System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature
First Claim
1. A method of creating a role certificate by a user, comprising:
- transmitting a role approval form, filled out and digitally signed by the user using a personal digital signature, to at least one personal role approval, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members;
signing digitally the role approval form by the personal role approval using a personal digital signature;
creating a role certificate upon receipt of the role approval form signed by the user and the personal role approval;
notifying the user of the availability of the role certificate; and
transmitting the role certificate to the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program in which a user (132) may access the registration web server for the purpose of creating and utilizing a role certificate. This role certificate has policies associated with it and may be utilized for both encryption and as a digital signature. Individuals in a group share the same role certificate and can sign on behalf of the group. Further, individuals may decrypt messages sent to the group or any member of the group which have been encrypted using the role certificate. This method and computer program utilizes a directory (108) to maintain a list of all role certificates, their respective role administrators and all members of the organization that may utilize them. A key recovery authority (114) is utilized to recover expired role certificates. A certificate authority (110) is utilized to create and delete these role certificates. Further, a registration authority (112) is utilized to add and remove a previously created role.
94 Citations
66 Claims
-
1. A method of creating a role certificate by a user, comprising:
-
transmitting a role approval form, filled out and digitally signed by the user using a personal digital signature, to at least one personal role approval, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; signing digitally the role approval form by the personal role approval using a personal digital signature; creating a role certificate upon receipt of the role approval form signed by the user and the personal role approval; notifying the user of the availability of the role certificate; and transmitting the role certificate to the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of using a role certificate as an organizational stamp and for organizational encryption by a plurality of role members of a group, comprising:
-
filling out an electronic form by a role member of the plurality of role members of the group, wherein the role member is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; signing digitally the electronic form by the role member using the role certificate; signing digitally the electronic form by the role member using a personal signature certificate; and transmitting the electronic form to an entity. - View Dependent Claims (8, 9, 10)
-
-
11. A method of replacing an expiring role certificate, comprising:
-
displaying a list of roles to a user who is either a role member or a role administrator; wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; selecting a role which is about to expire for renewal by the user; determining if the user is authorized to renew the role based upon verification of the user'"'"'s personal digital signature; generating a new role certificate having a private and public key; and transmitting the new role certificate to the user. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method of revoking a role certificate used as an organizational stamp and for organizational encryption by authorized members of the organization, comprising:
-
transmitting a signature certificate to a registration web server by a user, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; authenticating by accessing a directory that the user is still a member of the organization; listing roles of which the user is a role member or a role authority; and removing the role certificate associated with the role from a directory database. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method of recovery of an expired role certificate associated with the role used for organizational encryption and as an organizational stamp, comprising:
-
transmitting a request to recover the expired role certificate along with a digital signature from a role member, wherein a role member is an entity having a right to digitally sign organizational documents using the role certificate and decrypting information sent to members of the organization which has been encrypted using the role certificate; listing all roles that the role member is listed as a role member on; selecting the expired role certificate from the list of roles by the role member for recovery; contacting a key recovery authority for a copy of the role certificate; and transmitting the role certificate to the role member. - View Dependent Claims (23, 24, 25)
-
-
26. A method of revoking a role certificate and an associated role by a role administrator, comprising:
-
transmitting a request to revoke the role certificate of a role member and the associated role by the role administrator for the role certificate along with a signature certificate for the role administrator, wherein the role member is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; searching a database for all role certificates in which the role administrator is listed as a role administrator; displaying to the role administrator all role certificates discovered; selecting a role certificate by the role administrator to be removed; and deleting both the role certificate and the role from the database. - View Dependent Claims (27, 28)
-
-
29. A method of recovering a former role and an associated role certificate by a role administrator, comprising:
-
identifying a role certificate to be recovered; searching a database to determine if any role members associated with the role certificate are still in the organization, wherein each of the role members are members of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; transmitting to at least one recovery agent a request for approval for the recovering of the role certificate when no role members are discovered to be in the organization; receiving approval from the at least one recovery agent for recovery of the role certificate; transmitting to the at least one recovery agent the role certificate retrieved when the recovery agent supplies an approval to recover the role certificate; and transmitting the role certificate to the role administrator by the recovery agent. - View Dependent Claims (30, 31)
