Employing electronic certificate workflows

US 8,015,600 B2
Filed: 11/30/2001
Issued: 09/06/2011
Est. Priority Date: 12/22/2000
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

associating each workflow of a plurality of workflows with a corresponding domain of a plurality of domains in an Identity System, each domain of said plurality of domains comprising one or more entities and each workflow of said plurality of workflows using a different predefined set of steps to perform a certificate related action affecting validity of the certificate, the certificate comprising a security credential, wherein each workflow in said plurality of workflows corresponds to a different set of characteristics for a user, wherein the first workflow contains a first set of steps and a second workflow in said plurality of workflows contains a second set of steps, wherein said first set of steps is different from said second set of steps, wherein said first workflow calls for obtaining an approval before performing a certificate related action for users having a first user type, and wherein said second workflow does not call for obtaining an approval before performing a certificate related action for users having a second user type;

receiving at the Identity System a request for a first certificate related action for a first user wherein the first certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;

determining from said plurality of domains a domain that includes said user;

determining from said plurality of workflows, one or more workflows associated with said domain and capable of performing said certificate related action;

retrieving by the Identity System from said one or more workflows associated with said domain a first workflow for responding to said request wherein retrieving the first workflow comprises selecting the first workflow from the one or more workflows associated with said domain based on the first certificate related action and a user type of the first user from a set of characteristics for the first user from an identity profile for the first user maintained by the Identity System being the first user type and wherein the request includes an identification of said identity profile for the first user;

performing said first workflow, wherein performing said first workflow comprises executing said predefined set of steps of said first workflow to perform said certificate related action including retrieving an approval response from an entity associated with the first user and identified in the identity profile for the first user and obtaining a certificate and a real time status for the certificate from a certificate authority based on the approval response; and

storing the certificate and said real time status in the Identity System, wherein the certificate authority is external to the Identity System.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An Identity System manages certificate related actions for organization members and affiliates. Examples of certificate related actions include certificate enrollment, renewal, and revocation. The Identity System maintains and employs different certificate related workflows for different organization members and affiliates. After receiving a request for a certificate related action, the Identity System retrieves a workflow for responding to the request. The Identity System selects the workflow from a plurality of workflows for responding to the type of certificate related action being requested. Each workflow in the plurality corresponds to a different set of user characteristics. The Identity System selects the workflow that corresponds to the requested certificate related action, as well as the type of user for which the request is made.

244 Citations

27 Claims

1. A method comprising:
- associating each workflow of a plurality of workflows with a corresponding domain of a plurality of domains in an Identity System, each domain of said plurality of domains comprising one or more entities and each workflow of said plurality of workflows using a different predefined set of steps to perform a certificate related action affecting validity of the certificate, the certificate comprising a security credential, wherein each workflow in said plurality of workflows corresponds to a different set of characteristics for a user, wherein the first workflow contains a first set of steps and a second workflow in said plurality of workflows contains a second set of steps, wherein said first set of steps is different from said second set of steps, wherein said first workflow calls for obtaining an approval before performing a certificate related action for users having a first user type, and wherein said second workflow does not call for obtaining an approval before performing a certificate related action for users having a second user type;
  
  receiving at the Identity System a request for a first certificate related action for a first user wherein the first certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
  
  determining from said plurality of domains a domain that includes said user;
  
  determining from said plurality of workflows, one or more workflows associated with said domain and capable of performing said certificate related action;
  
  retrieving by the Identity System from said one or more workflows associated with said domain a first workflow for responding to said request wherein retrieving the first workflow comprises selecting the first workflow from the one or more workflows associated with said domain based on the first certificate related action and a user type of the first user from a set of characteristics for the first user from an identity profile for the first user maintained by the Identity System being the first user type and wherein the request includes an identification of said identity profile for the first user;
  
  performing said first workflow, wherein performing said first workflow comprises executing said predefined set of steps of said first workflow to perform said certificate related action including retrieving an approval response from an entity associated with the first user and identified in the identity profile for the first user and obtaining a certificate and a real time status for the certificate from a certificate authority based on the approval response; and
  
  storing the certificate and said real time status in the Identity System, wherein the certificate authority is external to the Identity System.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23, 24, 25)
- - 2. The method of claim 1, further comprising:
    - receiving said plurality of workflows.
  - 3. The method of claim 1, further comprising:
    - receiving at the Identity System a second request for a second certificate related action for a second user wherein the second certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
      
      determining by the Identity System from said plurality of domains a domain that includes said second user;
      
      determining by the Identity System from said plurality of workflows, one or more workflows associated with said domain that includes said second user and capable of performing said second certificate related action;
      
      retrieving by the Identity System from said one or more workflows associated with said domain that includes the second user a second workflow for responding to said second request, wherein retrieving the second workflow further comprises selecting the second workflow from the one or more workflows associated with said domain that includes said second user based on the second certificate related action and a user type of the second user from a set of characteristics for the second user from an identity profile for the second user maintained by the Identity System being the second user type, and wherein the second request includes an identification of said identity profile of the second user; and
      
      performing said second workflow, wherein performing said second workflow comprises executing said predefined set of steps of said second workflow to perform said certificate related action including obtaining a second certificate without retrieving an approval response.
  - 4. The method of claim 3, wherein said first certificate related action is a certificate enrollment action and said second certificate related action is a certificate enrollment action.
  - 5. The method of claim 3, wherein said first certificate related action is a certificate renewal action and said second certificate related action is a certificate renewal action.
  - 6. The method of claim 1, further comprising:
    - performing said first workflow, wherein said first certificate related action is a certificate enrollment action and wherein performing said first workflow comprises;
      
      obtaining a certificate, wherein obtaining the certificate comprisesauthenticating said first user;
      
      forwarding said request to a Certificate Processing Server;
      
      receiving said certificate; and
      
      storing said certificate.
  - 7. The method of claim 1, further comprising:
    - performing said first workflow, wherein said first certificate related action is a certificate renewal action and wherein performing said first workflow comprises;
      
      obtaining a certificate renewal, wherein obtaining the certificate renewal comprises;
      
      authenticating said first user;
      
      forwarding said request to a Certificate Processing Server;
      
      receiving a certificate renewal acknowledgement.
  - 8. The method of claim 1, further comprising:
    - performing said first workflow, wherein said first certificate related action is a certificate revocation action and wherein performing said first workflow comprises;
      
      revoking a certificate, wherein revoking the certificate comprises;
      
      authenticating said first user; and
      
      forwarding said request to a Certificate Processing Server.
  - 23. The method of claim 1, wherein obtaining an approval response comprises applying a Lightweight Directory Access Protocol (LDAP) filter to attributes of the identity profile for the first user.
  - 24. The method of claim 3, wherein the entity associated with the first user comprises a third user.
  - 25. The method of claim 1, further comprising:
    - storing validation information for said certificate in the Identity System, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;
      
      receiving at the Identity System a request to export the certificate;
      
      determining with the Identity System whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the Identity System; and
      
      in response to determining to check the status for said certificate, determining with the Identity System whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the Identity System.

9. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising:
- associating each workflow of a plurality of workflows with a corresponding domain of a plurality of domains in an Identity System, each domain of said plurality of domains comprising one or more entities and each workflow of said plurality of workflows using a different predefined set of steps to perform a certificate related action affecting validity of the certificate, the certificate comprising a security credential, wherein each workflow in said plurality of workflows corresponds to a different set of characteristics for a user, wherein the first workflow contains a first set of steps and a second workflow in said plurality of workflows contains a second set of steps, wherein said first set of steps is different from said second set of steps, wherein said first workflow calls for obtaining an approval before performing a certificate related action for users having a first user type, and wherein said second workflow does not call for obtaining an approval before performing a certificate related action for users having a second user type;
  
  receiving at the Identity System a request for a first certificate related action for a first user wherein the first certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
  
  determining from said plurality of domains a domain that includes said user;
  
  determining from said plurality of workflows, one or more workflows associated with said domain and capable of performing said certificate related action;
  
  retrieving by the Identity System from said one or more workflows associated with said domain a first workflow for responding to said request wherein retrieving the first workflow comprises selecting the first workflow from the one or more workflows associated with said domain based on the first certificate related action and a user type of the first user from a set of characteristics for the first user from an identity profile for the first user maintained by the Identity System being the first user type and wherein the request includes an identification of said identity profile for the first user;
  
