Identity-based certificate management
First Claim
Patent Images
1. A method performed by a computer system for validating a digital certificate issued to a client system and associated with a specific client identity, the method comprising:
- receiving the digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period identifier, the user identifier corresponding to the specific client identity;
generating a first query to a directory service which includes a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity;
receiving the directory validity time value for the specific client identity returned by the directory service in response to the first query;
validating the digital certificate, wherein validating the digital certificate comprises determining that a certificate validity period specified by the certificate validity period identifier is later than the received directory validity time value; and
revoking the digital certificate in response to a modification of the directory validity time value to a value associated with the current date and time.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods for managing digital certificates, including issuance, validation, and revocation are disclosed. Various embodiments involve querying a directory service with entries that correspond to a particular client identity and have attributes including certificate issuance limits and certificate validity time values. The validity time values are adjustable to revoke selectively the certificates based upon time intervals set forth in validity identifiers included therein.
35 Citations
17 Claims
-
1. A method performed by a computer system for validating a digital certificate issued to a client system and associated with a specific client identity, the method comprising:
-
receiving the digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period identifier, the user identifier corresponding to the specific client identity; generating a first query to a directory service which includes a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity; receiving the directory validity time value for the specific client identity returned by the directory service in response to the first query; validating the digital certificate, wherein validating the digital certificate comprises determining that a certificate validity period specified by the certificate validity period identifier is later than the received directory validity time value; and revoking the digital certificate in response to a modification of the directory validity time value to a value associated with the current date and time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for validating a digital certificate issued to a client system and associated with a specific client identity, the system comprising:
-
a computing system comprising one or more computing devices, said computing system programmed via executable instructions to at least; receive the digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period indicator, the user identifier corresponding to the specific client identity; generate a first query to a directory service which includes a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity; receive the directory validity time value for the specific client identity returned by the directory service in response to the first query; and validate the digital certificate, wherein the computing system is programmed via executable instructions to at least validate the digital certificate by determining that a certificate validity period specified by the certificate validity period identifier is later than the received directory validity time value, and wherein the directory validity time value is editable to revoke the digital certificate that includes the user identifier. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer storage medium that comprises executable instructions that when executed by a computing system, directs the computing system to at least:
-
receive a digital certificate from the client system, the digital certificate including a user identifier and a certificate validity period indicator, the user identifier corresponding to the specific client identity; generate a first query to a directory service which includes a request for a first entry associated with the specific client identity, the first entry including a directory validity time value for the specific client identity; receive the directory validity time value for the specific client identity returned by the directory service in response to the first query; and validate the digital certificate, wherein validating the digital certificate comprises determining that a certificate validity period specified by the certificate validity period identifier is later than the received directory validity time value, and wherein the directory validity time value is editable to revoke the digital certificates that includes the user identifier. - View Dependent Claims (16, 17)
-
Specification