System and method for obtaining a digital certificate for an endpoint

US 8,943,310 B2
Filed: 01/25/2005
Issued: 01/27/2015
Est. Priority Date: 01/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a digital certificate on an endpoint, the method comprising:

establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by;

generating digitally signed information at the proxy function module,communicating the digitally signed information to the endpoint, andauthenticating the digitally signed information at the endpoint;

generating certification information at the endpoint;

transmitting at least a portion of the certification information to the proxy function module, the proxy function module operable to package the at least the portion of certification information in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request;

receiving the digital certificate at the endpoint from the proxy function module; and

transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; and

wherein generating certification information at the endpoint further comprises;

receiving a hash at the endpoint from the proxy function module;

encrypting the hash; and

transmitting the at least the portion of the certification information further comprises transmitting the encrypted hash as at least a portion of the at least the portion of the certification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the present invention, a method of establishing a digital certificate on an endpoint includes establishing a connection between a proxy function module and the endpoint. The proxy function module is remotely located from the endpoint and operable to communicate with the endpoint and a certificate authority. Authentication information is generated at the endpoint. A portion of the authentication information is transmitted to the proxy function module. The proxy function module obtains a digital certificate based on the portion of the authentication information. The digital certificate is received at the endpoint from the proxy function module.

31 Citations

View as Search Results

22 Claims

1. A method of establishing a digital certificate on an endpoint, the method comprising:
- establishing a connection between a proxy function module and the endpoint, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by;
  
  generating digitally signed information at the proxy function module,communicating the digitally signed information to the endpoint, andauthenticating the digitally signed information at the endpoint;
  
  generating certification information at the endpoint;
  
  transmitting at least a portion of the certification information to the proxy function module, the proxy function module operable to package the at least the portion of certification information in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request;
  
  receiving the digital certificate at the endpoint from the proxy function module; and
  
  transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request; and
  
  wherein generating certification information at the endpoint further comprises;
  
  receiving a hash at the endpoint from the proxy function module;
  
  encrypting the hash; and
  
  transmitting the at least the portion of the certification information further comprises transmitting the encrypted hash as at least a portion of the at least the portion of the certification information.
- View Dependent Claims (2, 3, 4, 21, 22)
- - 2. The method of claim 1, wherein:
    - the generating digitally signed information at the proxy function module comprises generating information signed with a private key of the proxy function module; and
      
      the authenticating the digitally signed information at the endpoint comprises verifying the digitally signed information against a certificate trust list.
  - 3. The method of claim 1, wherein generating certification information at the endpoint further comprises:
    - generating a private key; and
      
      generating a public key, the public key complementary to the private key.
  - 4. The method of claim 1, further comprising:
    - installing the digital certificate on the endpoint.
  - 21. The method of claim 1, further comprising:
    - transmitting confirmation information from the endpoint to the proxy function module; and
      
      storing the confirmation information in a database, the database being in communication with the proxy function module.
  - 22. The method of claim 21, wherein the confirmation information identifies an expiration date of the digital certificate, the method further comprising:
    - generating a second request at the proxy function module at a predetermined time period relative to the expiration date of the digital certificate, the second request requesting that the endpoint seek a new digital certificate; and
      
      communicating the second request to the endpoint.

5. A method of establishing a digital certificate on an endpoint with a proxy function module, comprising:
- establishing a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority, wherein the establishing the connection between the proxy function module and the endpoint further comprises authenticating the proxy function module by;
  
  generating digitally signed information at the proxy function module,communicating the digitally signed information to the endpoint, andauthenticating the digitally signed information at the endpoint;
  
  receiving at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint;
  
  packaging the at least the portion of certification information in a certificate request;
  
  transmitting the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receiving the digital certificate at the proxy function module;
  
  transmitting the digital certificate to the endpoint;
  
  receiving a request to obtain an updated digital certificate;
  
  packaging the at least the portion of certification information in a certificate update request; and
  
  obtaining the updated digital certificate from the certificate authority based on the certificate update request;
  
  transmitting a hash to the endpoint prior to receiving at least the portion of certification information, wherein receiving at least the portion of certification information further comprises;
  
  receiving a public key generated by the endpoint;
  
  receiving an encrypted hash, encrypted by a private key generated by the endpoint.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein transmitting the digital certificates to the endpoint further comprises:
    - verifying information on the digital certificate; and
      
      transmitting the digital certificate to the endpoint only if the information is verified.

7. A system for establishing a digital certificate on an endpoint, the system comprising:
- an endpoint, operable to;
  
  authenticate a proxy function module by authenticating digitally signed information received from the proxy function module;
  
  generate certification information; and
  
  transmit at least a portion of the certification information to the proxy function module, andthe proxy function module in communication with the endpoint, the proxy function module comprises logic encoded in non-transitory media operable to;
  
  generate digitally signed information at the proxy function module;
  
  communicate the digitally signed information to the endpoint;
  
  receive the at least the portion of the certification information;
  
  package the at least the portion of the certification information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receive the digital certificate;
  
  transmit the digital certificate to the endpoint;
  
  receive a request to obtain an updated digital certificate;
  
  package the at least the portion of certification information in a certificate update request; and
  
  obtain the updated digital certificate from the certificate authority based on the certificate update request;
  
  wherein the proxy function module is further operable to transmit a hash to the endpoint.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein logic encoded in media in the endpoint is further operable to:
    - encrypt the hash, andtransmit the encrypted hash as at least a portion of the at least the portion of the certification information.
  - 9. The system of claim 7, whereinthe digitally signed information comprises information signed with a private key of the proxy function module;
    - andthe logic encoded in media in the endpoint is further operable to authenticate the digitally signed information by verifying the digitally signed information against a certificate trust list.
  - 10. The system of claim 7, wherein the logic encoded in media in the endpoint in the generation of the certification information is further operable to:
    - generate a private key; and
      
      generate a public key, the public key complementary to the private key.
  - 11. The system of claim 7, wherein the logic encoded in media in the proxy function module is further operable to:
    - verify information on the digital certificate and only transmit the digital certificate to the endpoint if the information is correct.
  - 12. The system of claim 7, wherein the logic encoded in media in the proxy function module is further operable to:
    - install the digital certificate on the endpoint.

13. An endpoint comprising:
- logic encoded in non-transitory media such that when executed is operable to;
  
  establish a connection between a proxy function module and the endpoint, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority, the logic further operable to establish the connection by authenticating the proxy function module by authenticating, at the endpoint, digitally signed information received from the proxy function module;
  
  generate certification information at the endpoint;
  
  transmit at least a portion of the certification information to the proxy function module, the proxy function module operable to obtain a digital certificate from a certificate authority based on the at least the portion of the certification information; and
  
  receive the digital certificate at the endpoint from the proxy function module.transmit a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to obtain the updated digital certificate from the certificate authority based on the certificate update request;
  
  wherein the logic encoded in media is further operable to;
  
  encrypt a hash, andtransmit the encrypted hash as at least a portion of the at least the portion of the certification information.
- View Dependent Claims (14, 15)
- - 14. The endpoint of claim 13, wherein the logic encoded in media is further operable to:
    - the digitally signed information comprises information signed with a private key of the proxy function module; and
      
      the logic encoded in media in the endpoint is further operable to authenticate the digitally signed information by verifying the digitally signed information against a certificate trust list.
  - 15. The endpoint of claim 13, wherein the logic encoded in media in the generation of the certification information is further operable to:
    - generate a private key; and
      
      generate a public key, the public key complementary to the private key.

16. A proxy function module for establishing a digital certificate on an endpoint, the proxy function module comprising:
- an interface operable to establish a connection between the endpoint and the proxy function module, the proxy function module remotely located from the endpoint, and the proxy function module operable to communicate with the endpoint and a certificate authority;
  
  a processor operable to;
  
  generate digitally signed information at the proxy function module;
  
  communicate the digitally signed information to the endpoint for authentication of the proxy function module by the endpoint;
  
  receive at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint;
  
  package the at least the portion of certification information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the certificate request and issuing a digital certificate;
  
  receive the digital certificate at the proxy function module;
  
  transmit the digital certificate to the endpoint;
  
  receive a request to obtain an updated digital certificate;
  
  package the at least the portion of certification information in a certificate update request; and
  
  obtain the updated digital certificate from the certificate authority based on the certificate update request;
  
  wherein the processor is further operable to;
  
  transmit a hash to the endpoint prior to receiving at least the portion of certification information, wherein the processor in receipt of at least the portion of certification information is further operable to;
  
  receive a public key generated by the endpoint; and
  
  receive an encrypted hash, encrypted by a private key generated by the endpoint.
- View Dependent Claims (17)
- - 17. The proxy function module of claim 16, wherein the processor is further operable to transmit the digital certificates to the endpoint by:
    - verifying information on the digital certificate; and
      
      transmitting the digital certificate to the endpoint only if the information is verified.

18. Logic encoded in non-transitory media such that when executed is operable to:
- establish a connection between an endpoint and a proxy function module, wherein the proxy function module is remotely located from the endpoint, and the proxy function module is operable to communicate with the endpoint and a certificate authority, the logic further operable to establish the connection by communicating digitally signed information to the endpoint for authentication of the proxy function module by the endpoint;
  
  receive at least a portion of certification information at the proxy function module, the at least the portion of certification information generated at the endpoint;
  
  package the at least the portion of certification information in a certificate request;
  
  transmit the certificate request to a certificate authority, the certificate authority reviewing the request and issuing a digital certificate;
  
  receive the digital certificate at the proxy function module;
  
  transmit the digital certificate to the endpoint;
  
  receive a request to obtain an updated digital certificate;
  
  package at least the portion of certification information in a certificate update request; and
  
  obtain the updated digital certificate from the certificate authority based on the certificate update request;
  
  wherein the logic encoded in media is further operable to;
  
  transmit a hash to the endpoint prior to receipt of at least the portion of certification information, wherein the executed computer code in the receipt of the at least the portion of certification information is further operable to;
  
  receive a public key generated by the endpoint; and
  
  receive an encrypted hash, encrypted by a private key generated by the endpoint.
- View Dependent Claims (19)
- - 19. The logic of claim 18, wherein the logic encoded in media in the transmittal of the digital certificates to the endpoint is further operable to:
    - verify information on the digital certificate; and
      
      transmit the digital certificate to the endpoint only if the information is verified.

20. A method of establishing a digital certificate on an endpoint, the method comprising:
- establishing a connection with a proxy function module, whereinthe proxy function module is remotely located from the endpoint, andthe proxy function module is operable to communicate with the endpoint and a certificate authority;
  
  receiving digitally signed information from the proxy function module;
  
  authenticating the proxy function module by authenticating the digitally signed information at the endpoint;
  
  generating a private key at the endpoint;
  
  generating a public key at the endpoint, the public key complementary to the private key;
  
  receiving a hash at the endpoint from the proxy function module;
  
  encrypting the hash with the public key;
  
  transmitting the encrypted hash and the public key to the proxy function module, the proxy function module operable to package the encrypted hash and the public key in a certificate request and operable to obtain a digital certificate from a certificate authority based on the certificate request;
  
  receiving the digital certificate at the endpoint from the proxy function module; and
  
  transmitting a request to the proxy function module to obtain an updated digital certificate, the proxy function module operable to package the at least the portion of certification information in a certificate update request and operable to obtain the updated digital certificate from the certificate authority based on the certificate update request;
  
  encrypting a hash, andtransmitting the encrypted hash as at least a portion of the at least the portion of the certification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Bell, Robert T., Dexter, Douglas Q.
Primary Examiner(s)
Okeke, Izunna

Application Number

US11/042,901
Publication Number

US 20060174106A1
Time in Patent Office

3,654 Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

System and method for obtaining a digital certificate for an endpoint

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

System and method for obtaining a digital certificate for an endpoint

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others