Cryptographic server with provisions for interoperability between cryptographic systems

US 7,577,621 B2
Filed: 12/20/2004
Issued: 08/18/2009
Est. Priority Date: 09/20/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of performing remote requests for cryptographic functions on a secure server, the method comprising:

associating a user of a remote computing device from multiple users with one or more private keys from a plurality of private cryptographic keys stored on a secure server;

receiving a request for one or more cryptographic functions from an application executing on the remote computing device;

accessing the one or more private keys; and

performing one or more cryptographic functions corresponding to the request using the one or more private keys, wherein the one or more private keys are generated within a trust engine and not released from the trust engine.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a cryptographic server providing interoperability over multiple algorithms, keys, standards, certificate types and issuers, protocols, and the like. Another aspect of the invention is to provide a secure server, or trust engine, having server-centric keys, or in other words, storing cryptographic keys on a server. The server-centric storage of keys provides for user-independent security, portability, availability, and straightforwardness, along with a wide variety of implementation possibilities.

48 Citations

View as Search Results

18 Claims

1. A method of performing remote requests for cryptographic functions on a secure server, the method comprising:
- associating a user of a remote computing device from multiple users with one or more private keys from a plurality of private cryptographic keys stored on a secure server;
  
  receiving a request for one or more cryptographic functions from an application executing on the remote computing device;
  
  accessing the one or more private keys; and
  
  performing one or more cryptographic functions corresponding to the request using the one or more private keys, wherein the one or more private keys are generated within a trust engine and not released from the trust engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising transmitting a response to the application.
  - 3. The method of claim 1, wherein the request includes data, and wherein the method further comprises recognizing from the data in the request which of the one or more cryptographic functions are to be performed.
  - 4. The method of claim 1, wherein the remote computing device comprises a vendor system.
  - 5. The method of claim 1, wherein the request is generated when a vendor and a user engage in a transaction.
  - 6. The method of claim 5, wherein the request includes a vendor identifier.
  - 7. The method of claim 5, wherein the request includes a user identifier.
  - 8. The method of claim 5, wherein the request includes a transaction identifier.
  - 9. The method of claim 1, wherein the application comprises a vendor-side application program interface.
  - 10. The method of claim 1, wherein the remote computing device comprises a user system accessed by a user.
  - 11. The method of claim 1, wherein the application comprises a user-side application program interface.
  - 12. The method of claim 1, wherein the cryptographic functions include one of digital signing, encryption, decryption, hash creation, key generation, and key destruction.
  - 13. The method of claim 1, wherein the cryptographic functions comprise converting from one cryptographic algorithm to another.
  - 14. The method of claim 13, wherein the algorithm conversion is transparent to the users.
  - 15. The method of claim 1, wherein the step of accessing the one or more private keys further comprises:
    - selecting a type of certificate matching data provided in the request; and
      
      determining whether the user owns a certificate matching the type;
      
      when the user owns the certificate, accessing the one or more private keys from the plurality of private cryptographic keys corresponding to the certificate;
      
      wherein the step of performing one or more cryptographic functions using the one or more private keys includes using the one or more private keys corresponding to the certificate.
  - 16. The method of claim 15, wherein the one or more keys corresponding to the certificate include at least one private key.
  - 17. The method of claim 1, further comprising authenticating the user to determine whether the user has access to the one or more private keys associated with the one or more cryptographic functions requested.
  - 18. The method of claim 1, further comprising authenticating the user to the secure server prior to allowing the user to make a request for one or more cryptographic functions, wherein the request is not for authenticating the user to the secure server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security First Innovations, LLC
Original Assignee
Security First Corp
Inventors
Dickinson, Alexander G., Stark, Gregory H., Rohrbach, Mark D., Ferrante, Michelle, Clayton, Richard F.
Primary Examiner(s)
Cheung; Mary

Application Number

US11/014,967
Publication Number

US 20050102244A1
Time in Patent Office

1,702 Days
Field of Search

705 64- 67, 705 72- 75, 380277-285, 380 44- 45, 380 28- 30, 713153-162, 713166-171, 713/175, 713177-180, 713182-185, 726 1- 21, 726 34- 36
US Class Current

705/75
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

G06F 2221/2115   Third party

G06F 2221/2117   User registration

G06Q 20/02   involving a neutral party, ...

G06Q 20/12   specially adapted for elect...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/401   Transaction verification

G06Q 30/06   Buying, selling or leasing ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Cryptographic server with provisions for interoperability between cryptographic systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic server with provisions for interoperability between cryptographic systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links