Enhanced certificate authority

US 9,947,008 B1
Filed: 10/21/2015
Issued: 04/17/2018
Est. Priority Date: 10/22/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system for managing digital certificates, said computer system comprising:

one or more communicatively coupled processors, said one or more processors forming a Certificate authority CA computer system configured to perform the steps of;

receiving, at said CA computer system, a request for a Proxy digital certificate (PCERT) from a user desiring said PCERT from said Certificate Authority, said request containing one or more proxy request data elements, said proxy request data elements comprising the actual data for each user related data field and/or a pointer to the location of said actual data, said user related data information being the data information required by said CA computer system to accomplish (directly or via third parties) the one or more registration validation actions necessary to establish the bona fides of said user and perform said user registration within the system;

providing, upon said bona fides satisfaction, said user with said (PCERT), any suitable PCERT ancillary data and one or more PCERT data elements associated with said one or more proxy request data elements;

receiving, by said CA computer system, a request for a Transactional Digital Certificate (TCERT) from a user, said request containing the desired one or more TCERT user data elements and establishing the existence of a valid one or more PCERT in real time at the time of said TCERT generation upon request, performing certificate validation of one or more of said TCERT request data elements at the time of said TCERT request, said PCERT data elements and/or said one or more PCERT, and upon acceptance generating said TCERT digital certificate and any suitable TCERT ancillary data for said user; and

transmitting, by said CA computer system, said TCERT digital certificate and any appropriate TCERT ancillary data to said user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enhanced certificate authority system and method allows for the enhanced security, validation and Multi-Factor Authentication of user'"'"'s within a digital signature and transaction system through the creation and management of a user'"'"'s Digital Identity certificate so that through an enhanced certificate authority a user'"'"'s identity and bona fides may be both protected and established across a diversity of electronic devices and transactions.

29 Citations

View as Search Results

13 Claims

1. A computer system for managing digital certificates, said computer system comprising:
- one or more communicatively coupled processors, said one or more processors forming a Certificate authority CA computer system configured to perform the steps of;
  
  receiving, at said CA computer system, a request for a Proxy digital certificate (PCERT) from a user desiring said PCERT from said Certificate Authority, said request containing one or more proxy request data elements, said proxy request data elements comprising the actual data for each user related data field and/or a pointer to the location of said actual data, said user related data information being the data information required by said CA computer system to accomplish (directly or via third parties) the one or more registration validation actions necessary to establish the bona fides of said user and perform said user registration within the system;
  
  providing, upon said bona fides satisfaction, said user with said (PCERT), any suitable PCERT ancillary data and one or more PCERT data elements associated with said one or more proxy request data elements;
  
  receiving, by said CA computer system, a request for a Transactional Digital Certificate (TCERT) from a user, said request containing the desired one or more TCERT user data elements and establishing the existence of a valid one or more PCERT in real time at the time of said TCERT generation upon request, performing certificate validation of one or more of said TCERT request data elements at the time of said TCERT request, said PCERT data elements and/or said one or more PCERT, and upon acceptance generating said TCERT digital certificate and any suitable TCERT ancillary data for said user; and
  
  transmitting, by said CA computer system, said TCERT digital certificate and any appropriate TCERT ancillary data to said user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer system of claim 1 wherein;
    - said TCERT request data elements are comprised of one or more of the following possible TCERT data elements to be included in said TCERT;
      
      actual user data and/or a pointer to the location of said user data and/or user data field names and/or tokenized values and/or visual references to data; and
      
      if a portable PCERT and/or TCERT is desired, said PCERT ancillary data and/or said TCERT ancillary data contains a CA generated PrK/PubK key pair to be communicated to said user.
  - 3. The computer system of claim 2 further comprising;
    - said request for a certificate validation of said TCERT request data elements and said PCERT include establishing the validity of each said TCERT data element at the time of said TCERT request; and
      
