Using authentication certificates for authorization
First Claim
1. A method comprising:
- receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain having at least one certificate; and
using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment of the invention is a method to use authentication certificates to authorize peers to particular applications. In addition to using authentication certificates to authenticate the identity and trustworthiness of a peer, authentication certificates are additionally used to authorize peers to particular applications. A list of certificates is maintained in a Peer Authorized Certificate Store (PACS), where the certificates may comprise any combination of root certificates, intermediate certificates, and peer certificates. When an authentication certificate is received from a peer, the peer is authenticated using the authentication certificate; and authorized by checking the authentication certificate against a Peer Authorized Certificate Store (PACS).
90 Citations
30 Claims
-
1. A method comprising:
-
receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain having at least one certificate; and
using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
receiving an authentication certificate from a peer requesting a secure connection to an application, the authentication certificate including a certificate chain that includes at least a root certificate; and
using the authentication certificate to authenticate the peer;
using the authentication certificate to authorize the peer to the application by accessing a peer authorized certificates store (PACS) that stores authorized certificates. - View Dependent Claims (5, 6)
-
-
7. A machine-readable medium having stored thereon data representing sequences of instructions, the sequences of instructions which, when executed by a processor, cause the processor to perform the following:
-
determine if a peer is authentic by authenticating an authentication certificate sent by the peer, the authentication certificate including at least a root certificate in a certificate chain; and
determine if the peer is authorized to an application requested by the peer by using a peer authorized certificate store (PACS). - View Dependent Claims (8, 9)
-
-
10. An apparatus comprising:
-
a receiver to receive on a first peer an authentication certificate from a second peer, the authentication certificate having a chain of certificates including at least one certificate, and the authentication certificate associated with a request for a secure connection to an application;
a checker to determine if any certificate in the chain of certificates exists in a peer authorized certification authorities store (PACS), and if at least one certificate exists in the PACS, the checker to additionally determine if the PACS indicates the at least one certificate is authorized to the application; and
a validator to authorize the second peer to the application if at least one certificate in the chain of certificates exists in the PACS, and is authorized for the application. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
means for receiving on a first peer an authentication certificate from a second peer, the authentication certificate having a chain of certificates including at least one certificate, and the authentication certificate associated with a request for a secure connection to an application;
means for determining if any certificate in the chain of certificates exists in a peer authorized certification authorities store (PACS), and if at least one certificate exists in the PACS, the checker to additionally determine if the PACS indicates the at least one certificate is authorized to the application; and
means for authorizing the second peer to the application if the peer distinguished name exists on the PACS, and is authorized to the application. - View Dependent Claims (17, 18, 19)
-
-
20. A system comprising:
-
a receiver to receive an authentication certificate having a certificate chain including at least one certificate that is a root certificate;
an authenticator to determine if a peer is authentic; and
an authorizer to determine if a peer is authorized to a given application on the system by determining if any certificate in the certificate chain exists in a peer authorized certification authorities store (PACS) and indicates authorization to the application. - View Dependent Claims (21, 22)
-
-
23. A system comprising:
-
a second peer in a network of systems to send an authentication certificate to a first peer, the authentication certificate having a certificate chain that includes at least one certificate that is a root certificate; and
in response to the second peer sending the authentication certificate, the first peer to determine if the second peer is authorized to an application on a system corresponding to the first peer by determining if any certificate in the certificate chain exists in a peer authorized certification authorities store (PACS) and indicates authorization for the application. - View Dependent Claims (24, 25, 26)
-
-
27. An apparatus comprising:
-
at least one processor; and
a machine-readable medium having instructions encoded thereon, which when executed by the processor, are capable of directing the processor to;
determine if a peer is authentic by authenticating an authentication certificate sent by the peer, the authentication certificate including at least a root certificate in a certificate chain; and
determine if the peer is authorized to an application requested by the peer by using a peer authorized certificate store (PACS). - View Dependent Claims (28, 29, 30)
-
Specification