System and method that uses cryptographic certificates to define groups of entities

US 8,380,981 B2
Filed: 05/16/2008
Issued: 02/19/2013
Est. Priority Date: 05/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method for issuing a digital cryptographic certificate, comprising:

digitally describing on the cryptographic certificate;

at least one prerequisite condition, wherein the at least one prerequisite condition comprises membership in at least one prerequisite group of entities; and

at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and

digitally signing, using one or more hardware computing elements, the cryptographic certificate by at least one prerequisite from-the-group stakeholder which approves use of the membership in the at least one prerequisite group permitted by the at least one prerequisite to-the-group stakeholder for making a decision,wherein the digitally signing authorizes the use of the membership as a condition for making the decision.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for issuing a cryptographic certificate includes describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. The present invention also requires naming one or more target groups of entities on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate is also signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others.

Citations

45 Claims

1. A method for issuing a digital cryptographic certificate, comprising:
- digitally describing on the cryptographic certificate;
  
  at least one prerequisite condition, wherein the at least one prerequisite condition comprises membership in at least one prerequisite group of entities; and
  
  at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and
  
  digitally signing, using one or more hardware computing elements, the cryptographic certificate by at least one prerequisite from-the-group stakeholder which approves use of the membership in the at least one prerequisite group permitted by the at least one prerequisite to-the-group stakeholder for making a decision,wherein the digitally signing authorizes the use of the membership as a condition for making the decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the decision relates to at least one of admitting an entity for membership in another group, granting access to a resource, granting a privilege or performing an action.
  - 3. The method of claim 1, wherein a name of the at least one prerequisite group is associated with the identity of the prerequisite from-the-group stakeholder.
  - 4. The method of claim 3, wherein the identity of the at least one prerequisite from-the-group stakeholder comprises a public key of such stakeholder.
  - 5. The method of claim 1, wherein the cryptographic certificate is further signed by one more resource stakeholders that control access to a privilege or resource.
  - 6. The method claims 1, wherein the one or more prerequisite from-the-group stakeholders authorize an entity in the at least one prerequisite group to be an entity in at least one target group, and wherein the cryptographic certificate is further signed by at least one target group stakeholder that authorizes the entity to be added as a member to the at least one target group.
  - 7. The method of claim 6, wherein a the name of the at least one target group comprises:
    - a name of at least one target group stakeholder that authorizes membership of the entity member of said at least one target group in another group; and
      
      a name of the at least one target group stakeholder that authorizes the entity to become the member of said at least one target group.
  - 8. The method of claim 7, wherein the name of the at least one target group further comprises at least one target group disambiguating identifier.
  - 9. The method of claim 7, wherein the names of said at least one target group stakeholders comprises public keys of the at least one target group stakeholders and signatures of the at least one target group stakeholders comprise cryptographic signatures of the cryptographic certificate made using said at least one target group stakeholders'"'"' private keys.
  - 10. The method of claim 1, wherein the at least one prerequisite condition relates to at least one of a membership in another group of entities, a physical characteristic, a non-physical characteristic, a temporal characteristic, a non-temporal characteristic, a location characteristic or a position characteristic.
  - 11. The method of claim 1, wherein a name of the at least one prerequisite group comprises:
    - a name of at least one prerequisite from-the-group stakeholder that authorizes an entity in the at least one prerequisite group to be a member of another group of entities; and
      
      a name of at least one prerequisite to-the-group stakeholder that authorizes membership of the entity in the at least one prerequisite group.
  - 12. The method of claim 11, wherein the name of the at least one prerequisite group further comprises at least one prerequisite group disambiguating identifier.
  - 13. The method of claim 11, wherein the names of the at least one prerequisite from-the-group stakeholders comprise public keys of said at least one prerequisite from-the-group stakeholders and signatures of said at least one prerequisite from-the-group stakeholders comprise cryptographic signatures of the cryptographic certificate made using such stakeholders'"'"' private keys.
  - 14. The method of claim 1, wherein an entity comprises at least one of a participant, resource or privilege.