      said certificate validation of said TCERT includes said request being digitally signed by said user using said PCERT.
  - 4. The computer system of claim 3 further comprising;
    - said certificate validation of said TCERT request data elements and said PCERT include in addition the real-time multi-factor authentication (MFA) and verification of said user, wherein said MFA includes at least one of the following user interactions;
      
      telephonic, password, biometric, token (H/W and/or S/W), Password, Pincode, One Time Password, Biometrics (including Face, Finger, Iris, Veins, Voice and others), Machine generated unique codes, Machine Digital Signature, Machine Digital Signature on a secured cryptographic device token and/or Machine generated Unique Code on Secure Cryptographic Device token, LDAP, other authentication and/or authorization servers.
  - 5. The computer system of claim 2 further comprising;
    - said request for a certificate validation of said TCERT request data elements and said PCERT include establishing the validity of each said TCERT data element at the time of said TCERT request; and
      
      said certificate validation of said TCERT request data elements and said PCERT include in addition the real-time multi-factor authentication (MFA) and verification of said user, wherein said MFA includes at least one of the following user interactions;
      
      telephonic, password, biometric, token (H/W and/or S/W), Password, Pincode, One Time Password, Biometrics (including Face, Finger, Iris, Veins, Voice and others), Machine generated unique codes, Machine Digital Signature, Machine Digital Signature on a secured cryptographic device token and/or Machine generated Unique Code on Secure Cryptographic Device token, LDAP, other authentication and/or authorization servers.

6. A computer system for managing digital certificates, said computerized system comprising:
- one or more communicatively coupled processors, said one or more processors forming a Certificate authority computer system (CACS) configured to perform the steps of;
  
  receiving, at said CA computer system, a request for a Proxy digital certificate (PCERT) from a user desiring said PCERT from said Certificate Authority, said request containing one or more proxy request data elements, said proxy request data elements comprising the actual data for each user related data field and/or a pointer to the location of said actual data, said user related data information being the data information required by said CA computer system to accomplish (directly or via third parties) the one or more registration validation actions necessary to establish the bona fides of said user and perform said user registration within the system;
  
  providing, upon said bona fides satisfaction, said user with said (PCERT), any suitable PCERT ancillary data and one or more PCERT data elements associated with said one or more proxy request data elements;
  
  receiving, by said CA computer system, a request for a Transactional Digital Certificate (TCERT) from a user, said request containing the desired one or more TCERT user data elements and establishing the existence of a valid one or more PCERT in real time at the time of said TCERT generation upon request, performing certificate validation of one or more of said TCERT request data elements at the time of said TCERT request, said PCERT data elements and/or said one or more PCERT, and upon acceptance generating said TCERT digital certificate and any suitable TCERT ancillary data for said user;
  
  performing certificate validation of one or more of said TCERT request data elements, said PCERT data elements and/or said PCERT, and upon acceptance transmitting to said user the values of the data fields included in said TCERT request;
  
  transmitting, to said CA a digitally signed request including said CA provided data values, said user PubK and digitally signed by the User;
  
  receiving, said data from said user, and generating a TCERT using said information; and
  
  transmitting, by said CA computer system, said TCERT digital certificate and any appropriate TCERT ancillary data to said user.
- View Dependent Claims (7, 8)
- - 7. The computerized system of claim 6 further comprising;
    - said request for a certificate validation of said TCERT request data elements include establishing the validity of the data in each said data element at the time of said TCERT emission.
  - 8. The computerized system of claim 7 further comprising;
    - said certificate validation of said TCERT request data elements include in addition the real-time multi-factor authentication (MFA) and verification of said user, wherein said MFA includes at least one of the following user interactions;
      
      telephonic, password, biometric, token (H/W and/or S/W), Password, Pincode, One Time Password, Biometrics (including Face, Finger, Iris, Veins, Voice and others), Machine generated unique codes, Machine Digital Signature, Machine Digital Signature on a secured cryptographic device token and/or Machine generated Unique Code on Secure Cryptographic Device token, LDAP, other authentication and/or authorization servers.

