Method and apparatus for managing digital certificates
First Claim
Patent Images
1. A computer-implemented method for managing digital, certificates, the method comprising:
- receiving, at a certificate handler, over a network an email from a user, the email including an encryption certificate having a public key associated with the user, the email requesting the encryption certificate to be added into a directory of an email directory server that provides email directory services to one or more email servers, wherein the email directory server is a lightweight directory access protocol (LDAP) server;
extracting, by the certificate handler, the encryption certificate from the email, the encryption certificate being issued from a certificate authority other than the user, wherein the certificate handler and the user are separate entities;
obtaining, by the certificate handler, a root certificate from the certificate authority, the root certificate corresponding to the encryption certificate;
authenticating, by the certificate handler, the encryption certificate using the root certificate, wherein the certificate handler is a separate entity from the certificate authority; and
upon successfully authenticating the encryption certificate, the certificate handler causing the encryption certificate to be stored in an entry of the directory of the email directory server based on an identity (ID) of the user, such that other users can obtain the encryption certificate from the email directory server to send an encrypted email to the user using the public key of the encryption certificate, wherein the encrypted email is to be decrypted by the user using a private key corresponding to the public key.
1 Assignment
0 Petitions
Accused Products
Abstract
Method and apparatus for managing digital certificates are described herein. In one embodiment, an encryption certificate is extracted from an email received from an owner of the encryption certificate, where the encryption certificate being issued from a trusted party other than the owner. Then the encryption certificate is associated with an entry of a directory based on an identity (ID) of the owner, where the directory provides directory services to one or more email servers. Other methods and apparatuses are also described.
38 Citations
22 Claims
-
1. A computer-implemented method for managing digital, certificates, the method comprising:
-
receiving, at a certificate handler, over a network an email from a user, the email including an encryption certificate having a public key associated with the user, the email requesting the encryption certificate to be added into a directory of an email directory server that provides email directory services to one or more email servers, wherein the email directory server is a lightweight directory access protocol (LDAP) server; extracting, by the certificate handler, the encryption certificate from the email, the encryption certificate being issued from a certificate authority other than the user, wherein the certificate handler and the user are separate entities; obtaining, by the certificate handler, a root certificate from the certificate authority, the root certificate corresponding to the encryption certificate; authenticating, by the certificate handler, the encryption certificate using the root certificate, wherein the certificate handler is a separate entity from the certificate authority; and upon successfully authenticating the encryption certificate, the certificate handler causing the encryption certificate to be stored in an entry of the directory of the email directory server based on an identity (ID) of the user, such that other users can obtain the encryption certificate from the email directory server to send an encrypted email to the user using the public key of the encryption certificate, wherein the encrypted email is to be decrypted by the user using a private key corresponding to the public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 12, 13, 14, 15, 16)
-
-
9. A non-transitory machine-readable medium having instructions, which when executed, cause a processor to perform a method for managing digital certificates, the method comprising:
-
receiving, at a certificate handler, over a network an email from a user, the email including an encryption certificate having a public key associated with the user, the email requesting the encryption certificate to be added into a directory of an email directory server that provides email directory services to one or more email servers, wherein the email directory server is a lightweight directory access protocol (LDAP) server; extracting, by the certificate handler, the encryption certificate from the email, the encryption certificate being issued from a certificate authority other than the user, wherein the certificate handler and the user are separate entities; obtaining, by the certificate handler, a root certificate from the certificate authority, the root certificate corresponding to the encryption certificate; authenticating, by the certificate handler, the encryption certificate using the root certificate, wherein the certificate handler is a separate entity from the certificate authority; and upon successfully authenticating the encryption certificate, the certificate handler causing the encryption certificate to be stored in an entry of the directory of the email directory server based on an identity (ID) of the user, such that other users can obtain the encryption certificate from the email directory server to send an encrypted email to the user using the public key of the encrypted certificate, wherein the encrypted email is to be decrypted by the user using a private key corresponding to the public key. - View Dependent Claims (10, 11)
-
-
17. An apparatus for managing digital certificates, comprising:
-
an extractor to extract an encryption certificate from an email received from a user as an owner of the encryption certificate including a public key associated with the user, the encryption certificate being issued from a certificate authority other than the owner, wherein the email requests the encryption certificate to be added into a directory of an email directory server that provides email directory services to one or more email servers, wherein the email directory server is a lightweight directory access protocol (LDAP) server; an encryption certificate verifier coupled to the extractor to obtain a root certificate from the certificate authority and to verify the encryption certificate using the root certificate; and a directory entry processing unit coupled to the extractor and the encryption certificate verifier, upon successfully verifying the encryption certificate, to store the encryption certificate in an entry of the directory of the email directory server based on an identity (ID) of the owner, such that other users can obtain the encryption certificate from the email directory server to send an encrypted email to the user using the public key of the encryption certificate, wherein the encrypted email is to be decrypted by the user using a private key corresponding to the public key. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification