METHOD AND SYSTEM FOR DYNAMIC CERTIFICATE GENERATION USING VIRTUAL ATTRIBUTES
First Claim
1. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate including a key used to encrypt messages to be sent to the client, the digital certificate stored by a directory server in a directory, the method comprising;
- receiving a directory query for the digital certificate associated with the client;
requesting the CA to dynamically generate the digital certificate associated with the client if an entry associated with the client cannot be located in the directory in response to the directory query; and
publishing the dynamically generated digital certificate in the directory.
1 Assignment
0 Petitions
Accused Products
Abstract
A server, method and/or computer-readable medium system for secure communication includes a certificate authority for generating certificates signed by the certificate authority and associated public and private keys for a client. The server further includes a directory of client attributes and client virtual attributes. At least one of the client virtual attributes is for, when receiving a query for a client that cannot be located in the directory, requesting the certificate authority to dynamically generate a certificate and associated public and private key for the client, and for storing the dynamically generated certificate and public key as a client attribute in the directory.
40 Citations
23 Claims
-
1. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate including a key used to encrypt messages to be sent to the client, the digital certificate stored by a directory server in a directory, the method comprising;
-
receiving a directory query for the digital certificate associated with the client; requesting the CA to dynamically generate the digital certificate associated with the client if an entry associated with the client cannot be located in the directory in response to the directory query; and publishing the dynamically generated digital certificate in the directory. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate stored by the directory server in a directory, the method comprising:
-
receiving a request from the directory server to generate a digital certificate for the client, an entry associated with the client not present in the directory; dynamically generating a digital certificate, a public key and a private key for the client; and storing the dynamically generated private key in a secure memory, wherein the secure memory is accessed by the client after performing a client authentication process. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A server for providing secure communication according to a public key infrastructure, the server having a certificate authority (CA) and a directory, the CA capable of generating a digital certificate signed by the CA and an associated public key for a client, the digital certificate and the associated public key stored in the directory as a client attribute, the server comprising:
-
a memory having the directory; and a processor coupled to the memory, the processor configured to; send a request to the CA when the client attribute for the client cannot be located in the directory in response to a directory query for one of the digital certificate and the associated public key for the client; dynamically generate a digital certificate, associated public key and a private key for the client in response to the request; and store the dynamically generated digital certificate and associated public key as the client attribute for the client in the directory. - View Dependent Claims (15, 16)
-
-
17. A server for providing secure communication, the server comprising:
-
a storage device storing a directory; and a certificate authority (CA) coupled to the storage device, the CA capable of generating a digital certificate and a public key for a client, the CA storing the digital certificate and the public key in the directory as a client attribute, wherein; the directory includes a client virtual attribute generating a request to the CA when a query for the client attribute fails to locate a corresponding directory entry for the client; and the CA is configured to dynamically generate a digital certificate, an associated public key and a private key for the client in response to the request, and to store the dynamically generated digital certificate and the associated public key as the client attribute for the client in the directory. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification