Binding a digital certificate to multiple trust domains

US 8,793,487 B2
Filed: 01/16/2009
Issued: 07/29/2014
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

processing, by a computer, automated application or validation utilities within at least two different trust domains using a single entity digital certificate, which can be relied upon by the automated application or validation utilities in the at least two different trust domains,identifying, by a computer, each of the at least two different trust domains having its own policy regime governing use of digital certificates, each policy regime to which the single entity digital certificate is alternately to be bound in connection with subject transactions being uniquely identified within the single entity digital certificate by an object identifier that refers to one of the at least two different trust domains, and the single entity digital certificate (i) including certificate profiles required by each of the at least two different trust domains, and (ii) chaining to multiple issuer certificates, each containing a common public key corresponding to a private certificate signing key used by an issuing entity to sign the single entity digital certificate,wherein said computer implemented method is performed within a public key infrastructure system that does not employ policy mapping between or among the at least two different trust domains and does not link any pair of the at least two different trust domains via cross-certificates.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A public key infrastructure comprising a participant that issues digital certificates. Each digital certificate can be relied upon in at least two different trust domains. The public key infrastructure does not employ policy mapping between or among the trust domains. Furthermore, the public key infrastructure does not link any pair of trust domains via cross-certificates. Just one trust domain is bound to the digital certificate at any given moment. The current trust domain that is to be bound to the digital certificate is elected by a relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.

190 Citations

15 Claims

1. A computer implemented method comprising:
- processing, by a computer, automated application or validation utilities within at least two different trust domains using a single entity digital certificate, which can be relied upon by the automated application or validation utilities in the at least two different trust domains,identifying, by a computer, each of the at least two different trust domains having its own policy regime governing use of digital certificates, each policy regime to which the single entity digital certificate is alternately to be bound in connection with subject transactions being uniquely identified within the single entity digital certificate by an object identifier that refers to one of the at least two different trust domains, and the single entity digital certificate (i) including certificate profiles required by each of the at least two different trust domains, and (ii) chaining to multiple issuer certificates, each containing a common public key corresponding to a private certificate signing key used by an issuing entity to sign the single entity digital certificate,wherein said computer implemented method is performed within a public key infrastructure system that does not employ policy mapping between or among the at least two different trust domains and does not link any pair of the at least two different trust domains via cross-certificates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein at least one of the at least two different trust domains is a closed contractual domain.
  - 3. The method of claim 1, wherein at least one of the at least two different trust domains is an open trust domain.
  - 4. The method of claim 3, wherein the single entity digital certificate is qualified under a law of a European country that complies with European Digital Signature Directive.
  - 5. The method of claim 1, wherein just one of the at least two different trust domains is bound to the single entity digital certificate at any given moment.
  - 6. The method of claim 1, wherein the single entity digital certificate is relied upon by a relying party;
    - anda current trust domain that is to be bound to the single entity digital certificate is elected by the relying party at the time of reliance, based upon a specific certificate validation methodology selected by the relying party.
  - 7. The method of claim 6, wherein the specific certificate validation methodology is a methodology from a group of methodologies consisting of:
    - a signed validation request made via an Online Certificate Status Protocol; and
      
      making reference to a publicly posted Certificate Revocation List issued by a participant.
  - 8. The method of claim 1, wherein the at least two different trust domains have different rules governing liability, recourse, and dispute resolution.
  - 9. The method of claim 1, wherein the object identifier comprises at least one of:
    - a customer agreement;
      
      documents incorporated by reference in a customer agreement;
      
      public law under which a policy is enforced;
      
      a Certificate Policy;
      
      a Certification Practices Statement;
      
      public law under which digital signatures are locally enforceable and digital certificates are locally valid.
  - 10. The method of claim 1, wherein a first one of the at least two different trust domains is trust anchored by a root digital certificate issued to a participant, and a second one of the at least two different trust domains is trust anchored by a digital certificate self-signed by a certificate authority of the participant.
  - 11. The method of claim 1, wherein a first one of the at least two different trust domains is trust anchored by a first digital certificate that is issued to a participant by a first root certificate authority, and a second one of the at least two different trust domains is trust anchored by a second digital certificate that is issued to the participant by a second root certification authority.
  - 12. The method of claim 1, wherein a first one of the at least two different trust domains is trust anchored by a first digital certificate issued to a participant by a first root certificate authority, and a second one of the at least two different trust domains is trust anchored by a second digital certificate that is coupled to the participant by a bridge certification authority digital certificate.
  - 13. The method of claim 1, wherein a first object identifier of the single entity digital certificate comprises a string of numbers.
  - 14. The method of claim 1, wherein a first object identifier of the single entity digital certificate comprises an object identifier that identifies a participant.
  - 15. The method of claim 1, wherein a first object identifier of the single entity digital certificate comprises identification information of an issuer of the single entity digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IdenTrust, Inc. (Assa Abloy AB)
Original Assignee
IdenTrust, Inc. (Assa Abloy AB)
Inventors
Epstein, William C., Miller, Lawrence R.
Primary Examiner(s)
Pearson, David
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US12/321,260
Publication Number

US 20090210703A1
Time in Patent Office

2,020 Days
Field of Search

713/157
US Class Current

713/157
CPC Class Codes

G06F 21/33   using certificates

G06Q 20/02   involving a neutral party, ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 9/006   involving public key infras...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3265   using certificate chains, t...

Binding a digital certificate to multiple trust domains

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

190 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Binding a digital certificate to multiple trust domains

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links