Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller

US 6,892,300 B2
Filed: 01/08/2003
Issued: 05/10/2005
Est. Priority Date: 06/04/1998
Status: Expired due to Fees

First Claim

Patent Images

1. Apparatus for use in establishing a secure exchange of information between an end user and a secure server in a distributed network environment, the apparatus comprising:

An agent accessible by the end user and remote from the secure server, wherein the secure server enables storage of data in one or more storage areas accessible by one or more authenticated users and enables execution of at least one process, the remote agent operative to;

(i) interact with the at least one process, enabled by said secure server, on a non-network basis; and

(ii) obtain data associated with the at least one process for use by the end user in establishing a secure exchange of information between the end user and the secure server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure end-to-end communications system provides end users access to vault-based custom applications of an organization for purposes of conducting electronic commerce. The system includes a web-based vault controller running an application, e.g. a registrations application in a vault cryptographically linked to a database and a Certificate Management System (CMS) for generating digital certificates, and at least one remote vault agent coupled to the vault controller for providing vault-based custom applications to end users. An X.500 directory is coupled to the CMS and cryptographically linked to the remote vault agents for storing end user data. The remote vault agent is an application which comprises a collection of Application Programming Interfaces (APIs) which provide a secure interface to the vault controller; a Lightweight Data Access Protocol (LDAP) used to access the X.500 directory; a secure depositor coupled to vault-based custom applications of an organization. The secure depositor includes APIs to perform cryptographic functions in passing communications between vaults used by the vault agent and vaults used by the vault controller or vaults used by other vault agent applications and a secure depositor library which uses functions in the LDAP to access the X.500 directory. The remote vault agent accesses the web based vault controller on a non-web basis to enable remote custom applications to communicate securely with vault-based applications, such as a registration application that administers digital certificates.

55 Citations

View as Search Results

25 Claims

1. Apparatus for use in establishing a secure exchange of information between an end user and a secure server in a distributed network environment, the apparatus comprising:
- An agent accessible by the end user and remote from the secure server, wherein the secure server enables storage of data in one or more storage areas accessible by one or more authenticated users and enables execution of at least one process, the remote agent operative to;
  
  (i) interact with the at least one process, enabled by said secure server, on a non-network basis; and
  
  (ii) obtain data associated with the at least one process for use by the end user in establishing a secure exchange of information between the end user and the secure server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus of claim 1, wherein the at least one process comprises a certificate management application and the data obtained by the agent comprises a digital certificate.
  - 3. The apparatus of claim 2, wherein, in accordance with the certificate management application, the digital certificate may be at least one of issued, revoked, suspended and resumed.
  - 4. The apparatus of claim 2, wherein, in accordance with the digital certificate, the remote agent is further operative to provide the end user access to one or more electronic commerce-based applications enabled by the secure server.
  - 5. The apparatus of claim 1, wherein the one or more storage areas comprise one or more vaults.
  - 6. The apparatus of claim 5, wherein the secure server has associated therewith a vault controller for controlling the one or more vaults.
  - 7. The apparatus of claim 6, wherein the remote agent comprises an application programming interface for accessing functions associated with the remote agent.
  - 8. The apparatus of claim 6, wherein the remote agent comprises one or more cryptographic functions for at least one of encrypting, decrypting, signing and verifying data associated with communications between the remote agent and the vault controller.
  - 9. The apparatus of claim 6, wherein the remote agent is operative to communicate with a remote directory to obtain information in accordance with a lightweight directory access protocol (LDAP) in order to access the one or more vaults controlled by the vault controller.
  - 10. The apparatus of claim 9, wherein the obtained information comprises identifying information used to map to the vault to be accessed.
  - 11. The apparatus of claim 10, wherein the remote agent utilizes at least a portion of the identifying information to perform a vault owner/vault identifier verification operation.
  - 12. The apparatus of claim 6, wherein the remote agent is further operative to provide an application executing in accordance with the vault controller with information associated with the end user stored at a remote site.

13. A method for use in establishing a secure exchange of information between an end user and a secure server in a distributed network environment, the method comprising the steps of:
- in accordance with an agent accessible by the end user and remote from the secure server, wherein the secure server enables storage of data in one or more storage areas accessible by one or more authenticated users and enables execution of at least one process, the remote agent;
  
  interacting with the at least one process, enabled by said secure server, on a non-network basis; and
  
  obtaining data associated with the at least one process for use by the end user in establishing a secure exchange of information between the end user and the secure server.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, wherein the at least one process comprises a certificate management application and the data obtained by the agent comprises a digital certificate.
  - 15. The method of claim 14, wherein, in accordance with the certificate management application, the digital certificate may be at least one of issued, revoked, suspended and resumed.
  - 16. The method of claim 14, wherein, in accordance with the digital certificate, the remote agent provides the end user access to one or more electronic commerce-based applications enabled by the secure server.
  - 17. The method of claim 13, wherein the one or more storage areas comprise one or more vaults.
  - 18. The method of claim 17, wherein the secure server has associated therewith a vault controller for controlling the one or more vaults.
  - 19. The method of claim 18, wherein the remote agent comprises an application programming interface for accessing functions associated with the remote agent.
  - 20. The method of claim 18, wherein the remote agent comprises one or more cryptographic functions for at least one of encrypting, decrypting, signing and verifying data associated with communications between the remote agent and the vault controller.
  - 21. The method of claim 18, wherein the remote agent communicates with a remote directory to obtain information in accordance with a lightweight directory access protocol in order to access the one or more vaults controlled by the vault controller.
  - 22. The method of claim 21, wherein the obtained information comprises identifying information used to map to the vault to be accessed.
  - 23. The method of claim 22, wherein the remote agent utilizes at least a portion of the identifying information to perform a vault owner/vault identifier verification operation.
  - 24. The method of claim 18, wherein the remote agent provides an application executing in accordance with the vault controller with information associated with the end user stored at a remote site.

25. An article of manufacture for use in establishing a secure exchange of information between an end user and a secure server in a distributed network environment, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
- in accordance with an agent accessible by the end user and remote from the secure server, wherein the secure server enables storage of data in one or more storage areas accessible by one or more authenticated users and enables execution of at least one process, the remote agent;
  
  interacting with the at least one process, enabled by said secure server, on a non-network basis; and
  
  obtaining data associated with the at least one process for use by the end user in establishing a secure exchange of information between the end user and the secure server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Briggs, Robert, Carroll, Robert B., Bacha, Hamid
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Zand, Kambiz

Application Number

US10/338,364
Publication Number

US 20030105955A1
Time in Patent Office

853 Days
Field of Search

713/156, 713/167, 713/168, 713/182, 713/201, 709/229, 709/201, 709/203
US Class Current

713/156
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication system and method of operation for conducting electronic commerce using remote vault agents interacting with a vault controller

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links