Obtaining and maintaining real time certificate status

US 7,415,607 B2
Filed: 11/30/2001
Issued: 08/19/2008
Est. Priority Date: 12/22/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

retrieving a certificate and a real time status for the certificate from a certificate authority;

storing the certificate and said real time status in an identity system, wherein the certificate authority is external to the identity system;

storing validation information for said certificate in the identity system, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;

receiving at the identity system a request to export the certificate;

determining with the identity system whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the identity system; and

in response to determining to check the status for said certificate, determining with the identity system whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the identity system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Identity System obtains and maintains real time certificate status. The Identity System retrieves real time status information for the System'"'"'s certificates and stores a record of the status. The Identity System also stores validation information for the certificate, including the time the real time status was retrieved and a validation interval of time extending from the status retrieval time. Smaller validation intervals reduce the potential for the real time status changing during the validation interval. When the Identity System exports or displays a certificate for a user, the Identity System can employ the stored validation information and certificate status to ensure the certificate'"'"'s validity.

Citations

32 Claims

1. A method comprising the steps of:
- retrieving a certificate and a real time status for the certificate from a certificate authority;
  
  storing the certificate and said real time status in an identity system, wherein the certificate authority is external to the identity system;
  
  storing validation information for said certificate in the identity system, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;
  
  receiving at the identity system a request to export the certificate;
  
  determining with the identity system whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the identity system; and
  
  in response to determining to check the status for said certificate, determining with the identity system whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the identity system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein storing validation information for said certificate comprises:
    - setting said validation interval to zero when said real time status is not valid.
  - 3. The method of claim 1, further comprising, in response to determining to check the status of the certificate and determining to not check the status for the certificate in real time,determining with the identity system whether said request is received within a time period, wherein said time period begins at said time said real time status was retrieved and extends for said validation interval.
  - 4. The method of claim 3, further comprising:
    - exporting said certificate from the identity system, if said request is received within said time period.
  - 5. The method of claim 3, further comprising:
    - issuing an error message from the identity system, if said request is not received within said time period.
  - 6. The method of claim 1, further comprisingretrieving a new real time status for said certificate from the identity system in response to determining to check status for said certificate in real time.
  - 7. The method of claim 6, further comprisingexporting said certificate from the identity system, if said new real time status indicates said certificate is valid.
  - 8. The method of claim 6, further comprisingissuing an error message from the identity system, if said new real time status indicates said certificate is not valid.
  - 9. The method of claim 1, further comprising:
    - receiving a request to display information from said certificate;
      
      retrieving a status for said certificate; and
      
      displaying said information from said certificate and said status.
  - 10. The method of claim 9, wherein retrieving a status for said certificate comprises:
    - determining with the identity system whether to check status for said certificate in real time;
      
      retrieving said real time status for said certificate from the validation information to serve as said status, if it is determined to not check status in real time; and
      
      retrieving a new real time status from the certificate authority to serve as said status, if it is determined to check status in real time.

11. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
- retrieving a certificate and a real time status for the certificate from a certificate authority;
  
  storing the certificate and said real time status in an identity system, wherein the certificate authority is external to the identity system;
  
  storing validation information for said certificate in the identity system, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;
  
  receiving at the identity system a request to export the certificate;
  
  determining with the identity system whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the identity system; and
  
  in response to determining to check the status for said certificate, determining with the identity system whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the identity system.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. One or more processor readable storage devices according to claim 11, wherein storing validation information for said certificate comprises:
    - setting said validation interval to zero when said real time status is not valid.
  - 13. One or more processor readable storage devices according to claim 11, further comprising, in response to determining to check the status of the certificate and determining to not check the status for the certificate in real time,determining with the identity system whether said request is received within a time period, wherein said time period begins at said time said real time status was retrieved and extends for said validation interval.
  - 14. One or more processor readable storage devices according to claim 13, further comprising:
    - exporting said certificate from the identity system, if said request is received within said time period.
  - 15. One or more processor readable storage devices according to claim 13, further comprising:
    - issuing an error message from the identity system, if said request is not received within said time period.
  - 16. One or more processor readable storage devices according to claim 11, further comprising:
    - receiving a request to display information from said certificate;
      
      retrieving a status for said certificate; and
      
      displaying said information from said certificate and said status.

