-registration process.
  - 7. The method of claim 1 wherein the certificate state parameter in the extracted user information may be removed to indicate that the digital certificate is not in a suspended state.
  - 8. The method of claim 1, wherein the extension field is appended to the login ID.

9. A method for suspending and reinstating a digital certificate in a data processing system, the method comprising the computer-implemented steps of:
- storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
  
  storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.

10. A data processing system for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the data processing system comprising:
- receiving means for receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
  
  extracting means for extracting a distinguished name from the received digital certificate;
  
  searching means for searching a data structure of user information within the second computer system using the extracted distinguished name;
  
  extracting means for extracting user information from the data structure based on the extracted distinguished name; and
  
  preventing means for preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The data processing system of claim 10 wherein the digital certificate is formatted according to the X.509 standard.
  - 12. The data processing system of claim 10 wherein the data structure implements a directory service.
  - 13. The data processing system of claim 10 wherein the data structure implements an X.500 directory service.
  - 14. The data processing system of claim 10 wherein the certificate state parameter indicates a suspended state with a “
    - ;
      
      SUSPEND”
      
      string appended to a logon ID in the user information.
  - 15. The data processing system of claim 10, wherein the extension field is appended to the login ID.

16. A data processing system for suspending and reinstating a digital certificate, the data processing system comprising:
- storing means for storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
  
  storing means for storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.

17. A computer program product in a computer readable medium for suspending an authentication of an identity of a user of a first computer system by a second computer system communicating with the first computer system via a communications medium, the computer program product comprising:
- first instructions for receiving, at the second computer system, a digital certificate from the first computer system that was signed by the second computer system;
  
  second instructions for extracting a distinguished name from the received digital certificate;
  
  third instructions for searching a data structure of user information within the second computer system using the extracted distinguished name;
  
  fourth instructions for extracting user information from the data structure based on the extracted distinguished name; and
  
  fifth instructions for preventing authentication of the user based on a certificate state parameter in the extracted user information that indicates a suspended state of the certificate, wherein an extension field containing the certificate state parameter is associated with a login ID stored in the user information.
- View Dependent Claims (18)
- - 18. The computer program product of claim 17, wherein the extension field is appended to the login ID.

19. A computer program product in a computer readable medium for suspending and reinstating a digital certificate, the computer program product comprising:
- first instructions for storing a suspended-certificate state parameter in a data structure in the data processing system based on a distinguished name associated with the digital certificate, wherein an extension field containing the suspended-certificate state parameter is associated with a login ID stored in the data structure; and
  
  second instructions for storing a reinstated-certificate state parameter in the data structure in the data processing system based on the distinguished name associated with the digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Snap, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Robinson, Ann Mizell, Buros, Karen Lynn, Knaus, Robert James, Dobbs, Bryan Douglas
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
ARANI, TAGHI T

Application Number

US09/282,681
Time in Patent Office

1,959 Days
Field of Search

713/155, 713/171, 713/201, 713/202, 713/170, 713/156, 713/157, 380/25, 380/30, 705/44, 709/229, 709/219
US Class Current

726/2
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/0823   using certificates cryptogr...

System and method for suspending and resuming digital certificates in a certificate-based user authentication application system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

195 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for suspending and resuming digital certificates in a certificate-based user authentication application system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links