  performing said first workflow, wherein performing said first workflow comprises executing said predefined set of steps of said first workflow to perform said certificate related action including retrieving an approval response from an entity associated with the first user and identified in the identity profile for the first user and obtaining a certificate and a real time status for the certificate from a certificate authority based on the approval response; and
  
  storing the certificate and said real time status in the Identity System, wherein the certificate authority is external to the Identity System.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 26)
- - 10. One or more processor readable storage devices according to claim 9, wherein said method further comprises:
    - receiving said plurality of workflows.
  - 11. One or more processor readable storage devices according to claim 9, wherein said method further comprises:
    - receiving at the Identity System a second request for a second certificate related action for a second user wherein the second certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
      
      determining by the Identity System from said plurality of domains a domain that includes said second user;
      
      determining by the Identity System from said plurality of workflows, one or more workflows associated with said domain that includes said second user and capable of performing said second certificate related action;
      
      retrieving by the Identity System from said one or more workflows associated with said domain that includes the second user a second workflow for responding to said second request, wherein retrieving the second workflow further comprises selecting the second workflow from the one or more workflows associated with said domain that includes said second user based on the second certificate related action and a user type of the second user from a set of characteristics for the second user from an identity profile for the second user maintained by the Identity System being the second user type, and wherein the second request includes an identification of said identity profile of the second user; and
      
      performing said second workflow, wherein performing said second workflow comprises executing said predefined set of steps of said second workflow to perform said certificate related action including obtaining a second certificate without retrieving an approval response.
  - 12. One or more processor readable storage devices according to claim 11, wherein said first certificate related action is a certificate enrollment action and said second certificate related action is a certificate enrollment action.
  - 13. One or more processor readable storage devices according to claim 9, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate enrollment action and wherein performing said first workflow comprises;
      
      obtaining a certificate, wherein obtaining the certificate comprises;
      
      authenticating said first user;
      
      forwarding said request to a Certificate Processing Server;
      
      receiving said certificate; and
      
      storing said certificate.
  - 14. One or more processor readable storage devices according to claim 9, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate renewal action and wherein performing said first workflow comprises;
      
      obtaining a certificate, wherein obtaining the certificate comprisesauthenticating said first user;
      
      forwarding said request to a Certificate Processing Server; and
      
      receiving a certificate renewal acknowledgement.
  - 15. One or more processor readable storage devices according to claim 9, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate revocation action and wherein performing said first workflow comprises;
      
      revoking a certificate, wherein revoking the certificate comprises;
      
      authenticating said first user; and
      
      forwarding said request to a Certificate Processing Server.
  - 26. The one or more processor readable storage devices of claim 9, wherein the method further comprises:
    - storing validation information for said certificate in the Identity System, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;
      
      receiving at the Identity System a request to export the certificate;
      
      determining with the Identity System whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the Identity System; and
      
      in response to determining to check the status for said certificate, determining with the Identity System whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the Identity System.

16. An apparatus comprising:
- one or more communications interfaces;
  
  one or more storage devices; and
  
  one or more processors in communication with said one or more storage devices and said one or more communication interfaces, said one or more processors perform a method comprising;
  
  associating each workflow of a plurality of workflows with a corresponding domain of a plurality of domains in an Identity System, each domain of said plurality of domains comprising one or more entities and each workflow of said plurality of workflows using a different predefined set of steps to perform a certificate related action affecting validity of the certificate, the certificate comprising a security credential, wherein each workflow in said plurality of workflows corresponds to a different set of characteristics for a user, wherein the first workflow contains a first set of steps and a second workflow in said plurality of workflows contains a second set of steps, wherein said first set of steps is different from said second set of steps, wherein said first workflow calls for obtaining an approval before performing a certificate related action for users having a first user type, and wherein said second workflow does not call for obtaining an approval before performing a certificate related action for users having a second user type;
  
  receiving at the Identity System a request for a first certificate related action for a first user wherein the first certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
  
  determining from said plurality of domains a domain that includes said user;
  
  determining from said plurality of workflows, one or more workflows associated with said domain and capable of performing said certificate related action;
  