17. A method comprising:
- retrieving a certificate and a real time status for the certificate from a certificate authority;
  
  storing the certificate and the real time status in an identity system, wherein the certificate authority is external to the identity system;
  
  storing validation information for the certificate in the identity system, wherein the validation information includes an identifier of a time the real time status was retrieved and a validation interval for the real time status;
  
  receiving at the identity system a request to export the certificate;
  
  determining with the identity system whether to check a status for the certificate;
  
  in response to determining to not check the status for the certificate, exporting the certificate from the identity system without checking the status for the certificate;
  
  in response to determining to check the status for the certificate, determining with the identity system whether to check the status for the certificate in real time; and
  
  in response to determining to check the status for the certificate in real time, retrieving a new real time status for the certificate from the certificate authority.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method of claim 17, further comprising exporting the certificate from the identity system if the new real time status indicates the certificate is valid.
  - 19. The method of claim 17, further comprising issuing an error message from the identity system if the new real time status indicates the certificate is not valid.
  - 20. The method of claim 17, further comprising, in response to determining to not check the status for the certificate in real time, determining with the identity system whether the check time falls within a time period, wherein the time period begins at the time the real time status was received and extends for the validation interval.
  - 21. The method of claim 20, further comprising exporting the certificate if the check time falls within the time period.
  - 22. The method of claim 20, further comprising issuing an error message from the identity system if the check time does not fall within the time period.
  - 23. The method of claim 17, wherein determining whether to check a status for the certificate comprises querying a parameter field in the identity system.
  - 24. The method of claim 17 wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the identity system.

25. One or more processor readable storage devices having processor readable code embodied on said one or more processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
- retrieving a certificate and a real time status for the certificate from a certificate authority;
  
  storing the certificate and the real time status in an identity system, wherein the certificate authority is external to the identity system;
  
  storing validation information for the certificate in the identity system, wherein the validation information includes an identifier of a time the real time status was retrieved and a validation interval for the real time status;
  
  receiving at the identity system a request to export the certificate;
  
  determining with the identity system whether to check a status for the certificate;
  
  in response to determining to not check the status for the certificate, exporting the certificate from the identity system without checking the status for the certificate;
  
  in response to determining to check the status for the certificate, determining with the identity system whether to check the status for the certificate in real time; and
  
  in response to determining to check the status for the certificate in real time, retrieving a new real time status for the certificate from the certificate authority.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The one or more processor readable storage devices of claim 25, further comprising exporting the certificate from the identity system if the new real time status indicates the certificate is valid.
  - 27. The one or more processor readable storage devices of claim 25, further comprising issuing an error message from the identity system if the new real time status indicates the certificate is not valid.
  - 28. The one or more processor readable storage devices of claim 25, further comprising, in response to determining to not check the status for the certificate in real time, determining with the identity system whether the check time falls within a time period, wherein the time period begins at the time the real time status was received and extends for the validation interval.
  - 29. The one or more processor readable storage devices of claim 28, further comprising exporting the certificate from the identity system if the check time falls within the time period.
  - 30. The one or more processor readable storage devices of claim 28, further comprising issuing an error message from the identity system if the check time does not fall within the time period.
  - 31. The one or more processor readable storage devices of claim 25, wherein determining whether to check a status for the certificate comprises querying a parameter field in the identity system.
  - 32. The one or more processor readable storage devices of claim 25, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the identity system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sinn, Richard P.
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US09/998,914
Publication Number

US 20020166049A1
Time in Patent Office

2,454 Days
Field of Search

713/156, 713/158, 713/167, 713/170, 713/201, 713/175, 713/176, 713/173, 709/225
US Class Current

713/158
CPC Class Codes

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

G06F 2221/2119   Authenticating web pages, e...

G06Q 10/10   Office automation; Time man...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Obtaining and maintaining real time certificate status

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Obtaining and maintaining real time certificate status

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links