Security infrastructure for electronic transactions

DC CAFC

US 5,745,574 A
Filed: 12/15/1995
Issued: 04/28/1998
Est. Priority Date: 12/15/1995
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A certification system for issuance, distribution and verification of public key certificates which may be used for secure and authentic electronic transactions over open networks, comprising computer processes implementing certification servers, certification clients and certification protocols, in which:

a. one or more first computer processes are associated with at least one initial (root) registration authority,b. one or more second computer processes are associated with policy certification authorities,c. one or more third computer processes are associated with certification authorities, andd. one or more end-user computer processes or application computer processes are associated with respective end-users or user applications, ande. said one or more second computer processes hold a data structure certified by said registration authority, said one or more third computer processes hold a data structure certified either by one of said policy certification authorities or other certification authorities, and end-user or application computer processes hold a data structure certified by one or more of said certification authorities,whereby users and applications of said system are logically located at end-points of certification chains in a certification infrastructure.

View all claims

8 Assignments

Timeline View

Assignment View

Litigations

4 Petitions

Accused Products

Abstract

A plurality of certification authorities connected by an open network are interrelated through an authentication and certification system for providing and managing public key certificates. The certification system with its multiple certification and its policies constitute a public key infrastructure facilitating secure and authentic transactions over an unsecure network. Security services for applications and users in the network are facilitated by a set of common certification functions accessible by well-defined application programming interface which allows applications to be developed independently of the type of underlying hardware platforms used, communication networks and protocols and security technologies.

409 Citations

34 Claims

1. A certification system for issuance, distribution and verification of public key certificates which may be used for secure and authentic electronic transactions over open networks, comprising computer processes implementing certification servers, certification clients and certification protocols, in which:
- a. one or more first computer processes are associated with at least one initial (root) registration authority,b. one or more second computer processes are associated with policy certification authorities,c. one or more third computer processes are associated with certification authorities, andd. one or more end-user computer processes or application computer processes are associated with respective end-users or user applications, ande. said one or more second computer processes hold a data structure certified by said registration authority, said one or more third computer processes hold a data structure certified either by one of said policy certification authorities or other certification authorities, and end-user or application computer processes hold a data structure certified by one or more of said certification authorities,whereby users and applications of said system are logically located at end-points of certification chains in a certification infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1 in which some of said certification authorities may also function as Trusted Third Parties.
  - 3. The system of claim 1 in which some of said certification authorities may also function as Escrow Agencies.
  - 4. The system of claim 1 in which some of said certification authorities may also function as a clearing house for or insurer of electronic transactions.
  - 5. The system of claim 1 in which some of said certification authorities may also function as Electronic Notaries.
  - 6. The system of claim 1 in which some of said certification authorities may also function as common repositories for electronic identities and public key certificates (Directories).
  - 7. The repository systems of claim 6 in which said common repositories may hold electronic identities and/or public key certificates of other certification authorities, users, applications and other components in the certification system.
  - 8. The repository systems of claim 6 in which said common certificate repositories may also hold certificate revocation lists for a plurality of computer processes in the certification system.
  - 9. The certification system of claim 1 in which one or more computer processes may access a storage area for storing various identification, authentication and authorization data structures, certificates and certificate revocation lists.
  - 10. The system of claim 1 in which one or more computer processes of the certification system may access storage areas for storing or fetching network configuration information, error codes and messages, or entity identification information.
  - 11. The certification system of claim 1 in which said data structures may be electronic addresses, electronic identities or public key certificates.
  - 12. The certification system of claim 1 in which each computer process may utilize a common application programming interface (API) either for remote access to that process or for access to encryption, certification and other local services.
  - 13. The certification system of claim 12 in which each computer process utilizes said common application programming interface comprising a set of programming primitives implementing certification protocol steps.
  - 14. The set of programming primitives of claim 13 in which one or more members of the set can be invoked by commands, by messages, by remote procedure calls or by any other type of computer procedure invocations.
  - 15. The API system of claim 12 in which the applications programming interfaces may be invoked by http commands.
  - 16. The API system of claim 12 in which the applications programming interfaces may be invoked by E-mail messages.
  - 17. The API system of claim 12 in which the applications programming interfaces may be invoked by a program to program communication.