9. A method of managing digital certificates, by a computer system, said method comprising the steps of;
- providing one or more communicatively coupled processors, said one or more processors forming a Certificate authority computer system (CACS);
  
  receiving, at said CA computer system, a request for a Proxy digital certificate (PCERT) from a user desiring said PCERT from said Certificate Authority, said request containing one or more proxy request data elements, said proxy request data elements comprising the actual data for each user related data field and/or a pointer to the location of said actual data, said user related data information being the data information required by said CA computer system to accomplish (directly or via third parties) the one or more registration validation actions necessary to establish the bona fides of said user and perform said user registration within the system;
  
  providing, upon said bona fides satisfaction, said user with said (PCERT), any suitable PCERT ancillary data and one or more PCERT data elements associated with said one or more proxy request data elements;
  
  receiving, by said CA computer system, a request for a Transactional Digital Certificate (TCERT) from a user, said request containing the desired one or more TCERT user data elements and establishing the existence of a valid one or more PCERT in real time at the time of said TCERT generation upon request, performing certificate validation of one or more of said TCERT request data elements at the time of said TCERT request, said PCERT data elements and/or said one or more PCERT, and upon acceptance generating said TCERT digital certificate and any suitable TCERT ancillary data for said user; and
  
  transmitting, by said CA computer system, said TCERT digital certificate and any appropriate TCERT ancillary data to said user.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9 wherein;
    - said TCERT request data elements are comprised of one or more of the following possible TCERT data elements to be included in said TCERT;
      
      actual user data and/or a pointer to the location of said user data and/or user data field names and/or tokenized values and/or visual references to data; and
      
      if a portable PCERT and/or TCERT is desired, said PCERT ancillary data and/or said TCERT ancillary data contains a CA generated PrK/PubK key pair to be communicated to said user.
  - 11. The method of claim 10 wherein;
    - said request for a certificate validation of said TCERT request data elements and said PCERT include establishing the validity of each said TCERT data element at the time of said TCERT request; and
      
      said certificate validation of said TCERT includes said request being digitally signed by said user using said PCERT.
  - 12. The method of claim 11 wherein;
    - said certificate validation of said TCERT request data elements and said PCERT include in addition the real-time multi-factor authentication (MFA) and verification of said user, wherein said MFA includes at least one of the following user interactions;
      
      telephonic, password, biometric, token (H/W and/or S/W), Password, Pincode, One Time Password, Biometrics (including Face, Finger, Iris, Veins, Voice and others), Machine generated unique codes, Machine Digital Signature, Machine Digital Signature on a secured cryptographic device token and/or Machine generated Unique Code on Secure Cryptographic Device token, LDAP, other authentication and/or authorization servers.
  - 13. The method of claim 10 wherein;
    - said request for a certificate validation of said TCERT request data elements and said PCERT include establishing the validity of each said TCERT data element at the time of said TCERT request; and
      
      said certificate validation of said TCERT request data elements and said PCERT include in addition to the real-time multi-factor authentication (MFA) and verification of said user, wherein said MFA includes at least one of the following user interactions;
      
      telephonic, password, biometric, token (H/W and/or S/W), Password, Pincode, One Time Password, Biometrics (including Face, Finger, Iris, Veins, Voice and others), Machine generated unique codes, Machine Digital Signature, Machine Digital Signature on a secured cryptographic device token and/or Machine generated Unique Code on Secure Cryptographic Device token, LDAP, other authentication and/or authorization servers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Urayoan Camacho Diaz
Original Assignee
Urayoan Camacho Diaz
Inventors
Camacho Diaz, Urayoan
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/918,865
Time in Patent Office

909 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/38215   Use of certificates or encr...

G06Q 20/40145   Biometric identity checks

G06Q 2220/00   Business processing using c...

Enhanced certificate authority

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Enhanced certificate authority

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others