Authority-neutral certification for multiple-authority PKI environments

US 8,019,990 B2
Filed: 02/04/2008
Issued: 09/13/2011
Est. Priority Date: 09/28/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, at a server, a service request from an application executing on a node separate from the server, the service request containing public key encryption data;

based on user profile data, selecting a certification authority, from a plurality of available certification authorities, wherein the user profile data is pre-stored at the server and customizable based on user preference information;

generating a data object including information associated with the information in the service request;

transmitting the data object from the server to the selected certification authority;

receiving, at the server, a response from the selected certification authority;

generating a response object including information associated with information contained in the response; and

transmitting the response object to the application executing on the node.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for facilitating electronic certification, and systems for use therewith, are presented in the context of public key encryption infrastructures. Some aspects of the invention provide methods for facilitating electronic certification using authority-neutral service requests sent by an application, which are then formatted by a server comprising a middleware that can convert the authority-neutral request into certification authority specific objects. The server and middleware then return a response from a selected certification authority back to the service requesting application. Thus, the server and/or middleware act as intermediaries that facilitate user transactions in an environment having multiple certification authorities without undue burden on the applications or the expense and reliability problems associated therewith.

19 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, at a server, a service request from an application executing on a node separate from the server, the service request containing public key encryption data;
  
  based on user profile data, selecting a certification authority, from a plurality of available certification authorities, wherein the user profile data is pre-stored at the server and customizable based on user preference information;
  
  generating a data object including information associated with the information in the service request;
  
  transmitting the data object from the server to the selected certification authority;
  
  receiving, at the server, a response from the selected certification authority;
  
  generating a response object including information associated with information contained in the response; and
  
  transmitting the response object to the application executing on the node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the service request is certification authority-neutral.
  - 3. The method of claim 1, wherein generating the data object comprises converting the data object into a format consistent with an industry-standard protocol.
  - 4. The method of claim 3, wherein the industry-standard protocol is the Open Certificate Status Protocol (OCSP).
  - 5. The method of claim 1, wherein the method takes place in a public key infrastructure (PKI) environment.
  - 6. The method of claim 1, wherein the server is a World Wide Web server adapted for conducting secure transactions.
  - 7. The method of claim 1, wherein receiving the service request comprises receiving a HTTPS message from the application.
  - 8. The method of claim 1, wherein the response from the selected certification authority is in a format consistent with an industry-standard protocol.
  - 9. The method of claim 8, wherein the industry-standard protocol is the Open Certificate Status Protocol (OCSP).
  - 10. The method of claim 1, further comprising posting an object to the server using a Post method.
  - 11. The method of claim 1, further comprising passing the service request, using a load balancer, to a selected server, the server selected from a plurality of servers.
  - 12. The method of claim 1, wherein generating the response object comprises putting the response into a HTTP-compatible format.
  - 13. The method of claim 1, further comprising registration of the application using a registration process.
  - 14. The method of claim 13, wherein the registration process comprises creating an application preference profile.
  - 15. The method of claim 1, wherein the transmitted data object comprises a subset of application-related information, the subset being chosen based on the selected certification authority.

16. A system, comprising:
- a server connecting an application, executing on a node separate from the server, with a public key infrastructure (PKI) certification authority; and
  
  middleware, implemented on the server, the middleware comprising;
  
  a responder for responding to a service request received from the application;
  
  a dispatcher for routing communication through the server;
  
  a selector for selecting a certification authority from among a plurality of available certification authorities based on user profile data, wherein the user profile data is pre-stored at the server and customizable based on user preference information; and
  
  a certification service request formatter corresponding to the selected certification authority.
- View Dependent Claims (17, 18)
- - 17. The system of claim 16, further comprising a certification authority and a database for storing data.
  - 18. The system of claim 17, wherein the database contains application-specific data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fintegraph, LLC (Ascend Innovation Management, LLC)
Original Assignee
Zoralco Fund Limited Liability Company (Intellectual Ventures LLC)
Inventors
Chang, Kae-por F.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
KANAAN, SIMON P

Application Number

US12/025,196
Publication Number

US 20080189551A1
Time in Patent Office

1,317 Days
Field of Search

713150-159, 713/168, 713/170, 713/175
US Class Current

713/156
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/006   involving public key infras...

H04L 9/3268   using certificate validatio...

Authority-neutral certification for multiple-authority PKI environments

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authority-neutral certification for multiple-authority PKI environments

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links