Method and system for email identity validation
First Claim
1. A method comprising:
- providing a Server-based Certificate Validation Protocol (SCVP) server configured to;
receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party,compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be,wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party,send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs;
displaying, at an email client, a graphical representation of the degree of trust information,wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention uses Server-based Certificate Validation Protocol (SCVP) to validate the public key digital signature certificate of an email signer (or the public key encryption certificate of an email recipient) by using a modified SCVP server such that a trustworthiness indicator based on certificate policies is included in an SCVP server response that maps the certificate policies asserted in the public key certificate of the email signer (or email recipient(s)) to graphically represent the degree of trust that can be attributed to the identities bound to public key certificates containing one or more certificate policies. The graphical representation of a trust level may appear directly in an email client and is based on the level of trust attributable to the binding between the public key distributed via a public key certificate (for signing or encryption) and the identity/attributes of the “subject” or “entity” contained in that certificate.
30 Citations
22 Claims
-
1. A method comprising:
-
providing a Server-based Certificate Validation Protocol (SCVP) server configured to; receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party, compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party, send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs; displaying, at an email client, a graphical representation of the degree of trust information, wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Non-transitory computer readable media containing program instructions for causing a computer to perform the following actions:
-
receive, from a relying party, a Server-based Certificate Validation Protocol (SCVP) request, the SCVP request comprising an end-entity certificate issued to an asserting party; compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party; send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs; displaying, at an email client, a graphical representation of the degree of trust information, wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.
-
-
12. A system comprising:
-
a Server-based Certificate Validation Protocol (SCVP) server comprising at least one processor and a memory, the SCVP server configured to; receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party, compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party, send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs; an email client configured to display a graphical representation of the degree of trust information, wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system comprising:
-
a Server-based Certificate Validation Protocol (SCVP) server comprising at least one processor and a memory, the SCVP server configured to; receive an SCVP request comprising an end-entity certificate issued to an asserting party, compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs trusted by a relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies the identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party, send the degree of trust information to the relying party in response to the SCVP request, displaying, at an email client, a graphical representation of the degree of trust information, the degree of trust information being based on the comparison of policy OIDs; wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party, and wherein the relying party is an email recipient and the SCVP request is sent to the SCVP server upon the asserting party sending an email to the relying party.
-
Specification