Using authentication certificates for authorization
First Claim
1. A method comprising:
- receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain having at least one certificate, and the authentication certificate comprising an SSL (Secure Sockets Layer) digital certificate; and
using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment of the invention is a method to use authentication certificates to authorize peers to particular applications. In addition to using authentication certificates to authenticate the identity and trustworthiness of a peer, authentication certificates are additionally used to authorize peers to particular applications. A list of certificates is maintained in a Peer Authorized Certificate Store (PACS), where the certificates may comprise any combination of root certificates, intermediate certificates, and peer certificates. When an authentication certificate is received from a peer, the peer is authenticated using the authentication certificate; and authorized by checking the authentication certificate against a Peer Authorized Certificate Store (PACS).
-
Citations
19 Claims
-
1. A method comprising:
-
receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain having at least one certificate, and the authentication certificate comprising an SSL (Secure Sockets Layer) digital certificate; and using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates. - View Dependent Claims (2)
-
-
3. A method comprising:
-
receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain that includes at least a root certificate, and the authentication certificate comprasing an SSL (Secure Sockets Layer) digital certificate; using the authentication certificate to authenticate the peer; and using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates. - View Dependent Claims (4, 5)
-
-
6. A tangible machine-readable medium having stored thereon data representing sequences of instructions, the sequences of instructions which, when executed by a processor, result in the processor to perform the following:
- determine if a peer is authentic by authenticating an authentication certificate sent by the peer, the authentication certificate including at least a root certificate in a certificate chain, and the authentication certificate comprising an SSL (Secure Sockets Layer) digital certificate; and
determine if the peer is authorized to an application requested by the peer by using a peer authorized certificate store (PACS). - View Dependent Claims (7, 8)
- determine if a peer is authentic by authenticating an authentication certificate sent by the peer, the authentication certificate including at least a root certificate in a certificate chain, and the authentication certificate comprising an SSL (Secure Sockets Layer) digital certificate; and
-
9. An apparatus comprising:
-
a receiver to receive on a first peer an authentication certificate from a second peer, the authentication certificate having a chain of certificates including at least a root certificate, and at least one intermediate certificate, and the authentication certificate associated with a request for a secure connection to an application; a checker to determine; if the root certificate exists in a peer authorized certification authorities store (PACS), and if the PACS indicates the root certificate is authorized to the application; and if the root certificate does not exist in the PACS, then the checker to determine if any one of the intermediate certificates exists in the PACS and if the PACS indicates any one of the intermediate certificate is authorized to the application; and a validator to authorize the second peer to the application if at least one of the root certificate end one of the at least one intermediate certificates exists in the PACS, and is authorized to the application. - View Dependent Claims (10, 11)
-
-
12. A system comprising:
-
a receiver to receive from a peer an SSL (Secure Sockets Layer) digital certificate having a certificate chain including at least one certificate that is a root certificate; an authenticator to determine if peer is authentic; and an authorizer to determine if the peer is authorized to a given application on the system by determining if any certificate in the certificate chain exists in a peer authorized certification authorities store (PACS) and the PACS indicates authorization to the application. - View Dependent Claims (13)
-
-
14. An apparatus comprising:
- at least one processor; and
a tangible machine-readable medium having instructions encoded thereon, which when executed by the processor, are capable of directing the processor to;
determine if a peer is authentic by authenticating an SSL (Secure Sockets Layer) digital certificate sent by the peer, the SSL digital certificate including at least a root certificate in a certificate chain; and
determine if the peer is authorized to an application requested by the peer by using a peer authorized certificate store (PACS). - View Dependent Claims (15, 16)
- at least one processor; and
-
17. A method comprising:
-
receiving on a first peer an authentication certificate from a second peer, the authentication certificate having a chain of certificates including a root certificate, and at least one intermediate certificate, and the authentication certificate associated with a request for a secure connection to an application; termining if the root certificate exists in a peer authorized certification authorities store (PACS), and if the PACS indicates the root certfficate is authorized to the application; if the root certificate does not exist in the PACS, then determining if one of the at least one intermediate certificates exists in the PACS and if the PACS indicates the one of the at least one intermediate certificates is authorized to the application; and authorizing the second peer to the application if one of the root certificate and the at least one intermediate certificates exists in the PACS, and is authorized to the application. - View Dependent Claims (18, 19)
-
Specification