  retrieving by the Identity System from said one or more workflows associated with said domain a first workflow for responding to said request wherein retrieving the first workflow comprises selecting the first workflow from the one or more workflows associated with said domain based on the first certificate related action and a user type of the first user from a set of characteristics for the first user from an identity profile for the first user maintained by the Identity System being the first user type and wherein the request includes an identification of said identity profile for the first user;
  
  performing said first workflow, wherein performing said first workflow comprises executing said predefined set of steps of said first workflow to perform said certificate related action including retrieving an approval response from an entity associated with the first user and identified in the identity profile for the first user and obtaining a certificate and a real time status for the certificate from a certificate authority based on the approval response; and
  
  storing the certificate and said real time status in the Identity System, wherein the certificate authority is external to the Identity System.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 27)
- - 17. The apparatus of claim 16, wherein said method further comprises:
    - receiving said plurality of workflows.
  - 18. The apparatus of claim 16, wherein said method further comprises:
    - receiving at the Identity System a second request for a second certificate related action for a second user wherein the second certificate related action is selected from a group consisting of a certificate enrollment action, a certificate renewal action, and a certificate revocation action;
      
      determining by the Identity System from said plurality of domains a domain that includes said second user;
      
      determining by the Identity System from said plurality of workflows, one or more workflows associated with said domain that includes said second user and capable of performing said second certificate related action;
      
      retrieving by the Identity System from said one or more workflows associated with said domain that includes the second user a second workflow for responding to said second request, wherein retrieving the second workflow further comprises selecting the second workflow from the one or more workflows associated with said domain that includes said second user based on the second certificate related action and a user type of the second user from a set of characteristics for the second user from an identity profile for the second user maintained by the Identity System being the second user type, and wherein the second request includes an identification of said identity profile of the second user; and
      
      performing said second workflow, wherein performing said second workflow comprises executing said predefined set of steps of said second workflow to perform said certificate related action including obtaining a second certificate without retrieving an approval response.
  - 19. The apparatus of claim 18, wherein said first certificate related action is a certificate enrollment action and said second certificate related action is a certificate enrollment action.
  - 20. The apparatus of claim 16, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate enrollment action and wherein performing said first workflow comprises;
      
      obtaining a certificate, wherein obtaining the certificate comprises;
      
      authenticating said first user;
      
      forwarding said request to a Certificate Processing Server;
      
      receiving said certificate; and
      
      storing said certificate.
  - 21. The apparatus of claim 16, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate renewal action and wherein performing said first workflow comprises;
      
      obtaining a certificate, wherein obtaining the certificate comprises;
      
      authenticating said first user;
      
      forwarding said request to a Certificate Processing Server; and
      
      receiving a certificate renewal acknowledgement.
  - 22. The apparatus of claim 16, wherein said method further comprises:
    - performing said first workflow, wherein said first certificate related action is a certificate revocation action and wherein performing said first workflow comprises;
      
      revoking a certificate, wherein revoking the certificate comprises;
      
      authenticating said first user; and
      
      forwarding said request to a Certificate Processing Server.
  - 27. The apparatus of claim 16, wherein said method further comprises:
    - storing validation information for said certificate in the Identity System, wherein said validation information includes an identifier of a time said real time status was retrieved and a validation interval for said real time status;
      
      receiving at the Identity System a request to export the certificate;
      
      determining with the Identity System whether to check a status for said certificate, wherein determining whether to check the status for the certificate comprises querying a parameter field in the Identity System; and
      
      in response to determining to check the status for said certificate, determining with the Identity System whether to check the status for the certificate in real time, wherein determining whether to check the status for the certificate in real time comprises querying a parameter field in the Identity System.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sinn, Richard P., Teng, Joan C., Remahl, Thomas B.
Primary Examiner(s)
Shiferaw; Eleni A
Assistant Examiner(s)
Teslovich; Tamara

Application Number

US09/998,893
Publication Number

US 20020174238A1
Time in Patent Office

3,567 Days
Field of Search

713/201, 713/155, 713/156, 713/170, 713/158, 713/175, 705/9, 705/44, 705/400, 709/219, 709/229, 380/30, 726/6, 726/10, 726/27
US Class Current

726/10
CPC Class Codes

G06F 2221/2119   Authenticating web pages, e...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Employing electronic certificate workflows

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

244 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Employing electronic certificate workflows

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

244 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links