Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
First Claim
1. A method of creating a single sign-on role certificate using a PKI system, comprising:
- accessing a PKI system, though a client platform, by a user in which a digital signature certificate has been previously created for the user and transmitting the digital signature certificate to the PKI system;
verifying the identity and validity of the user by accessing a directory using the digital signature certificate;
signaling the client platform to create a private/public key pair;
generating the private/public key pair at the client platform and transmitting the public key of the private/public key pair of the PKI system from the client platform;
transmitting the public key to a domain certificate authority for signature; and
returning the public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and computer program in which a user (132) may have a digital certificate created using a strong authentication technique. Once the user has the digital certificate he may then request the generation of a “single sign-on” certificate that will allow the user (132) access to a foreign computer networks. This is accomplished by the user (132) contacting a registration web server (124) and requesting the generation of “single sign-on” for the foreign computer network. Thereafter, the registration web server (124) may take a public key generated based on the digital certificate and request the creation of a “single sign-on” by simply creating a public key from the digital certificate.
102 Citations
17 Claims
-
1. A method of creating a single sign-on role certificate using a PKI system, comprising:
-
accessing a PKI system, though a client platform, by a user in which a digital signature certificate has been previously created for the user and transmitting the digital signature certificate to the PKI system;
verifying the identity and validity of the user by accessing a directory using the digital signature certificate;
signaling the client platform to create a private/public key pair;
generating the private/public key pair at the client platform and transmitting the public key of the private/public key pair of the PKI system from the client platform;
transmitting the public key to a domain certificate authority for signature; and
returning the public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program embodied on a computer readable medium and executable by a computer to create a single sign-on role certificate using a PKI system, comprising:
-
receiving a digital certificate associated with a user from a client platform;
verifying the identity and validity of the user by accessing a directory using the digital signature certificate;
signaling the client platform to create a private/public key pair;
receiving the public key of the private/public key pair from the client platform;
transmitting the public key to a domain certificate authority for signature; and
receiving a signed public key from the domain certificate authority; and
returning the signed public key to the client platform signed by the domain certificate authority, wherein the signed public key is operative as the single sign-on role certificate. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of creating a single sign-on role certificate using a PKI system, comprising:
-
creating a digital signature certificate verifying the identity of a user and authority of the user to obtain the digital signature certificate;
delivering a password to the user through the mail to the users home address;
accessing a PKI system, through a client platform, by the user using the password;
receiving the digital signature certificate from the PKI system;
accessing a PKI system through the client platform, by a user using the digital signature certificate;
verifying the validity of the user by accessing a directory using the digital signature certificate;
signaling the client platform to create a privite/public key pair;
generating the private/public key pair and transmitting the public key of the private/public key pair to the PKI system from the client platform;
transmitting the public key to a domain certificate authority for signature; and
returning the public key to the client platform signed by the domain certificate. authority, wherein the signed public key is operative as the single sign-on role certificate. - View Dependent Claims (14, 15, 16, 17)
-
Specification