Method and system for user generated keys and certificates
First Claim
1. A method comprising:
- having an identity authenticated in a first system;
a second system causing a key to be generated for use in the second system;
the second system generating a certificate for the key; and
establishing the identity of a user in the second system by signing the certificate for the key using the authenticated identity of the user in the first system,wherein the certificate for the key for use in the second system contains usage limitations, including a temporal limit on usage,wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed,wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and
wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and system to allow user generation of a private-public key pair and an associated user generated certificate to establish the identity of a user based upon signing the user generated certificate with a private key of a private-public key pair associated with a certificate issued by a Certification Authority (CA). The user generated certificate thereby allows the user that generated the certificate to establish a secure session with a third party without multiple use of the certificate issued by the CA, typically for use on another network infrastructure. The method and system are particularly useful for establishing a secure session, such as a Secure Socket Layer session using a personal computer, where the CA certificate is associated with a wireless identity module of a wireless device.
39 Citations
57 Claims
-
1. A method comprising:
-
having an identity authenticated in a first system; a second system causing a key to be generated for use in the second system; the second system generating a certificate for the key; and establishing the identity of a user in the second system by signing the certificate for the key using the authenticated identity of the user in the first system, wherein the certificate for the key for use in the second system contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method comprising:
-
generating a key for use in a network environment by a user having an authenticated identity not associated with said network environment; generating a certificate for the key; and establishing the identity of the user in said network environment by signing the certificate for the key using the user'"'"'s authenticated identity, wherein the certificate for the key for use in the network environment contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet.
-
-
27. A system comprising:
-
a device forming part of a second system, the device having means for causing a key to be generated for use in the second system by a user having an authenticated identity in a first system, said device of the second system having means for generating a certificate for the key; and a second device forming part of the first system, the second device having means for storing information regarding the authenticated identity of the user in the first system, said second device further having means for communicating said information; and wherein the device of the second system has means for receipt of said information from the second device, and further has means for establishing the identity of the user in the second system by signing the certificate for the key using the authenticated identity of the user in the first system, wherein the certificate for the key for use in the second system contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A wireless device comprising:
-
means for storing information regarding an authenticated identity of a user in a first system associated with the wireless device; means for receipt of a certificate from a second device that is part of a second system, the certificate being for a key that is for use in the second system; and means for establishing the identity of the user in the second system by signing the certificate using the authenticated identity of the user in the first system and transferring the signed certificate to the device of the second system wherein the certificate for the key for use in the second system contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; wherein the second device includes means for generating the key to be used in said second system; and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet. - View Dependent Claims (53, 54, 55)
-
-
56. A program stored on a computer readable medium for execution by a processor, the program having code for:
-
generating a key for use in a network environment by a user having an authenticated identity not associated with said network environment; generating a certificate for the key; and establishing the identity of the user in said network environment by signing the certificate for the key using the user'"'"'s authenticated identity, wherein the certificate for the key for use in the network environment contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet.
-
-
57. A wireless device comprising:
-
storage module configured to store information regarding an authenticated identity of a user in a first system associated with the wireless device; receiving module, configured to receive a certificate from a second device that is part of a second system, the certificate being for a key that is for use in the second system; and signing module configured to establish the identity of the user in the second system by signing the certificate using the authenticated identity of the user in the first system and transferring the signed certificate to the device of the second system, wherein the certificate for the key for use in the second system contains usage limitations, including a temporal limit on usage, wherein the temporal limit requires that once a secure socket layer session on the second system is completed, the certificate or a corresponding key is destroyed, wherein said usage limitations also include a limit on use of said key for encryption only, which excludes use of said key for signature verification; and wherein the second device includes a generating module configured to generate the key to be used in said second system, and wherein the first system is a wireless communication system and wherein the second system is a computer connected to an Internet.
-
Specification