Automated tracking of certificate pedigree

US 7,047,409 B1
Filed: 10/16/2000
Issued: 05/16/2006
Est. Priority Date: 06/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of automatically tracking a certificate pedigree comprising:

providing a new user with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust commensurate with a category of hardware of which the provided piece of hardware is a member;

providing an automated registration arrangement which can only be accessed by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein;

signing a certificate request by the provided piece of hardware using a private key associated with the predetermined pedigree certificate to provide the new user with the individual signature certificate; and

providing the new user with an individual signature certificate from the automated registration arrangement upon the new user accessing the automated registration arrangement using the provided piece of hardware, the individual signature certificate having a level of trust commensurate with that of the pedigree certificate and wherein the automated registration arrangement flags the new user'"'"'s individual signature certificate with the level of trust of the pedigree certificate in an appropriate storage area.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of automatically tracking a certificate pedigree is provided, in which a new user is provided with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust bearing a relationship to a category of hardware of which the provided piece of hardware is a member. An automated registration arrangement is provided which can be accessed only by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein. When the new user accesses the automated registration arrangement using the provided piece of hardware, the automated registration arrangement provides the new user with an individual signature certificate having a level of trust commensurate with that of the pedigree certificate. The automated registration arrangement flags the new user'"'"'s individual signature certificate with the level of trust of the pedigree certificate in an appropriate storage area, including the certificate itself.

Citations

18 Claims

1. A method of automatically tracking a certificate pedigree comprising:
- providing a new user with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust commensurate with a category of hardware of which the provided piece of hardware is a member;
  
  providing an automated registration arrangement which can only be accessed by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein;
  
  signing a certificate request by the provided piece of hardware using a private key associated with the predetermined pedigree certificate to provide the new user with the individual signature certificate; and
  
  providing the new user with an individual signature certificate from the automated registration arrangement upon the new user accessing the automated registration arrangement using the provided piece of hardware, the individual signature certificate having a level of trust commensurate with that of the pedigree certificate and wherein the automated registration arrangement flags the new user'"'"'s individual signature certificate with the level of trust of the pedigree certificate in an appropriate storage area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising providing the user with at least two pieces of information, wherein, upon the new user accessing the automated registration arrangement, the automated registration arrangement requires the user to provide the at least two pieces of information prior to providing the individual signature certificate to the user.
  - 3. The method of claim 2, wherein one of the at least two pieces of information is provided to the user by the automated registration arrangement in response to the user providing an additional piece of information to the automated registration arrangement.
  - 4. The method of claim 3, wherein one of the at least two pieces of information is provided to the user by a personal registration authority.
  - 5. The method of claim 2, wherein one of the at least two pieces of information is provided to the user by a personal registration authority.
  - 6. The method of claim 2, wherein each of the at least two pieces of information comprises one of either a PIN (Personal Identity Number) or a password.
  - 7. The method of claim 1, wherein the provided piece of hardware comprises one of a personal computer or a smart card or a hardware token.
  - 8. The method of claim 1, wherein the automated registration arrangement comprises a special registration Web page.
  - 9. The method of claim 1, further comprising validating that the certificate request was signed by the provided piece of hardware by verifying that the private key is associated with the predetermined pedigree certificate contained within the provided piece of hardware.

10. An apparatus for automatically tracking a certificate pedigree comprising:
- a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust commensurate with a category of hardware of which the provided piece of hardware is a member;
  
  an automated registration arrangement which can only be accessed by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein;
  
  a private key associated with the predetermined pedigree certificate, the private key being operative to sign a certificate request to provide the new user with an individual signature certificate;
  
  wherein, upon a new user accessing the automated registration arrangement using the piece of hardware, the automated registration arrangement provides the new user with the individual signature certificate having a level of trust commensurate with that of the pedigree certificate and wherein the automated registration arrangement flags the new user'"'"'s individual signature certificate with the level of trust of the pedigree certificate in an appropriate storage area.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, further comprising at least two pieces of information, wherein, upon the new user accessing the automated registration arrangement requires the user to provide the at least two pieces of information prior to providing the individual signature certificate to the user.
  - 12. The apparatus of claim 11, wherein one of the at least two pieces of information is provided to the user by the automated registration arrangement in response to the user providing an additional piece of information to the automated registration arrangement.
  - 13. The apparatus of claim 11, wherein one of the at least two pieces of information is provided to the user by a personal registration authority.
  - 14. The apparatus of claim 11, wherein each of the at least two pieces of information comprises one of either a PIN (Personal Identity Number) or a password.
  - 15. The apparatus of claim 10, wherein one of the at least two pieces of information is provided to the user by a personal registration authority.
  - 16. The apparatus of claim 10, wherein the piece of hardware comprises one of a personal computer or a smart card or a hardware token.
  - 17. The apparatus of claim 10, wherein the automated registration arrangement comprises a special registration Web page.
  - 18. The apparatus of claim 10, wherein the certificate request is validated by a certification authority by verifying that the private key is associated with the predetermined pedigree certificate contained within the provided piece of hardware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Aull, Kenneth W., McCullough, Vincent J.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US09/690,279
Time in Patent Office

2,038 Days
Field of Search

713156-158, 713/159, 713/172, 713/173, 713/166, 713/175
US Class Current

713/173
CPC Class Codes

G06F 21/33   using certificates

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6236   between heterogeneous systems

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/006   involving public key infras...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Automated tracking of certificate pedigree

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automated tracking of certificate pedigree

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links