Requesting digital certificates

US 8,397,060 B2
Filed: 02/22/2002
Issued: 03/12/2013
Est. Priority Date: 02/22/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

requesting a certificate from a certificate issuer for a public key that is associated with a corresponding private key stored by a storing entity, the requesting comprising,generating a certificate request message indicative of a request for a certificate generated by a generating entity, andtransmitting the certificate request message to the certificate issuer, wherein the certificate request message comprises an indication of an origin of at least one of the private key and the public key, the indication representative of whether at least one of the storing entity and the generating entity are secure and whether or not the storing entity and the generating entity are within a single device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for requesting a certificate from a certificate issuer for a public key that is associated with a corresponding private key stored by a storing entity, the method comprising: generating by means of a generating entity a certificate request message indicative of a request for a certificate; and transmitting the certificate request message to the certificate issuer; the certificate request message including an indication of the relationship between the storing entity and the generating entity.

5 Citations

31 Claims

1. A method, comprising:
- requesting a certificate from a certificate issuer for a public key that is associated with a corresponding private key stored by a storing entity, the requesting comprising,generating a certificate request message indicative of a request for a certificate generated by a generating entity, andtransmitting the certificate request message to the certificate issuer, wherein the certificate request message comprises an indication of an origin of at least one of the private key and the public key, the indication representative of whether at least one of the storing entity and the generating entity are secure and whether or not the storing entity and the generating entity are within a single device.

2. A method, comprising:
- requesting a certificate from a certificate issuer for a public key that is associated with a corresponding private key stored by a storing entity, the requesting comprising,generating a certificate request message indicative of a request for a certificate generated with a generating entity; and
  
  transmitting the certificate request message to the certificate issuer,wherein the certificate request message comprises an indication of a relationship between the storing entity and the generating entity, andwherein the indication is representative of whether at least one of the storing entity and generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 3. The method as claimed in claim 2, wherein the indication is of a physical relationship between the storing entity configured to store the private key and the generating entity configured to generate the request.
  - 4. The method as claimed in claim 2, wherein the indication is of a security relationship between a storing entity configured to store the private key and the generating entity configured to generate the request.
  - 5. The method as claimed in claim 4, wherein the indication is of knowledge of the generating entity regarding a level of security of the private key stored by the storing entity.
  - 6. The method as claimed in claim 2, wherein the indication comprises one of a predetermined set of forms, and one of the forms indicates that a storing entity configured to store the private key is physically comprised in a generating entity configured to generate the request and the storing entity is physically secure.
  - 7. A method according to claim 2, wherein the indication indicates that the storing entity is not physically comprised in the generating entity.
  - 8. A method according to claim 2, wherein the indication indicates that a public key has been provided to the generating entity by user input.
  - 9. The method as claimed in claim 2, wherein the certificate issuer analyzes the request message to determine whether the certificate request message is an acceptable certificate request message and,when the certificate request message is determined to be acceptable, issues a certificate in response to the certificate request message.
  - 10. The method as claimed in claim 9, wherein the certificate comprises an indication of the relationship between a storing entity configured to store the private key and a generating entity configured to generate a request.
  - 11. The method as claimed in claim 9, wherein the certificate request message comprises data that is a function of a signing key, whereby the certificate request message is authenticated by the certificate issuer.
  - 12. The method as claimed in claim 11, wherein the certificate issuer authenticates the request message using a verifying key.
  - 13. The method as claimed in claim 11, wherein there is a symmetric key known both to the generating entity and to the certificate issuer, wherein the certificate issuer authenticates the request message using the shared symmetric key.
  - 14. The method as claimed in claim 9, wherein the certificate issuer limits the certificate depending on the indication of the relationship in the certificate request message.
  - 15. The method as claimed in claim 2, wherein the storing entity configured to store the private key is a smart card installed in an item of user equipment.
  - 16. The method as claimed in claim 2, wherein the storing entity is a universal integrated circuit card installed in the item of user equipment.

17. An apparatus, comprising:
- a generator configured to generate a certificate request message to request a certificate from a certificate issuer in respect of a public key that is associated with a corresponding private key stored by a storing entity, wherein the generator is configured to generate the certificate request message including an indication of an origin of at least one of the public key and the private key, the indication representative of whether at least one of the storing entity and the generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device, the generator implemented on at least one processor that is comprised at least partially of hardware.
- View Dependent Claims (18, 19)
- - 18. The apparatus of claim 17, wherein the indication is of a physical relationship between a storing entity configured to store the private key and a generating entity configured to generate the request.
  - 19. The apparatus of claim 17, wherein the indication is of a security relationship between a storing entity configured to store the private key and a generating entity configured to generate the request.

