Certification process
First Claim
1. A method comprising the steps of:
- a certification authority interacting with a user to receive a password from the user;
receiving a user password from said user;
receiving and storing a password from a third party to form a stored password;
determining whether said user password is valid by comparing said user password to said stored password;
when said user password is concluded to be valid by said step of determining, developing a certificate core that comprises information that results from encryption of first data with a private key of the certification authority (CA-PrKey), which first data comprises a public key of the user and a short-lived expiration time of the certificate, anddelivering the certificate core to the user to be used at least as part of the certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
An improved secure communication arrangement separates the tasks of identity verification and certificate issuing, which allows a disassociating of the long-term binding between Alice and her public/private key pair. This is accomplished by a registration authority issuing a password to Alice once it is satisfied of Alice'"'"'s bona fide. Thereafter, whenever Alice wishes to communicate with Bob, she contacts a certification authority, identifies herself with the password and obtains a private key and a corresponding short-lived certificate. The certificate typically includes Alice'"'"'s name and a public key in plaintext, and a signature. The signature is derived by hashing the plaintext portion of the certificate to obtain a value, and encrypting the value with the CA'"'"'s private key. She then contacts Bob, submits her certificate, Bob performs the same hashing function to obtain a value, decrypts the signature with CA'"'"'s public key to obtain a decrypted value, and compares the value Bob created with the decrypted value. If the two match, Bob is assured that the person submitting the certificate may be communicated with by using the public key included in the certificate.
239 Citations
37 Claims
-
1. A method comprising the steps of:
-
a certification authority interacting with a user to receive a password from the user; receiving a user password from said user; receiving and storing a password from a third party to form a stored password; determining whether said user password is valid by comparing said user password to said stored password; when said user password is concluded to be valid by said step of determining, developing a certificate core that comprises information that results from encryption of first data with a private key of the certification authority (CA-PrKey), which first data comprises a public key of the user and a short-lived expiration time of the certificate, and delivering the certificate core to the user to be used at least as part of the certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method for responding to a connection request from a user comprising the steps of:
-
a certification authority receiving a password from a third party; said user receiving a certificate from said certification authority in response to a user password presented to said certification authority by said user; receiving said certificate, which contains information, including an expiration time; determining the certificate'"'"'s bona fide; refusing to continue the connection either when the certificate is not bona fide or when the expiration time has passed; and carrying on the connection with aid from a public key contained in the certificate, without reference to information regarding revocation of certificates, when the expiration time of the certificate has not yet arrived. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
Specification