System and method for obtaining a digital certificate for an endpoint
First Claim
1. A method of establishing a digital certificate on an endpoint, the method comprising:
- establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by;
generating digitally signed information at the proxy function module,communicating the digitally signed information to the endpoint, andauthenticating the digitally signed information at the endpoint;
generating certification information at the endpoint;
transmitting at least a portion of the certification information to the proxy function module, the proxy function module operable to package the at least the portion of certification information in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request;
receiving the digital certificate at the endpoint from the proxy function module; and
transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; and
wherein generating certification information at the endpoint further comprises;
receiving a hash at the endpoint from the proxy function module;
encrypting the hash; and
transmitting the at least the portion of the certification information further comprises transmitting the encrypted hash as at least a portion of the at least the portion of the certification information.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the present invention, a method of establishing a digital certificate on an endpoint includes establishing a connection between a proxy function module and the endpoint. The proxy function module is remotely located from the endpoint and operable to communicate with the endpoint and a certificate authority. Authentication information is generated at the endpoint. A portion of the authentication information is transmitted to the proxy function module. The proxy function module obtains a digital certificate based on the portion of the authentication information. The digital certificate is received at the endpoint from the proxy function module.
31 Citations
22 Claims
-
1. A method of establishing a digital certificate on an endpoint, the method comprising:
-
establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by; generating digitally signed information at the proxy function module, communicating the digitally signed information to the endpoint, and authenticating the digitally signed information at the endpoint; generating certification information at the endpoint; transmitting at least a portion of the certification information to the proxy function module, the proxy function module operable to package the at least the portion of certification information in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request; receiving the digital certificate at the endpoint from the proxy function module; and transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; and wherein generating certification information at the endpoint further comprises; receiving a hash at the endpoint from the proxy function module; encrypting the hash; and transmitting the at least the portion of the certification information further comprises transmitting the encrypted hash as at least a portion of the at least the portion of the certification information. - View Dependent Claims (2, 3, 4, 21, 22)
-
-
5. A method of establishing a digital certificate on an endpoint with a proxy function module, comprising:
-
establishing a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by; generating digitally signed information at the proxy function module, communicating the digitally signed information to the endpoint, and authenticating the digitally signed information at the endpoint; receiving at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint; packaging the at least the portion of certification information in a certificate request; transmitting the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate; receiving the digital certificate at the proxy function module; transmitting the digital certificate to the endpoint; receiving a request to obtain an updated digital certificate; packaging the at least the portion of certification information in a certificate update request; and obtaining the updated digital certificate from the certificate authority based on the certificate update request; transmitting a hash to the endpoint prior to receiving at least the portion of certification information, wherein receiving at least the portion of certification information further comprises; receiving a public key generated by the endpoint; receiving an encrypted hash, encrypted by a private key generated by the endpoint. - View Dependent Claims (6)
-
-
7. A system for establishing a digital certificate on an endpoint, the system comprising:
-
an endpoint, operable to; authenticate a proxy function module by authenticating digitally signed information received from the proxy function module; generate certification information; and transmit at least a portion of the certification information to the proxy function module, and the proxy function module in communication with the endpoint, the proxy function module comprises logic encoded in non-transitory media operable to; generate digitally signed information at the proxy function module; communicate the digitally signed information to the endpoint; receive the at least the portion of the certification information; package the at least the portion of the certification information in a certificate request; transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate; receive the digital certificate; transmit the digital certificate to the endpoint; receive a request to obtain an updated digital certificate; package the at least the portion of certification information in a certificate update request; and obtain the updated digital certificate from the certificate authority based on the certificate update request; wherein the proxy function module is further operable to transmit a hash to the endpoint. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An endpoint comprising:
-
logic encoded in non-transitory media such that when executed is operable to; establish a connection between a proxy function module and the endpoint, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority, the logic further operable to establish the connection by authenticating the proxy function module by authenticating, at the endpoint, digitally signed information received from the proxy function module; generate certification information at the endpoint; transmit at least a portion of the certification information to the proxy function module, the proxy function module operable to obtain a digital certificate from a certificate authority based on the at least the portion of the certification information; and receive the digital certificate at the endpoint from the proxy function module. transmit a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; wherein the logic encoded in media is further operable to; encrypt a hash, and transmit the encrypted hash as at least a portion of the at least the portion of the certification information. - View Dependent Claims (14, 15)
-
-
16. A proxy function module for establishing a digital certificate on an endpoint, the proxy function module comprising:
-
an interface operable to establish a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority; a processor operable to; generate digitally signed information at the proxy function module; communicate the digitally signed information to the endpoint for authentication of the proxy function module by the endpoint; receive at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint; package the at least the portion of certification information in a certificate request; transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate; receive the digital certificate at the proxy function module; transmit the digital certificate to the endpoint; receive a request to obtain an updated digital certificate; package the at least the portion of certification information in a certificate update request; and obtain the updated digital certificate from the certificate authority based on the certificate update request; wherein the processor is further operable to; transmit a hash to the endpoint prior to receiving at least the portion of certification information, wherein the processor in receipt of at least the portion of certification information is further operable to; receive a public key generated by the endpoint; and receive an encrypted hash, encrypted by a private key generated by the endpoint. - View Dependent Claims (17)
-
-
18. Logic encoded in non-transitory media such that when executed is operable to:
-
establish a connection between an endpoint and a proxy function module, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority, the logic further operable to establish the connection by communicating digitally signed information to the endpoint for authentication of the proxy function module by the endpoint; receive at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint; package the at least the portion of certification information in a certificate request; transmit the certificate request to a certificate authority, the certificate authority reviewing the request and issuing a digital certificate; receive the digital certificate at the proxy function module; transmit the digital certificate to the endpoint; receive a request to obtain an updated digital certificate; package at least the portion of certification information in a certificate update request; and obtain the updated digital certificate from the certificate authority based on the certificate update request; wherein the logic encoded in media is further operable to; transmit a hash to the endpoint prior to receipt of at least the portion of certification information, wherein the executed computer code in the receipt of the at least the portion of certification information is further operable to; receive a public key generated by the endpoint; and receive an encrypted hash, encrypted by a private key generated by the endpoint. - View Dependent Claims (19)
-
-
20. A method of establishing a digital certificate on an endpoint, the method comprising:
-
establishing a connection with a proxy function module, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority; receiving digitally signed information from the proxy function module; authenticating the proxy function module by authenticating the digitally signed information at the endpoint; generating a private key at the endpoint; generating a public key at the endpoint, the public key complementary to the private key; receiving a hash at the endpoint from the proxy function module; encrypting the hash with the public key; transmitting the encrypted hash and the public key to the proxy function module, the proxy function module operable to package the encrypted hash and the public key in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request; receiving the digital certificate at the endpoint from the proxy function module; and transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; encrypting a hash, and transmitting the encrypted hash as at least a portion of the at least the portion of the certification information.
-
Specification