System and method that uses cryptographic certificates to define groups of entities
First Claim
1. A method for issuing a digital cryptographic certificate, comprising:
- digitally describing on the cryptographic certificate;
at least one prerequisite condition, wherein the at least one prerequisite condition comprises membership in at least one prerequisite group of entities; and
at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and
digitally signing, using one or more hardware computing elements, the cryptographic certificate by at least one prerequisite from-the-group stakeholder which approves use of the membership in the at least one prerequisite group permitted by the at least one prerequisite to-the-group stakeholder for making a decision,wherein the digitally signing authorizes the use of the membership as a condition for making the decision.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for issuing a cryptographic certificate includes describing one or more prerequisite condition on the cryptographic certificate. The one or more prerequisite conditions comprise membership in one or more prerequisite group of entities. An entity may be a participant, a resource or a privilege, etc. The present invention also requires naming one or more target groups of entities on the cryptographic certificate. One or more prerequisite group stakeholder that authorizes an entity in the one or more prerequisite group of entities to be added as members in another group of entities sign the cryptographic certificate. The cryptographic certificate is also signed by one or more target group stakeholders that authorizes an entity to be added as a member of the one or more target groups. Exemplary prerequisite conditions relate to one or more of a membership in another group of entities, a physical characteristic, a temporal characteristic, a location characteristic or a position characteristic, among others.
-
Citations
45 Claims
-
1. A method for issuing a digital cryptographic certificate, comprising:
-
digitally describing on the cryptographic certificate; at least one prerequisite condition, wherein the at least one prerequisite condition comprises membership in at least one prerequisite group of entities; and at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and digitally signing, using one or more hardware computing elements, the cryptographic certificate by at least one prerequisite from-the-group stakeholder which approves use of the membership in the at least one prerequisite group permitted by the at least one prerequisite to-the-group stakeholder for making a decision, wherein the digitally signing authorizes the use of the membership as a condition for making the decision. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for processing a digital cryptographic certificate, comprising:
-
receiving the cryptographic certificate, said cryptographic certificate describing; at least one prerequisite condition comprising membership in at least one prerequisite group of entities; and at least one prerequisite to-the-group stakeholder which permits membership in the at least one prerequisite group of entities; and determining, using one or more hardware computing elements, whether the cryptographic certificate is validly digitally signed by at least one prerequisite from-the-group stakeholder which approves use of membership in the prerequisite group permitted by the at least one prerequisite to-the-group stakeholder in making a decision, wherein valid digital signatures of the certificate by the at least one prerequisite from-the-group stakeholder authorize the use of membership as a condition for making the decision. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A digital cryptographic certificate stored on one or more tangible non-transitory computer-readable storage media, comprising:
-
names of one or more of prerequisite groups; one or more prerequisite to-the-group stakeholders which permit membership in the one or more prerequisite groups; and one or more digital cryptographic signatures of one or more prerequisite from-the-group stakeholders which approve use of membership in the prerequisite group permitted by the one or more prerequisite to-the-group stakeholders for making a decision, wherein the one or more digital cryptographic signatures authorize the use of membership in the one or more prerequisite groups as a condition for making the decision. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A system that processes digital cryptographic certificates, comprising:
-
a plurality of entities; one or more digital group membership certificates stored on one or more tangible non-transitory computer-readable storage media, each group membership certificate containing names of one or more prerequisite groups and names of one or more target groups; one or more stakeholders functioning as one or more prerequisite from-the-group stakeholders, prerequisite to-the-group stakeholders, and target group stakeholders, a group membership certificate being valid if digitally signed cryptographically by those one or more prerequisite from-the-group stakeholders that authorize an entity name in the one or more prerequisite groups to become an entity name in another group, wherein the group membership certificate describes one or more prerequisite to-the-group stakeholders that permit membership in the one or more prerequisite group, wherein one or more signatures of the certificate by the one or more prerequisite from-the-group stakeholders authorize the use of membership in the one or more prerequisite groups permitted by the one or more prerequisite to-the-group stakeholders as a condition for a decision to add the entity name in the another group, said group membership certificate being further digitally signed cryptographically by those one or more target group stakeholders that authorize adding the entity name to the one or more target groups; and a node that receives a digital cryptographic certificate from the entity;
said node examining the one or more group membership certificates and adding a corresponding entity name to the target group named in said one or more group membership certificates provided that the received cryptographic certificate validly binds a corresponding entity to a prerequisite group contained in the valid group membership certificate.
-
Specification