Self-service provisioning of digital certificates
First Claim
1. A computer-implemented method comprising:
- instructing an un-provisioned user to obtain a digital certificate;
receiving, at a provisioning computer, a response from the un-provisioned user, wherein the response includes the digital certificate and a fingerprint of the digital certificate;
storing the digital certificate and the fingerprint without activating the digital certificate;
prior to activating the digital certificate, instructing a trusted user who has an activated digital certificate to verify the received digital certificate, which comprises instructing the trusted user to confirm with the un-provisioned user that the un-provisioned user has obtained the digital certificate, and to receive from the un-provisioned user the fingerprint of the digital certificate;
receiving from the trusted user a response that includes the fingerprint of the digital certificate;
comparing the received fingerprint with the stored fingerprint; and
activating the digital certificate in response a fingerprint match.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for provisioning digital certificates. An automated provisioning engine receives notification of a need to provision a user with a digital certificate. The engine electronically instructs the user to obtain a digital certificate. When obtained, the user responds by forwarding the certificate. The engine then electronically instructs a trusted or provisioned user to verify that the user obtained the digital certificate. The trusted user verifies this, and may obtain the user'"'"'s certificate or a fingerprint of the certificate to include in a response to the provisioner'"'"'s instructions. If verified, and if the certificate or fingerprint matches the certificate provided by the user, the user'"'"'s digital certificate is then activated, to allow it to represent the user in public key transactions.
6 Citations
18 Claims
-
1. A computer-implemented method comprising:
-
instructing an un-provisioned user to obtain a digital certificate; receiving, at a provisioning computer, a response from the un-provisioned user, wherein the response includes the digital certificate and a fingerprint of the digital certificate; storing the digital certificate and the fingerprint without activating the digital certificate; prior to activating the digital certificate, instructing a trusted user who has an activated digital certificate to verify the received digital certificate, which comprises instructing the trusted user to confirm with the un-provisioned user that the un-provisioned user has obtained the digital certificate, and to receive from the un-provisioned user the fingerprint of the digital certificate; receiving from the trusted user a response that includes the fingerprint of the digital certificate; comparing the received fingerprint with the stored fingerprint; and activating the digital certificate in response a fingerprint match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer readable memory storage medium, storing instructions that, when executed by a provisioning computer, cause the computer to perform a method of provisioning a digital certificate, the method comprising:
-
instructing an un-provisioned user to obtain a digital certificate; receiving, at a provisioning computer, a response from the un-provisioned user, wherein the response includes the digital certificate and a fingerprint of the digital certificate; storing the digital certificate and the fingerprint without activating the digital certificate; prior to activating the digital certificate, instructing a trusted user who has an activated digital certificate to verify the received digital certificate, which comprises instructing the trusted user to confirm with the un-provisioned user that the un-provisioned user has obtained the digital certificate, and to receive from the un-provisioned user the fingerprint of the digital certificate; receiving from the trusted user a response that includes the fingerprint of the digital certificate; comparing the received fingerprint with the stored fingerprint; and activating the digital certificate in response to a fingerprint match.
-
-
10. A computer-implemented self-service method of provisioning a digital certificate, the method comprising:
-
receiving, from an automated provisioner of digital certificates, instructions to obtain a digital certificate at a un-provisioned user'"'"'s computer; obtaining the digital certificate; sending a response to the instructions to the provisioner, wherein the response includes the digital certificate and a fingerprint of the digital certificate; and confirming obtainment of the digital certificate to a trusted user who has an activated digital certificate and is registered with the automated provisioner, wherein confirming comprises sending the fingerprint of the digital certificate to the trusted user. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer readable memory storage medium, storing instructions that, when executed by a computer, cause the computer to perform a self-service method of provisioning a digital certificate, the method comprising:
-
receiving, from an automated provisioner of digital certificates, instructions to obtain a digital certificate at an un-provisioned user'"'"'s computer; obtaining the digital certificate; sending a response to the instructions to the provisioner, wherein the response includes the digital certificate and a fingerprint of the digital certificate; and confirming obtainment of the digital certificate to a trusted user who has an activated digital certificate and is registered with the automated provisioner, wherein confirming comprises sending the fingerprint of the digital certificate to the trusted user.
-
-
17. An apparatus for provisioning a digital certificate, comprising:
-
a database configured to store digital certificates; a communication link coupling the apparatus to a plurality of client computing devices; and an automated provisioner configured to; instruct an un-provisioned user to obtain a digital certificate; receive, from the un-provisioned user, the un-provisioned user'"'"'s digital certificate and a fingerprint of the digital certificate; prior to activating the digital certificate, instruct a provisioned user who has an activated digital certificate to verify the received digital certificate at the provisioned user'"'"'s computer, which comprises instructing the provisioned user to confirm with the un-provisioned user that the un-provisioned user has obtained the digital certificate, and to receive from the un-provisioned user the fingerprint of the digital certificate; receive from the provisioned user a response that includes the fingerprint of the digital certificate; compare the received fingerprint with the stored fingerprint; and activate the digital certificate in response to a fingerprint match. - View Dependent Claims (18)
-
Specification