Relying party trust anchor based public key technology framework
First Claim
1. A public key (PK) framework having a relying party user authentication system for allowing a relying party to authenticate a user, wherein the PK framework places user credentials under the control of the relying party, and wherein the relying party user authentication system includes:
- a storage system for storing certificates received via a secure channel from users in a user credentials data repository that acts as a trust anchor, wherein the certificates are issued by a plurality of different certificate authorities, and wherein the certificates in the user credential data repository are publically available;
a management system for managing records in the user credentials data repository associated with users; and
a validation system that retrieves certificates from the user credentials data repository in order to authenticate users, wherein the validation system utilizes a public key obtained from a stored certificate to decrypt a digital signature of a user that was encrypted by the user with an associated private key, and wherein authentication is performed without obtaining a certificate from the user at a time of authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
A public key (PK) framework for allowing a relying party to act as a trust anchor to authenticate a subscriber. The framework provides a directory system under the control of the relying party, wherein the directory system includes: a storage system for storing certificates received from subscribers in a database, wherein the certificates are issued by a plurality of different certificate authorities; a management system for managing records in the database associated with subscribers; and a validation system that allows the relying party to retrieve certificates from the database in order to authenticate subscribers.
-
Citations
15 Claims
-
1. A public key (PK) framework having a relying party user authentication system for allowing a relying party to authenticate a user, wherein the PK framework places user credentials under the control of the relying party, and wherein the relying party user authentication system includes:
-
a storage system for storing certificates received via a secure channel from users in a user credentials data repository that acts as a trust anchor, wherein the certificates are issued by a plurality of different certificate authorities, and wherein the certificates in the user credential data repository are publically available; a management system for managing records in the user credentials data repository associated with users; and a validation system that retrieves certificates from the user credentials data repository in order to authenticate users, wherein the validation system utilizes a public key obtained from a stored certificate to decrypt a digital signature of a user that was encrypted by the user with an associated private key, and wherein authentication is performed without obtaining a certificate from the user at a time of authentication. - View Dependent Claims (2, 3, 4)
-
-
5. A method for allowing a relying party to authenticate a user within a public key (PK) framework in which the user credentials are under the control of the relying party, comprising:
-
providing a user credentials data repository that is under the control of a relying party; storing certificates received from users via a secure channel in the user credentials data repository that acts as a trust anchor, wherein the certificates are issued by a plurality of different certificate authorities; allowing the certificates in the user credentials data repository to be publically available; receiving a request at the relying party to authenticate a user; retrieving a certificate from the user credentials data repository in order to authenticate the user; obtaining a digital signature from the user that was encrypted with a private key of the user; decrypting the digital signature with a computing device using a public key associated with the certificate retrieved from the user credentials data repository; and authenticating the user without receiving a certificate from the user at a time of authentication. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method for authenticating users using public key infrastructure (PKI) credentials, comprising the steps of:
-
receiving a certificate via a secure channel from a subscriber at a relying party authentication server; selecting at least one trust anchor from a plurality of trust anchors to authenticate the subscriber based on the certificate, wherein the plurality of trust anchors for authenticating the subscriber include; a key store containing trusted certificate authority certificates; a directory of registered certificates; and a custom web services user credentials verification application that sends a received certificate to a remote application using web services to verify the received certificate; storing the certificate in a user credentials data repository, wherein the certificate in the user credentials data repository is publically available; receiving a request at the relying party to authenticate the user during a subsequent session; retrieving the certificate from the user credentials data repository; obtaining a digital signature from the user encrypted with a private key of the user; decrypting the digital signature with a computing device using a public key associated with the certificate retrieved from the user credentials data repository; and authenticating the user during the subsequent session without receiving a certificate from the user. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for deploying a relying party user authentication application in which user credentials are under the control of a relying party, comprising:
-
providing a computer infrastructure being configured to; store certificates received from users via a secure channel in a user credentials data repository that is under the control of the relying party, wherein the certificates are issued by a plurality of different certificate authorities, wherein the certificates in the user credentials data repository are publically available; manage records in the user credentials data repository associated with the relying party; allow the relying party to retrieve certificates from the user credentials data repository in order to authenticate users; obtain a digital signature from the user that was encrypted with a private key of the user; decrypt the digital signature with a computing device using a public key associated with the certificate retrieved from the user credentials data repository; and authenticate the user without receiving a certificate from the user at a time of authentication.
-
Specification