20. An apparatus, comprising:
- a certificate issuer configured to process certificate request messages, the certificate issuer configured to analyze a certificate request message to determine whether the certificate request message is an acceptable certificate request message, when the certificate request message is determined to be acceptable, issue a certificate in response to the certificate request message, and configured to limit the certificate based on an indication of an origin of at least one of a public key and a private key, the indication representative of a physical security determined based on a relationship of at least one of a generator and a storage entity storing the at least one of the public key and the private key, the indication further representative of whether or not the storing entity and the generating entity are within a single device, the certificate issuer implemented on at least one processor that is comprised at least partially of hardware.
- View Dependent Claims (21, 22, 23)
- - 21. The apparatus of claim 20, wherein the certificate comprises an indication of the relationship between a storing entity configured to store the private key and a generating entity configured to generate the request.
  - 22. The apparatus of claim 20, wherein the certificate request message comprises data that is a function of a signing key, whereby the certificate request message is authenticated.
  - 23. The apparatus of claim 22, further comprising:
    - an authenticator configured to authenticate the request message using a verifying key.

24. A method, comprising:
- receiving a certificate request message from a generating entity for a public key that is associated with a corresponding private key stored by a storing entity, wherein the certificate request message comprises an indication of an origin of at least one of the public key and the private key;
  
  analyzing the certificate request message to determine whether the certificate request message is acceptable; and
  
  issuing a certificate in response to the certificate request message when the certificate request message is determined to be acceptable, the certificate being limited based on the indication of the origin of the at least one of the public key and the private key, the indication representative of whether at least one of the storing entity and the generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24, wherein the certificate comprises an indication of the relationship between a storing entity configured to store the private key and a generating entity configured to generate the request.
  - 26. The method of claim 24, wherein the certificate request message comprises data that is a function of a signing key, whereby the certificate request message is authenticated.
  - 27. The method of claim 26, further comprising:
    - authenticating the certificate request message using a verifying key.

28. A computer program embodied on a non-transitory computer-readable storage medium, the computer program configured to control a processor to perform operations comprising:
- requesting a certificate from a certificate issuer from a generating entity for a public key that is associated with a corresponding private key stored by a storing entity, the requesting comprising generating a certificate request message indicative of a request for a certificate; and
  
  transmitting the certificate request message to the certificate issuer, wherein the certificate request message comprises an indication of an origin of at least one of the public key and the private key the indication representative of whether at least one of the storage entity and the generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.

29. A computer program embodied on a non-transitory computer-readable storage medium, the computer program configured to control a processor to perform operations comprising:
- receiving a certificate request message from a generating entity for a public key that is associated with a corresponding private key stored by a storing entity, wherein the certificate request message comprises an indication of an origin of at least one of the public key and the private key;
  
  analyzing the certificate request message to determine whether the certificate request message is acceptable; and
  
  issuing a certificate in response to the certificate request message when the certificate request message is determined to be acceptable, the certificate being limited based on the indication of the origin of the at least one of the public key and the private key in respect of the certificate which is requested, the indication representative of whether at least one of the storage entity and the generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.

30. An apparatus comprising:
- a generator configured to generate a certificate request message to request a certificate from a certificate issuer in respect of a public key that is associated with a corresponding private key stored by a storing entity, wherein the generator is implemented on at least one processor that is comprised at least partially of hardware;
  
  wherein the generator is configured to generate a certificate request message comprising an indication of a relationship between the storing entity and the generator, wherein the indication indicates whether at least one of the storing entity and generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.

31. A computer program embodied on a non-transitory computer-readable storage medium, the computer program configured to control a processor to perform operations comprising:
- requesting a certificate from a certificate issuer by a generating entity for a public key that is associated with a corresponding private key stored by a storing entity, the requesting comprising,generating a certificate request message indicative of a request for a certificate; and
  
  transmitting the certificate request message to the certificate issuer,wherein the certificate request message comprises an indication of a relationship between the storing entity and the generating entity, andwherein the indication indicates whether at least one of the storing entity and the generating entity are physically secure and whether or not the storing entity and the generating entity are within a single device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Asokan, Nadarajah, Ginzboorg, Philip, Nieml, Valterri
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
Callahan, Paul

Application Number

US10/504,192
Publication Number

US 20050086467A1
Time in Patent Office

4,036 Days
Field of Search

713/155, 713/156, 713/159, 713/173, 380/285, 380/28, 726/20, 726/30
US Class Current

713/156
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 9/3263   involving certificates, e.g...

Requesting digital certificates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Requesting digital certificates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links