Method and system for email identity validation

US 9,438,428 B2
Filed: 05/12/2014
Issued: 09/06/2016
Est. Priority Date: 05/12/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a Server-based Certificate Validation Protocol (SCVP) server configured to;

receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party,compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be,wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party,send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs;

displaying, at an email client, a graphical representation of the degree of trust information,wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention uses Server-based Certificate Validation Protocol (SCVP) to validate the public key digital signature certificate of an email signer (or the public key encryption certificate of an email recipient) by using a modified SCVP server such that a trustworthiness indicator based on certificate policies is included in an SCVP server response that maps the certificate policies asserted in the public key certificate of the email signer (or email recipient(s)) to graphically represent the degree of trust that can be attributed to the identities bound to public key certificates containing one or more certificate policies. The graphical representation of a trust level may appear directly in an email client and is based on the level of trust attributable to the binding between the public key distributed via a public key certificate (for signing or encryption) and the identity/attributes of the “subject” or “entity” contained in that certificate.

30 Citations

View as Search Results

22 Claims

1. A method comprising:
- providing a Server-based Certificate Validation Protocol (SCVP) server configured to;
  
  receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party,compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be,wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party,send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs;
  
  displaying, at an email client, a graphical representation of the degree of trust information,wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the relying party is an email recipient and the SCVP request is sent to the SCVP server upon receipt of an email from the asserting party.
  - 3. The method of claim 2, wherein the end-entity certificate is a digital signature certificate and the email from the asserting party includes a digital signature.
  - 4. The method of claim 1, wherein the relying party is an email sender and the SCVP request is sent to the SCVP server upon a selection to encrypt an email by the email sender.
  - 5. The method of claim 4, wherein the end-entity certificate is an encryption certificate issued to an intended email recipient.
  - 6. The method of claim 1, wherein the SCVP server compares policy OIDs asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party by referring to a client policy database where the policy OIDs expressly trusted by the relying party are identified.
  - 7. The method of claim 6, wherein a client administrator associated with the relying party identifies which policy OIDs are to be expressly trusted by the relying party, and wherein identifiers of the expressly trusted policy OIDs are stored in the client policy database.
  - 8. The method of claim 1, wherein an analysis module at a workstation of the relying party analyzes the degree of trust information to determine which graphical representation to display to the relying party at the workstation.
  - 9. The method of claim 1, wherein the degree of trust information comprises a graphical user interface (GUI) messaging extension.
  - 10. The method of claim 1, wherein the comparing policy OIDs asserted in the end-entity certificate to the policy OIDs expressly trusted by the relying party comprises using an issuing authority level mapping that compares policy OIDs of one or more certification authorities, including the certification authority that issued the end-entity certificate to the asserting party, and identifies which policy OIDs of the one or more certification authorities correspond to one or more of the policy OIDs expressly trusted by the relying party.

11. Non-transitory computer readable media containing program instructions for causing a computer to perform the following actions:
- receive, from a relying party, a Server-based Certificate Validation Protocol (SCVP) request, the SCVP request comprising an end-entity certificate issued to an asserting party;
  
  compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party;
  
  send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs;
  
  displaying, at an email client, a graphical representation of the degree of trust information,wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.

12. A system comprising:
- a Server-based Certificate Validation Protocol (SCVP) server comprising at least one processor and a memory, the SCVP server configured to;
  
  receive, from a relying party, an SCVP request, the SCVP request comprising an end-entity certificate issued to an asserting party,compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party,send the degree of trust information to the relying party in response to the SCVP request, the degree of trust information being based on the comparison of policy OIDs;
  
  an email client configured to display a graphical representation of the degree of trust information,wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The system of claim 12, wherein the relying party is an email recipient and the SCVP request is sent to the SCVP server upon receipt of an email from the asserting party.
  - 14. The system of claim 13, wherein the end-entity certificate is a digital signature certificate and the email from the asserting party includes a digital signature.
  - 15. The system of claim 12, wherein the relying party is an email sender and the SCVP request is sent to the SCVP server upon a selection to encrypt an email by the email sender.
  - 16. The system of claim 15, wherein the end-entity certificate is an encryption certificate issued to an intended email recipient.
  - 17. The system of claim 12, wherein the SCVP server compares policy OIDs asserted in the end-entity certificate to policy OIDs expressly trusted by the relying party by referring to a client policy database where the policy OIDs expressly trusted by the relying party are identified.
  - 18. The system of claim 17, wherein a client administrator associated with the relying party identifies which policy OIDs are to be expressly trusted by the relying party, and wherein identifiers of the expressly trusted policy OIDs are stored in the client policy database.
  - 19. The system of claim 12, wherein an analysis module at a workstation of the relying party analyzes the degree of trust information to determine which graphical representation to display to the relying party at the workstation.
  - 20. The system of claim 12, wherein the degree of trust information comprises a graphical user interface (GUI) messaging extension.
  - 21. The system of claim 12, wherein the comparing policy OIDs asserted in the end-entity certificate to the policy OIDs expressly trusted by the relying party comprises using an issuing authority level mapping that compares policy OIDs of one or more certification authorities, including the certification authority that issued the end-entity certificate to the asserting party, and identifies which policy OIDs of the one or more certification authorities correspond to one or more of the policy OIDs expressly trusted by the relying party.

22. A system comprising:
- a Server-based Certificate Validation Protocol (SCVP) server comprising at least one processor and a memory, the SCVP server configured to;
  
  receive an SCVP request comprising an end-entity certificate issued to an asserting party,compare policy object identifier(s) (OIDs) asserted in the end-entity certificate to policy OIDs trusted by a relying party to determine a degree of trust information, the degree of trust information representing how likely the asserting party is who they claim to be, wherein the policy OIDs asserted in the end-entity certificate correspond to policies of a certification authority that issued the end-entity certificate to the asserting party, wherein the policy of the certification authority specifies the identity-proofing practices followed by the certification authority when issuing the end-entity certificate to the asserting party, the identity-proofing practices comprise verifying the identity of the asserting party per the policies of the certification authority, before the certification authority issues the end-entity certificate to the asserting party,send the degree of trust information to the relying party in response to the SCVP request,displaying, at an email client, a graphical representation of the degree of trust information,the degree of trust information being based on the comparison of policy OIDs;
  
  wherein the degree of trust information represents a level of trust attributable to a binding between a public key distributed via the end-entity certificate and the identity of the asserting party,andwherein the relying party is an email recipient and the SCVP request is sent to the SCVP server upon the asserting party sending an email to the relying party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certipath Incorporated
Original Assignee
Certipath Incorporated
Inventors
Nigriny, Jeffrey Dean, Barry, Jeffrey Francis, Howard, Stephen P.
Primary Examiner(s)
Patel, Nirav B

Application Number

US14/275,422
Publication Number

US 20150326399A1
Time in Patent Office

848 Days
Field of Search

713/156, 713/170, 713/173, 713/175, 713/176
US Class Current

1/1
CPC Class Codes

H04L 2209/68   Special signature format, e...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Method and system for email identity validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for email identity validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links