15. A method for processing a digital cryptographic certificate, comprising:
- receiving the cryptographic certificate, said cryptographic certificate describing;
  
  at least one prerequisite condition comprising membership in at least one prerequisite group of entities; and
  
  at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and
  
  determining, using one or more hardware computing elements, whether the cryptographic certificate is validly digitally signed by at least one prerequisite from-the-group stakeholder which approves use of membership in the prerequisite group permitted by the at least one prerequisite to-the-group stakeholder in making a decision,wherein valid digital signatures of the certificate by the at least one prerequisite from-the-group stakeholder authorize the use of membership as a condition for making the decision.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The method of claim 15, wherein the decision relates to at least one of admitting an entity for membership in another group, granting access to a resource, granting a privilege, or performing an action.
  - 17. The method of claims 15, wherein the one or more prerequisite from-the-group stakeholders authorize an entity in an at least one prerequisite group to be an entity in at least one target group and wherein the method further comprises determining whether the cryptographic certificate is validly signed by at least one target group stakeholder that authorizes the entity to be added as a member to the at least one target group.
  - 18. The method of claim 17, wherein a name of the at least one target group comprises:
    - a name of at least one target group stakeholder that authorizes membership of an entity member of the at least one target group in another group; and
      
      a name of the at least one target group stakeholder that authorizes the entity to become the member of the at least one target group.
  - 19. The method of claim 18, wherein the name of the at least one target group further comprises at least one target group disambiguating identifier.
  - 20. The method of claim 18, wherein the names of the at least one target group stakeholders comprise public keys of said at least one target group stakeholders and signatures of said at least one target group stakeholders comprise cryptographic signatures of the certificate made using said at least one target group stakeholders'"'"' private keys.
  - 21. The method of claim 15, wherein a name of the at least one prerequisite group is associated with the identity of the at least one prerequisite from-the-group stakeholder.
  - 22. The method of claim 21, wherein the identity of the at least one prerequisite from-the-group stakeholder comprises a public key of such stakeholder.
  - 23. The method of claim 15, further comprises determining whether the cryptographic certificate is validly signed by at least one resource stakeholder who controls access to a privilege or resource.
  - 24. The method of claim 15, wherein the prerequisite condition relates to at least one of a membership in another group of entities, a physical characteristic, a non-physical characteristic, a temporal characteristic, a non-temporal characteristic, a location characteristic or a position characteristic.
  - 25. The method of claim 15, wherein a name of the at least one prerequisite group comprises:
    - a name of at least one prerequisite from-the-group stakeholder that authorizes an entity in the at least one prerequisite group to be a member of another group of entities; and
      
      a name of at least one prerequisite to-the-group stakeholder that authorizes membership of the entity in the at least one prerequisite group.
  - 26. The method of claim 25, wherein the name of the at least one prerequisite group further comprises at least one prerequisite group disambiguating identifier.
  - 27. The method of claim 25, wherein the names of the at least one prerequisite from-the-group stakeholders comprise public keys of said at least one prerequisite from-the-group stakeholders and signatures of the at least one prerequisite from-the-group stakeholders comprise cryptographic signatures of the cryptographic certificate made using such stakeholders'"'"' private keys.
  - 28. The method of claim 15, wherein an entity comprises at least one of a participant, a resource or a privilege.

29. A digital cryptographic certificate stored on one or more tangible non-transitory computer-readable storage media, comprising:
- names of one or more of prerequisite groups;
  
  one or more prerequisite to-the-group stakeholders which permit membership in the one or more prerequisite groups; and
  
  one or more digital cryptographic signatures of one or more prerequisite from-the-group stakeholders which approve use of membership in the prerequisite group permitted by the one or more prerequisite to-the-group stakeholders for making a decision,wherein the one or more digital cryptographic signatures authorize the use of membership in the one or more prerequisite groups as a condition for making the decision.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 30. The cryptographic certificate of claim 29, wherein the one or more prerequisite from-the-group stakeholders authorize an entity in the one or more prerequisite groups to be an entity in one or more target groups.
  - 31. The cryptographic certificate of claim 30 further comprising the names of one or more target groups.
  - 32. The cryptographic certificate of claim 31, wherein the names of the target groups comprise:
    - names of one or more target group stakeholders that authorize membership of an entity member of the one or more target groups in another group; and
      