-
-
32. A computer program embodied on a computer readable medium and executable by a computer to create a role certificate for a user, comprising:
-
transmitting a role approval form filled out and digitally signed by the user using a personal digital signature to at least one personal role approval, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; signing digitally the role approval form by the personal role approval using a personal digital signature; creating a role certificate upon receipt of the role approval form signed by the user and all personal role approval; notifying the user of the availability of the role certificate; and transmitting the role certificate to the user. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A computer program embodied on a computer readable medium and executable by a computer for using a role certificate as an organizational stamp and for organizational encryption by a plurality of role members of a group, comprising:
-
filling out an electronic form by a role member of the plurality of role members of the group, wherein the role member is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; signing digitally the electronic form by the role member using the role certificate; signing digitally the electronic form by the role member using a personal signature certificate; and transmitting the electronic form to an entity. - View Dependent Claims (39, 40, 41)
-
-
42. A computer program embodied on a computer readable medium and executable by a computer for replacing an expiring role certificate, comprising:
-
displaying a list of roles to a user who is either a role member of or a role administrator, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; selecting a role which is about to expire for renewal by the user; determining if the user is authorized to renew the role based upon verification of the user'"'"'s personal digital signature; generating a new role certificate having a private and public key; and transmitting the new role certificate to the user. - View Dependent Claims (43, 44, 45, 46, 47)
-
-
48. A computer program embodied on a computer readable medium and executable by a computer for revoking a role certificate used as an organizational stamp and for organizational encryption by authorized members of the organization, comprising;
-
transmitting a signature certificate to a registration web server by a user, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; authenticating by accessing a directory that the user is still a member of the organization; listing roles of which the user is a role member or a role authority; and removing the role certificate associated with the role from a directory database. - View Dependent Claims (49, 50, 51, 52)
-
-
53. A computer program embodied on the computer readable medium and executable by computer for recovery of an expired role certificate associated with the role used for organizational encryption and as an organizational stamp, comprising:
-
transmitting a request to recover the expired role certificate along with a digital signature from a role member, wherein a role member is an entity having a right to digitally signed organizational documents using the role certificate and decrypting information sent to members of the organization which have been encrypted using the role certificate; listing all roles that the role member is listed as a role member on; selecting the expired role certificate from the list of roles by the role member for recovery; contacting a key recovery authority for a copy of the role certificate; and transmitting the role certificate to the role user. - View Dependent Claims (54, 55, 56)
-
-
57. A computer program embodied on a computer readable medium and executable by a computer for revoking a role certificate and an associated role by a role administrator, comprising:
-
transmitting a request to revoke the role certificate of a role member and the associated role by the role administrator for the role certificate along with a signature certificate for the role administrator, wherein the user is a member of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; searching a database for all role certificates in which the role administrator is listed as a role administrator; displaying to the role administrator all role certificate discovered; selecting a role certificate by the role administrator to be removed; and deleting both the role certificate and the role from the database. - View Dependent Claims (58, 59)
-
-
60. A computer program embodied on a computer readable medium and executable by a computer for recovering a former role and an associated role certificate by a role administrator, comprising:
-
identifying a role certificate to be recovered; searching a database to determine if any role members associated with the role certificate are still with the organization, wherein the each of the role members are members of a group authorized to utilize the role certificate as a group stamp and for encryption of information which may be decrypted by a plurality of group members; transmitting to at least one recovery agent a request for approval for the recovering of the role certificate; receiving approval from the at least one recovery agent for recovery of the role certificate; transmitting to the at least one recovery agent the role certificate retrieved; and transmitting the role certificate to the role administrator by the recovery agent. - View Dependent Claims (61, 62)
-
-
63. A role certificate for organizational encryption and for use as an organizational stamp or seal, comprising:
-
a public key to be transmitted to entities outside the organization to use as an encryption key; a private key to decrypt information encrypted using the public key; a signature algorithm ID to be used in generating a digital signature with the role certificate; a validity period indicating when the role certificate will expire; extensions having a plurality of bits which designate characteristics associated with the role certificate, wherein when a bit for encryption is set and a bit for signature is set, the role certificate may be used for both digital signatures and encryption; and a policy defining the limitations on valid usage of the role certificate. - View Dependent Claims (64, 65, 66)
-
Specification