Virtual smart card system and method
First Claim
Patent Images
1. A public key authentication system for use in a computer system having a plurality of users, the system comprising:
- an authentication server;
a directory service connected to the authentication server, wherein the directory service includes a plurality of public keys, wherein each public key is associated with a unique user identifier; and
a host system, wherein the host system includes a public key authentication client and an interface to a smart-card-enabled application, wherein the public key authentication client is connected to the authentication server;
wherein the public key authentication client receives a challenge issued by the authentication server in response to a user request by the host system, signs the challenge with a digital signature representing a user and sends the digital signature of the challenge back to the authentication server; and
wherein the authentication server receives the digital signature of the challenge and verifies the digital signature with the user'"'"'s public key retrieved from the directory service.
9 Assignments
0 Petitions
Accused Products
Abstract
A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user'"'"'s virtual smart card to obtain the user'"'"'s private key.
-
Citations
9 Claims
-
1. A public key authentication system for use in a computer system having a plurality of users, the system comprising:
-
an authentication server; a directory service connected to the authentication server, wherein the directory service includes a plurality of public keys, wherein each public key is associated with a unique user identifier; and a host system, wherein the host system includes a public key authentication client and an interface to a smart-card-enabled application, wherein the public key authentication client is connected to the authentication server; wherein the public key authentication client receives a challenge issued by the authentication server in response to a user request by the host system, signs the challenge with a digital signature representing a user and sends the digital signature of the challenge back to the authentication server; and wherein the authentication server receives the digital signature of the challenge and verifies the digital signature with the user'"'"'s public key retrieved from the directory service. - View Dependent Claims (2, 3)
-
-
4. A public key authentication method, comprising:
-
providing a plurality of public keys through a directory service, wherein providing includes associating each public key with a unique user; receiving a user request from a host system; sending a challenge to the host system in response to the user request; receiving a digital signature of the challenge from the host system; and verifying the received digital signature with a public key associated with the user, wherein verifying includes retrieving the public key associated with the user from the directory service. - View Dependent Claims (5, 6)
-
-
7. A computer-readable medium including instructions that, when executed by a computer, cause the computer to perform:
-
providing a plurality of public keys through a directory service, wherein providing includes associating each public key with a unique user; receiving a user request from a host system; sending a challenge to the host system in response to the user request; receiving a digital signature of the challenge from the host system; and verifying the received digital signature with a public key associated with the user, wherein verifying includes retrieving the public key associated with the user from the directory service. - View Dependent Claims (8, 9)
-
Specification