18. In a certification system for secure communications containing computer processes arranged in a certification infrastructure, a method of requesting and issuing a public key certificate, comprising:
- a. at a requesting computer process, generating a data structure containing the data items required for a public key certificate, including a public key, self-signing the data structure and sending the signed data structure as a certificate signature request to a computer process authorized as an issuing certification authority, andb. at said computer process authorized as an issuing certification authority, verifying the authenticity of said request, and if authentic, certifying and returning the data structure in a certificate signature reply.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, further comprising:
    - storing the received signed certificate at said requesting computer process.
  - 20. The method of claim 18 further comprising:
    - storing the received signed certificate or copy of a signed certificate at a common certificate repository.
  - 21. The method of claim 18 performed when adding a new entity to a certification infrastructure, which entity may be policy certification authority, certification authority, application or end-user.
  - 22. The method of claim 18, performed upon expiration of an existing certificate, where the new certificate may contain either the existing or a new public key.

23. In a global network with secure communications containing computer processes arranged in a certification infrastructure, a method of verifying a signed data structure sent from a sender to a receiver, comprising:
- a. obtaining a public key certificate for every computer process in the infrastructure between the sender and a common point of trust in the infrastructure and,b. verifying the authenticity of signatures iteratively, beginning with the common point of trust.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The method of verifying of claim 23 in which a public key certificate for every computer process in the infrastructure between the sender and a common point of trust is also verified against all relevant certificate revocation lists.
  - 25. The method of verifying of claim 23 in which a public key certificate of a sender may also be verified by a direct inquiry to the certification authority which issued that certificate.
  - 26. The method of verifying of claim 23 in which a public key certificate for every computer process in the infrastructure between the sender and a common point of trust may be obtained from respective individual computer processes.
  - 27. The method of verifying of claim 23 in which a public key certificate for every computer process in the infrastructure may also be obtained from a common repository.

28. In a certification system for secure communications containing computer processes arranged in a certification infrastructure, a method of validating public key certificates comprising:
- using the certificate revocation lists of each computer process between a computer process or user whose certificate is being validated and a point of trust in common with the computer process or user which is validating the certificate to ensure the certificates being used in the validation process do not appear on any certificate revocation list.
- View Dependent Claims (29)
- - 29. The method of claim 28 in which retrieved certificate revocation lists are stored locally in the computer at which the certificate is being validated.

30. In a computer system for secure communications containing computer processes arranged in a certification infrastructure, a method of updating certificates comprising:
- a. at a first computer process, which possesses a certificates to be updated, updating the current certificate bya.1. receiving a new signed certificate from a computer process which is authorized to issue the new signed certificate,a.2. revoking the current certificate previously used for verification of certificates of subordinate computer processes,a.3. issuing new certificates to all subordinate computer processes for which certificates had been previously signed by the first computer process and copying to all subordinate computer processes the new certificate to be used for verification of new subordinate certificates, andb. iteratively performing the distribution of the new certificate to all subsequent subordinate computer processes, until all computer processes subordinate in the infrastructure to said first computer process have the new certificates.

31. In a certification system for secure communications containing computer processes arranged in a certification infrastructure, a method of adding a new computer process to the infrastructure comprising:
- a. adding a new component to a representation of a certification infrastructure at a location indicative of where the said computer process is to be added,b. creating entries in a certificate storage database at least at both said new computer process and at the computer process authorized to certify the said new process,c. obtaining a signed certificate for the said new computer process from said computer process authorized to certify the new process and storing it at the said new computer process.

32. In a certification system for secure communications containing computer processes arranged in a certification infrastructure, a method of deleting an existing computer process from the infrastructure comprising:
- a. notifying at least all computer processes certified by the existing process being deleted that said existing computer process is being deleted,b. revoking all certificates signed by said first computer process at said computer processes certified by the existing process being deleted, if any;
  
  c. obtain new certificates for each computer process previously being certified by the said existing computer process being deleted from another certification authority being authorized to certify these computer processes in the new certification infrastructure.
- View Dependent Claims (33)
- - 33. The method of claim 32 further comprising:
    - adding all certificates revoked to a certificate revocation list.

34. In a certification system for secure communications containing computer processes arranged in a certification infrastructure, a method of restructuring at least part of the certification infrastructure by deleting one or more certification authorities and adding said one or more certification authorities or new certification authorities so as to derive a modified form of the certification infrastructure.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Intellectual Ventures II LLC (Intellectual Ventures LLC)
Original Assignee
Entegrity Solutions
Inventors
Muftic, Sead
Primary Examiner(s)
Cain, David C.

Application Number

US08/573,025
Time in Patent Office

865 Days
Field of Search

380/23, 380/24, 380/25, 380/21, 380/49
US Class Current

713/157
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/007   involving hierarchical stru...

H04L 9/3268   using certificate validatio...

Security infrastructure for electronic transactions

First Claim

8 Assignments

Litigations

4 Petitions

Accused Products

Abstract

409 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Security infrastructure for electronic transactions

First Claim

8 Assignments

Subscription Required

Subscription Required

Litigations

4 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

409 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links