Authorization infrastructure based on public key cryptography
First Claim
1. A public key authorization infrastructure comprising:
- a client program accessible by a user;
an application program;
a certificate authority issuing a long-term public key identity certificate (long-term certificate) that binds a public key of the user to long-term identification information related to the user;
a directory for storing short-term authorization information related to the user; and
a credentials server for issuing a short-term public key credential certificate (short-term certificate) to the client, the short-term certificate binds the public key of the user to the long-term identification information related to the user from the long term certificate and to the short-term authorization information related to the user from the directory, wherein the short-term certificate includes meta-data related to the short-term certificate and at least one of an expiration date and an expiration time and is never subject to revocation, wherein as long as the at least one of an expiration date and an expiration time has not expired, the short-term certificate can still be used, wherein the client program presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate.
3 Assignments
0 Petitions
Accused Products
Abstract
A public key authorization infrastructure includes a client program accessible by a user and an application program. A certificate authority issues a long-term certificate that binds a public key of the user to long-term identification information related to the user. A directory stores the issued long-term certificate and short-term authorization information related to the user. A credentials server issues a short-term certificate to the client. The short-term certificate binds the public key to the long-term identification information and to the short-term authorization information. The client presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate. The short-term certificate includes an expiration date, and is not subject to revocation.
204 Citations
20 Claims
-
1. A public key authorization infrastructure comprising:
-
a client program accessible by a user; an application program; a certificate authority issuing a long-term public key identity certificate (long-term certificate) that binds a public key of the user to long-term identification information related to the user; a directory for storing short-term authorization information related to the user; and a credentials server for issuing a short-term public key credential certificate (short-term certificate) to the client, the short-term certificate binds the public key of the user to the long-term identification information related to the user from the long term certificate and to the short-term authorization information related to the user from the directory, wherein the short-term certificate includes meta-data related to the short-term certificate and at least one of an expiration date and an expiration time and is never subject to revocation, wherein as long as the at least one of an expiration date and an expiration time has not expired, the short-term certificate can still be used, wherein the client program presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of authorizing a user, the method comprising the steps of:
-
issuing a long-term public key identity certificate (long-term certificate) that binds a public key of the user to long-term identification information related to the user; storing short-term authorization information related to the user; issuing a short-term public key credential certificate (short-term certificate) that binds the public key of the user to the long-term identification information related to the user contained in the long-term certificate and to the short-term authorization information related to the user wherein die short-term certificate includes meta-data related to the short-term certificate and at least one of an expiration date and an expiration time and is never subject to revocation;
wherein as long as the at least one of an expiration date and an expiration time has not expired, the short-term certificate can still be used, and presenting the short-term certificate on behalf of the user to an application program for authorization and demonstrating that the user has knowledge of a private key corresponding to the public key in the short-term certificate. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification