Techniques for multiple independent verifications for digital certificates
First Claim
1. A method performed by a computing device, the method comprising:
- receiving, at the computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR;
verifying, at the computing device, that the 1CSR came from the CA;
performing a verification procedure on the embedded 2CSR at the computing device independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR; and
upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate from the computing device to the CA, the certificate validating the identity claim made by the entity in the 2CSR.
9 Assignments
0 Petitions
Accused Products
Abstract
A method includes (a) receiving, at a computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR, (b) verifying that the 1CSR came from the CA, (c) performing a verification procedure on the embedded 2CSR independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR, and (d) upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate to the CA, the certificate validating the identity claim made by the entity in the 2CSR.
58 Citations
15 Claims
-
1. A method performed by a computing device, the method comprising:
-
receiving, at the computing device, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR; verifying, at the computing device, that the 1CSR came from the CA; performing a verification procedure on the embedded 2CSR at the computing device independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR; and upon successfully validating the identity claim made by the entity in the 2CSR, sending a certificate from the computing device to the CA, the certificate validating the identity claim made by the entity in the 2CSR. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device comprising:
-
a network interface; memory; and a processor, the processor being configured to execute instructions stored in memory in order to; receive, via the network interface, a first certificate signing request (1CSR) from a certificate authority (CA), the 1CSR including an embedded second certificate signing request (2CSR), the 2CSR having been received by the CA from an entity seeking a signed certificate from the CA that validates an identity claim made by the entity in the 2CSR, the CA having performed a preliminary verification of the 2CSR prior to embedding it in the 1CSR; verify that the 1CSR came from the CA; perform a verification procedure on the embedded 2CSR at the computing device independent of the preliminary verification performed by the CA, to validate the identity claim made by the entity in the 2CSR; and upon successfully validating the identity claim made by the entity in the 2CSR, send a certificate from the computing device to the CA, the certificate validating the identity claim made by the entity in the 2CSR.
-
-
11. A method performed by a computing device, the method comprising:
-
receiving, at the computing device, a first certificate signing request (1CSR) from an entity seeking a signed certificate from the computing device that validates an identity claim made by the entity in the 1CSR; performing, at the computing device, a preliminary verification of the 1CSR by; determining whether a signature provided within the 1CSR by the entity was signed by a private key paired with a public key provided within the 1CSR; and determining whether the identity claim is valid based on a distinguished name included within the 1CSR; in response to determining that the signature was signed by the private key paired with the public key and that the identity claim is valid based on the distinguished name, sending, from the computing device to a notarization entity, a second certificate signing request (2CSR), the 2CSR having the 1CSR embedded therein; in response to sending the 2CSR to the notarization entity, receiving, at the computing device, a notarization certificate signed by the notarization entity; and in response to receiving the notarization certificate signed by the notarization entity, sending a signed certificate from the computing device, to the entity, the signed certificate validating the identity claim made by the entity in the 1CSR. - View Dependent Claims (12, 13, 14, 15)
-
Specification