METHOD AND SYSTEM FOR DYNAMIC CERTIFICATE GENERATION USING VIRTUAL ATTRIBUTES

US 20080072039A1
Filed: 08/31/2006
Published: 03/20/2008
Est. Priority Date: 08/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate including a key used to encrypt messages to be sent to the client, the digital certificate stored by a directory server in a directory, the method comprising;

receiving a directory query for the digital certificate associated with the client;

requesting the CA to dynamically generate the digital certificate associated with the client if an entry associated with the client cannot be located in the directory in response to the directory query; and

publishing the dynamically generated digital certificate in the directory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server, method and/or computer-readable medium system for secure communication includes a certificate authority for generating certificates signed by the certificate authority and associated public and private keys for a client. The server further includes a directory of client attributes and client virtual attributes. At least one of the client virtual attributes is for, when receiving a query for a client that cannot be located in the directory, requesting the certificate authority to dynamically generate a certificate and associated public and private key for the client, and for storing the dynamically generated certificate and public key as a client attribute in the directory.

40 Citations

View as Search Results

23 Claims

1. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate including a key used to encrypt messages to be sent to the client, the digital certificate stored by a directory server in a directory, the method comprising;
- receiving a directory query for the digital certificate associated with the client;
  
  requesting the CA to dynamically generate the digital certificate associated with the client if an entry associated with the client cannot be located in the directory in response to the directory query; and
  
  publishing the dynamically generated digital certificate in the directory.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising storing a private key for the client dynamically generated by the CA in a secure memory to be accessed by the client after performing an authentication process.
  - 3. The method of claim 1, further comprising storing a private key for the client dynamically generated by the CA in a secure key repository associated with a data recovery manager to be accessed by the client after an authentication process is performed.
  - 4. The method of claim 1, wherein the directory includes an X.500 based directory and the directory query includes a Lightweight Directory Access Protocol (LDAP) query.
  - 5. An apparatus configured to perform the method of claim 1.
  - 6. A computer readable medium comprising computer executable instructions for performing the method of claim 1.

7. A method for secure transmission in a computer system having a certificate authority (CA) and a directory server, the CA capable of generating a digital certificate for a client, the digital certificate stored by the directory server in a directory, the method comprising:
- receiving a request from the directory server to generate a digital certificate for the client, an entry associated with the client not present in the directory;
  
  dynamically generating a digital certificate, a public key and a private key for the client; and
  
  storing the dynamically generated private key in a secure memory,wherein the secure memory is accessed by the client after performing a client authentication process.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the client authentication process includes a Kerberos authentication process.
  - 9. The method of claim 7, further comprising publishing the dynamically generated digital certificate and the public key in the directory, the directory including an X.500 based directory, the publishing of the dynamically generated digital certificate and the public key performed according to a Lightweight Directory Access Protocol (LDAP).
  - 10. The method of claim 7, wherein the storing the dynamically generated private key in the secure memory further includes storing the dynamically generated private key in a secure key repository using a data recovery manager.
  - 11. The method of claim 7, wherein the request from the directory server to generate the digital certificate is received based on a query for the digital certificate of the client, the directory server failing to locate the digital certificate for the client.
  - 12. An apparatus configured to perform the method of claim 7.
  - 13. A computer readable medium comprising computer executable instructions for performing the method of claim 7.

14. A server for providing secure communication according to a public key infrastructure, the server having a certificate authority (CA) and a directory, the CA capable of generating a digital certificate signed by the CA and an associated public key for a client, the digital certificate and the associated public key stored in the directory as a client attribute, the server comprising:
- a memory having the directory; and
  
  a processor coupled to the memory, the processor configured to;
  
  send a request to the CA when the client attribute for the client cannot be located in the directory in response to a directory query for one of the digital certificate and the associated public key for the client;
  
  dynamically generate a digital certificate, associated public key and a private key for the client in response to the request; and
  
  store the dynamically generated digital certificate and associated public key as the client attribute for the client in the directory.
- View Dependent Claims (15, 16)
- - 15. The server of claim 14, wherein the processor is further configured to store the dynamically generated private key in a secure portion of the memory to be accessed by the client after performing a client authentication process.
  - 16. The server of claim 14, wherein the processor is further configured to store the dynamically generated private key in a secure portion of the memory to be accessed by the client after a client authentication process, the client authentication process including Kerberos authentication process.

17. A server for providing secure communication, the server comprising:
- a storage device storing a directory; and
  
  a certificate authority (CA) coupled to the storage device, the CA capable of generating a digital certificate and a public key for a client, the CA storing the digital certificate and the public key in the directory as a client attribute, wherein;
  
  the directory includes a client virtual attribute generating a request to the CA when a query for the client attribute fails to locate a corresponding directory entry for the client; and
  
  the CA is configured to dynamically generate a digital certificate, an associated public key and a private key for the client in response to the request, and to store the dynamically generated digital certificate and the associated public key as the client attribute for the client in the directory.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The server of claim 17, wherein the client virtual attribute includes an executable script for causing the directory to automatically fetch the dynamically generated digital certificate and the associated public key.
  - 19. The server of claim 17, wherein the CA is further configured to store the dynamically generated private key in a secure portion of the storage device to be accessed by the client after performing a client authentication process.
  - 20. The server of claim 17, wherein the CA is further configured to store the dynamically generated private key in a secure portion of the storage device to be accessed by the client after a client authentication process, the client authentication process including Kerberos authentication process.
  - 21. The server of claim 17, wherein the directory is further configured to store the dynamically generated private key in a secure portion of the storage device to be accessed by the client after a client authentication process.
  - 22. The server of claim 17, further comprising a data recovery manager configured to store the dynamically generated private key in a secure key repository to be accessed by the client after performing a client authentication process.
  - 23. The server of claim 17, wherein the directory includes an X.500 directory model, the directory receiving the directory query according to a Lightweight Directory Access Protocol (LDAP).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert

Granted Patent

US 8,719,574 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/007   involving hierarchical stru...

H04L 9/3263   involving certificates, e.g...

METHOD AND SYSTEM FOR DYNAMIC CERTIFICATE GENERATION USING VIRTUAL ATTRIBUTES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR DYNAMIC CERTIFICATE GENERATION USING VIRTUAL ATTRIBUTES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links