Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system

US 7,069,440 B2
Filed: 03/30/2001
Issued: 06/27/2006
Est. Priority Date: 06/09/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of creating a single sign-on role certificate using a PKI system, comprising:

accessing a PKI system, though a client platform, by a user in which a digital signature certificate has been previously created for the user and transmitting the digital signature certificate to the PKI system;

verifying the identity and validity of the user by accessing a directory using the digital signature certificate;

signaling the client platform to create a private/public key pair;

generating the private/public key pair at the client platform and transmitting the public key of the private/public key pair of the PKI system from the client platform;

transmitting the public key to a domain certificate authority for signature; and

returning the public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program in which a user (132) may have a digital certificate created using a strong authentication technique. Once the user has the digital certificate he may then request the generation of a “single sign-on” certificate that will allow the user (132) access to a foreign computer networks. This is accomplished by the user (132) contacting a registration web server (124) and requesting the generation of “single sign-on” for the foreign computer network. Thereafter, the registration web server (124) may take a public key generated based on the digital certificate and request the creation of a “single sign-on” by simply creating a public key from the digital certificate.

102 Citations

17 Claims

1. A method of creating a single sign-on role certificate using a PKI system, comprising:
- accessing a PKI system, though a client platform, by a user in which a digital signature certificate has been previously created for the user and transmitting the digital signature certificate to the PKI system;
  
  verifying the identity and validity of the user by accessing a directory using the digital signature certificate;
  
  signaling the client platform to create a private/public key pair;
  
  generating the private/public key pair at the client platform and transmitting the public key of the private/public key pair of the PKI system from the client platform;
  
  transmitting the public key to a domain certificate authority for signature; and
  
  returning the public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method recite in claim 1, further comprising:
    - authenticating the user identity; and
      
      verifying the user has authority to receive the public key.
  - 3. The method recite in claim 2, further comprising:
    - delivering a password to the user through the mail to the user'"'"'s home address;
      
      accessing the PKI system by the user using the password; and
      
      receiving the digital signature certificate.
  - 4. The method recite in claim 3, wherein the digital signature may be used for both signatures and encryption.
  - 5. The method recite in claim 1, wherein the verifying the identity and validity of the user by PKI system by accessing a directory using the digital signature certificate further comprises;
    - verifying that the digital signature certificate has not been revoked; and
      
      verifying that the user is still a member of the organization.
  - 6. The method recite in claim 5, further comprising:
    - storing the public key signed by the domain certificate authority in a hardware token, smart card, a computer, a magnetic strip card, or other storage device.
  - 7. The method recite in claim 6, further comprising;
    - accessing a foreign computer network not associated with the PKI system using the public key signed by the domain certificate authority.

8. A computer program embodied on a computer readable medium and executable by a computer to create a single sign-on role certificate using a PKI system, comprising:
- receiving a digital certificate associated with a user from a client platform;
  
  verifying the identity and validity of the user by accessing a directory using the digital signature certificate;
  
  signaling the client platform to create a private/public key pair;
  
  receiving the public key of the private/public key pair from the client platform;
  
  transmitting the public key to a domain certificate authority for signature; and
  
  receiving a signed public key from the domain certificate authority; and
  
  returning the signed public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer program recited in claim 8, further comprising:
    - authenticating the user identity; and
      
      verifying the user has authority to receive the public key.
  - 10. The computer program recited in claim 9, wherein the digital signature certificate may be used for both signature and encryption.
  - 11. The computer program recited in claim 8, wherein verifying the identity and validity of the user by PKI system by accessing a directory using the digital signature certificate further comprises;
    - verifying that the digital signature certificate has not been revoked; and
      
      verifying that the user is still a member of the organization.
  - 12. The computer program recited in claim 11, further comprising:
    - accessing a foreign computer network not associated with the PKI system using the public key signed by the domain certificate authority.

13. A method of creating a single sign-on role certificate using a PKI system, comprising:
- creating a digital signature certificate verifying the identity of a user and authority of the user to obtain the digital signature certificate;
  
  delivering a password to the user through the mail to the users home address;
  
  accessing a PKI system, through a client platform, by the user using the password;
  
  receiving the digital signature certificate from the PKI system;
  
  accessing a PKI system through the client platform, by a user using the digital signature certificate;
  
  verifying the validity of the user by accessing a directory using the digital signature certificate;
  
  signaling the client platform to create a privite/public key pair;
  
  generating the private/public key pair and transmitting the public key of the private/public key pair to the PKI system from the client platform;
  
  transmitting the public key to a domain certificate authority for signature; and
  
  returning the public key to the client platform signed by the domain certificate. authority, wherein the signed public key is operative as the single sign-on role certificate.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method recite in claim 13, wherein the digital signature certificate is used for both signatures and encryption.
  - 15. The method recite in claim 13, wherein verifying the identity and validity of the user by PKI system by accessing directory using the digital signature certificate further comprises;
    - verifying that the digital signature certificate has not been revoked; and
      
      verifying that the user is still a member of the organization.
  - 16. The method recite in claim 15, further comprising:
    - storing the public key signed by the domain certificate authority in a hardware token, smart card, a computer, a magnetic strip card, or other storage device.
  - 17. The method recited in claim 16, further comprising:
    - accessing a foreign computer network not associated with the PKI system using the public key signed by the domain certificate authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northrop Grumman Systems Corporation (Northrop Grumman Corporation)
Original Assignee
Northrop Grumman Corporation
Inventors
Aull, Kenneth W.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Tran, Ellen C

Application Number

US09/822,958
Publication Number

US 20020176582A1
Time in Patent Office

1,915 Days
Field of Search

713/182, 713/201, 713/157, 713/715, 713/156, 713/155, 707/201, 707/1, 707/9, 707/100, 707/101, 380/258, 380/281, 709/227, 709/229
US Class Current

713/175
CPC Class Codes

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6236   between heterogeneous systems

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0442   wherein the sending and rec...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 9/006   involving public key infras...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Y10S 707/99952   Coherency, e.g. same view t...

Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others