Method and hybrid system for authenticating communications
First Claim
1. A hybrid authentication system for securing digital communications in a network and enabling a global enterprise, comprising:
- a distributed authentication infrastructure including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
a centralized authentication infrastructure integrated into said distributed authentication infrastructure and including a central server, said central server being coupled to said plurality of nodes and being utilized for verifying said identification of said plurality of nodes, wherein said central server can be utilized for supporting or replacing at least one of said plurality of nodes;
wherein said distributed authentication infrastructure is initially implemented and said centralized authentication infrastructure is later integrated into said distributed authenticated infrastructure;
wherein said distributed authentication infrastructure is selected from the group consisting of a threshold cryptography service model and a web-of-trust service model;
wherein said centralized authentication system is selected from the group consisting of a public key infrastructure and a kerberos service model;
wherein said plurality of nodes include at least one of a personal digital assistant, a digital pager, a digital fax machine, a video teleconferencing device, a wireless telephone, a portable computer, a desktop computer, and a communication device, wherein said plurality of nodes includes a verifying node coupled to a new entity for verifying the identification of said new entity and enrolling said new entity into the hybrid authentication system and wherein said verifying node signs a certificate related to said new entity and said central server publishes a certificate revocation list, said verifying node examining said certificate revocation list for determining whether said certificate has been revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention is a hybrid authentication system (10) for securing communication. In this embodiment, the system (10) includes a distributed authentication infrastructure (12) with a series of nodes (16) in communication with each other. These nodes (16) are intended to perform a series of functions, one of these functions being the authentication of other nodes. The system further includes a centralized authentication infrastructure (14), which is later integrated into the distributed authentication infrastructure (12) after the distributed authentication infrastructure (12) has been established. The centralized authentication infrastructure (14) includes a central server (22) coupled to the nodes (16) for verifying the identification of the nodes (16) and/or granting permission to those nodes (16).
-
Citations
30 Claims
-
1. A hybrid authentication system for securing digital communications in a network and enabling a global enterprise, comprising:
-
a distributed authentication infrastructure including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and a centralized authentication infrastructure integrated into said distributed authentication infrastructure and including a central server, said central server being coupled to said plurality of nodes and being utilized for verifying said identification of said plurality of nodes, wherein said central server can be utilized for supporting or replacing at least one of said plurality of nodes; wherein said distributed authentication infrastructure is initially implemented and said centralized authentication infrastructure is later integrated into said distributed authenticated infrastructure; wherein said distributed authentication infrastructure is selected from the group consisting of a threshold cryptography service model and a web-of-trust service model; wherein said centralized authentication system is selected from the group consisting of a public key infrastructure and a kerberos service model; wherein said plurality of nodes include at least one of a personal digital assistant, a digital pager, a digital fax machine, a video teleconferencing device, a wireless telephone, a portable computer, a desktop computer, and a communication device, wherein said plurality of nodes includes a verifying node coupled to a new entity for verifying the identification of said new entity and enrolling said new entity into the hybrid authentication system and wherein said verifying node signs a certificate related to said new entity and said central server publishes a certificate revocation list, said verifying node examining said certificate revocation list for determining whether said certificate has been revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 24, 25, 26, 27, 28, 29, 30)
-
-
20. A hybrid authentication system, comprising:
- a distributed authentication infrastructure based on a threshold cryptography service model and including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
a centralized authentication infrastructure based on a public key infrastructure and integrated into said distributed authentication infrastructure, said centralized authentication infrastructure including a certificate authority coupled to said plurality of nodes and utilized for verifying said identification of said plurality of nodes;
wherein said plurality of nodes includes a verifying node coupled to a new entity for verifying the identification of said new entity and enrolling said new entity into the hybrid authentication system and wherein said verifying node signs a certificate related to said new entity and said central server publishes a certificate revocation list, said verifying node examining said certificate revocation list for determining whether said certificate has been revoked, wherein said distributed authentication infrastructure is initially implemented and said centralized authentication infrastructure is later integrated into said distributed authenticated infrastructure.
- a distributed authentication infrastructure based on a threshold cryptography service model and including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
-
21. A hybrid authentication system, comprising:
- a distributed authentication infrastructure based on a web-of-trust service model and including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
a centralized authentication infrastructure based on a public key infrastructure and integrated into said distributed authentication infrastructure, said centralized authentication infrastructure including a certificate authority coupled to said plurality of nodes and utilized for verifying said identification of said plurality of nodes;
wherein said distributed authentication infrastructure is initially implemented and said centralized authentication infrastructure is later integrated into said distributed authenticated infrastructure, and wherein said plurality of nodes is a plurality of members including a first member and a second member, said certificate authority issuing a first group certificate to said first member that provides said first member with a first permission level, said certificate authority issuing a second group certificate to said second member that provides said second member with a second permission level, wherein said first permission level is greater than said second permission level;
wherein said first group certificate enables said first member to enroll a new entity into the system and provide said new entity with a new permission level equivalent up to said first permission level. - View Dependent Claims (22)
- a distributed authentication infrastructure based on a web-of-trust service model and including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
-
23. A hybrid authentication system, comprising:
- a distributed authentication infrastructure including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
a centralized authentication infrastructure integrated into said distributed authentication infrastructure, said centralized authentication infrastructure including a certificate authority coupled to said plurality of nodes and utilized for verifying said identification of said plurality of nodes;
wherein said centralized authentication infrastructure provides a signed certificate for verifying said identification and wherein said distributed authentication infrastructure is initially implemented and said centralized authentication infrastructure is later integrated into said distributed authenticated infrastructure;
wherein said certificate authority is coupled to said plurality of nodes for at least one of issuing a global directive thereto and supporting said plurality of nodes by assisting with at least one of an enrollment task, an authentication task, and a permission granting task;
wherein said global directive includes at least one of a rekey instruction and a critical trust chain path, said rekey instruction and said critical trust chain path for providing a secured data transfer line.
- a distributed authentication infrastructure including a plurality of nodes in communication with each other, each of said plurality of nodes having an identification and intended to perform a series of functions, one of said series of functions for verifying said identification of said plurality of nodes; and
Specification