      names of one or more target group stakeholders that authorize the entity to become the member of the one or more target groups.
  - 33. The cryptographic certificate of claim 32, wherein the names of the one or more target groups further comprise at least one target group disambiguating identifier.
  - 34. The cryptographic certificate of claim 32, wherein the names of the target group stakeholders comprise public keys of the one or more target group stakeholders and signatures of the one or more target group stakeholders comprise cryptographic signatures of the cryptographic certificate made using the one or more target group stakeholders'"'"' private keys.
  - 35. The cryptographic certificate of claim 30 further comprising names of the one or more target groups and cryptographic signatures of one or more target group stakeholders that authorize adding the entity to the one or more target groups.
  - 36. The cryptographic certificate of claim 29, wherein the decision relates to at least one of admitting an entity for membership in another group, granting access to a resource, granting a privilege or performing an action.
  - 37. The cryptographic certificate of claim 29, wherein the names of the one or more prerequisite groups are associated with the identity of the one or more prerequisite from-the-group stakeholders.
  - 38. The cryptographic certificate of claim 37, wherein the identity of a prerequisite from-the-group stakeholder comprises a public key of such stakeholder.
  - 39. The cryptographic certificate of claim 29, further comprising cryptographic signatures of one more resource stakeholders who control access to a privilege or a resource.
  - 40. The cryptographic certificate of claim 29, wherein the prerequisite condition relates to at least one of a membership in another group of entities, a physical characteristic, a non-physical characteristic, a temporal characteristic, a non-temporal characteristic, a location characteristic or a position characteristic.
  - 41. The cryptographic certificate of claim 29, wherein the names of one or more prerequisite groups comprise:
    - names of one or more prerequisite from-the-group stakeholders that authorize an entity in the one or more prerequisite groups to be a member of at least one target group of entities; and
      
      names of one or more prerequisite to-the-group stakeholders that authorize membership of the entity in the one or more prerequisite groups.
  - 42. The cryptographic certificate of claim 41, wherein the name of the prerequisite group further comprises at least one prerequisite group disambiguating identifier.
  - 43. The cryptographic certificate of claim 41, wherein the names of the one or more prerequisite from-the-group stakeholders comprise public keys of the one or more prerequisite from-the-group stakeholders and the one or more signatures of the one or more prerequisite from-the-group stakeholders comprise cryptographic signatures of the cryptographic certificate made using such stakeholders'"'"' private keys.
  - 44. The cryptographic certificate of claim 29, wherein an entity comprises at least one of a participant, a resource or a privilege.

45. A system that processes digital cryptographic certificates, comprising:
- a plurality of entities;
  
  one or more digital group membership certificates stored on one or more tangible non-transitory computer-readable storage media, each group membership certificate containing names of one or more prerequisite groups and names of one or more target groups;
  
  one or more stakeholders functioning as one or more prerequisite from-the-group stakeholders, prerequisite to-the-group stakeholders, and target group stakeholders, a group membership certificate being valid if digitally signed cryptographically by those one or more prerequisite from-the-group stakeholders that authorize an entity name in the one or more prerequisite groups to become an entity name in another group, wherein the group membership certificate describes one or more prerequisite to-the-group stakeholders that permit membership in the one or more prerequisite group, wherein one or more signatures of the certificate by the one or more prerequisite from-the-group stakeholders authorize the use of membership in the one or more prerequisite groups permitted by the one or more prerequisite to-the-group stakeholders as a condition for a decision to add the entity name in the another group, said group membership certificate being further digitally signed cryptographically by those one or more target group stakeholders that authorize adding the entity name to the one or more target groups; and
  
  a node that receives a digital cryptographic certificate from the entity;
  
  said node examining the one or more group membership certificates and adding a corresponding entity name to the target group named in said one or more group membership certificates provided that the received cryptographic certificate validly binds a corresponding entity to a prerequisite group contained in the valid group membership certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Objective Interface Systems, Inc.
Original Assignee
Objective Interface Systems, Inc.
Inventors
Beckwith, Reynolds William, Chilton, Jeffrey William, Marshall, Jeffrey Grant
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Su, Sarah

Application Number

US12/122,352
Publication Number

US 20090287933A1
Time in Patent Office

1,740 Days
Field of Search

713/150, 713/155, 713/156, 713/168, 713/176, 726/2, 726/3, 726/4, 726/10, 709/220, 709223-226
US Class Current

713/156
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 9/3255   using group based signature...

H04L 9/3263   involving certificates, e.g...

System and method that uses cryptographic certificates to define groups of entities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

System and method that uses cryptographic certificates to define groups of entities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links