Identity management certificate operations
First Claim
Patent Images
1. A method comprising:
- establishing a secure connection between a client computing system and an identity management system for the client computing system using a Kerberos authentication protocol that uses symmetric-key cryptography;
receiving, by a processing device in the identity management system, a request from the client computing system over the secure connection to perform a certificate operation associated with a certificate, wherein the certificate operation comprises at least one of requesting issuance of the certificate, renewing the certificate, checking a request status of the certificate, retrieving the certificate from a certificate authority (CA) system, putting the certificate on hold, removing the certificate from being on hold, or revoking the certificate;
determining to approve the request from the client computing system;
sending, by a registration authority (RA) at the identity management system, a proxy of the request to the CA system to perform the certificate operation in response to determining to approve the request, wherein the RA is a trusted manager of the CA system and uses the authentication of the secure connection between the identity management system and the client computing system to send the proxy of the request to the CA system which performs the certificate operation without authenticating the request; and
receiving, by the RA, a reply from the CA system in response to sending the proxy of the request to perform the certificate operation to the CA system and sending the reply to the client computing system without user intervention at the client computing system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for identity management certificate operations is described.
-
Citations
18 Claims
-
1. A method comprising:
-
establishing a secure connection between a client computing system and an identity management system for the client computing system using a Kerberos authentication protocol that uses symmetric-key cryptography; receiving, by a processing device in the identity management system, a request from the client computing system over the secure connection to perform a certificate operation associated with a certificate, wherein the certificate operation comprises at least one of requesting issuance of the certificate, renewing the certificate, checking a request status of the certificate, retrieving the certificate from a certificate authority (CA) system, putting the certificate on hold, removing the certificate from being on hold, or revoking the certificate; determining to approve the request from the client computing system; sending, by a registration authority (RA) at the identity management system, a proxy of the request to the CA system to perform the certificate operation in response to determining to approve the request, wherein the RA is a trusted manager of the CA system and uses the authentication of the secure connection between the identity management system and the client computing system to send the proxy of the request to the CA system which performs the certificate operation without authenticating the request; and receiving, by the RA, a reply from the CA system in response to sending the proxy of the request to perform the certificate operation to the CA system and sending the reply to the client computing system without user intervention at the client computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
one or more processing devices, in an identity management system for a client computing system, to; establish a secure connection between the client computing system and the identity management system using a Kerberos authentication protocol that uses symmetric-key cryptography; receive a request from the client computing system over the secure connection to perform a certificate operation associated with a certificate, wherein the certificate operation comprises at least one of requesting issuance of the certificate, renewing the certificate, checking a request status of the certificate, retrieving the certificate from a certificate authority (CA) system, putting the certificate on hold, removing the certificate from being on hold, or revoking the certificate; determine to approve the request from the client computing system; send, by a registration authority (RA) at the identity management system, a proxy of the request to the CA system to perform the certificate operation in response to the determination to approve the request, wherein the RA is a trusted manager of the CA system and uses the authentication of the secure connection between the identity management system and the client computing system to send the proxy of the request to the CA system which is to perform the certificate operation without authentication of the request; and receive, by the RA, a reply from the CA system in response to the delivery of the proxy of the request to perform the certificate operation to the CA system and send the reply to the client computing system without user intervention at the client computing system. - View Dependent Claims (12, 13, 14, 15)
-
16. A non-transitory machine-readable storage medium having instructions that, when executed by a processing device, cause the processing device to:
-
establish a secure connection between a client computing system and an identity management system for the client computing system using a Kerberos authentication protocol that uses symmetric-key cryptography; receive, by the processing device in the identity management system, a request from the client computing system over the secure connection to perform a certificate operation associated with a certificate, wherein the certificate operation comprises at least one of requesting issuance of the certificate, renewing the certificate, checking a request status of the certificate, retrieving the certificate from a certificate authority (CA) system, putting the certificate on hold, removing the certificate from being on hold, or revoking the certificate; determine to approve the request from the client computing system; send, by a registration authority (RA) at the identity management system, a proxy of the request to the CA system to perform the certificate operation in response to the determination to approve the request, wherein the RA is a trusted manager of the CA system and uses the authentication of the secure connection between the identity management system and the client computing system to send the proxy of the request to the CA system which is to perform the certificate operation without authentication of the request; and receive, by the RA, a reply from the CA system in response to the delivery of the proxy of the request to perform the certificate operation to the CA system and send the reply to the client computing system without user intervention at the client computing system. - View Dependent Claims (17, 18)
-
Specification