Binding a digital certificate to multiple trust domains
First Claim
Patent Images
1. A computer implemented method comprising:
- processing, by a computer, automated application or validation utilities within at least two different trust domains using a single entity digital certificate, which can be relied upon by the automated application or validation utilities in the at least two different trust domains,identifying, by a computer, each of the at least two different trust domains having its own policy regime governing use of digital certificates, each policy regime to which the single entity digital certificate is alternately to be bound in connection with subject transactions being uniquely identified within the single entity digital certificate by an object identifier that refers to one of the at least two different trust domains, and the single entity digital certificate (i) including certificate profiles required by each of the at least two different trust domains, and (ii) chaining to multiple issuer certificates, each containing a common public key corresponding to a private certificate signing key used by an issuing entity to sign the single entity digital certificate,wherein said computer implemented method is performed within a public key infrastructure system that does not employ policy mapping between or among the at least two different trust domains and does not link any pair of the at least two different trust domains via cross-certificates.
1 Assignment
0 Petitions
Accused Products
Abstract
A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.
-
Citations
15 Claims
-
1. A computer implemented method comprising:
-
processing, by a computer, automated application or validation utilities within at least two different trust domains using a single entity digital certificate, which can be relied upon by the automated application or validation utilities in the at least two different trust domains, identifying, by a computer, each of the at least two different trust domains having its own policy regime governing use of digital certificates, each policy regime to which the single entity digital certificate is alternately to be bound in connection with subject transactions being uniquely identified within the single entity digital certificate by an object identifier that refers to one of the at least two different trust domains, and the single entity digital certificate (i) including certificate profiles required by each of the at least two different trust domains, and (ii) chaining to multiple issuer certificates, each containing a common public key corresponding to a private certificate signing key used by an issuing entity to sign the single entity digital certificate, wherein said computer implemented method is performed within a public key infrastructure system that does not employ policy mapping between or among the at least two different trust domains and does not link any pair of the at least two different trust domains via cross-certificates. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification