Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
2007-10-30
2007-10-30
Barron, Gilberto (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S175000
Reexamination Certificate
active
09715350
ABSTRACT:
An apparatus and method collects, for a community of interest, at least one cross certificate associated with an anchor certificate issuing unit, and obtains at least one certificate issuing unit public key and an associated unique identifier for a cross-certified certificate issuing unit identified by the at least one cross certificate. For example, a certificate issuing unit, client unit, or other suitable unit, searches for one or up to all certification authorities or certificate issuing units that it can trust based on cross certificate chains. This is done, for example, from a given trust anchor. The apparatus selects those obtained certificates that satisfy, for example, some search criteria, such as what policy must be enforced in each certificate, for example, the allowed path length or depth that the apparatus is allowed to evaluate, and creates a signed certificate set, such as a list of all trusted certificate issuing units from the perspective of a given trust anchor. Accordingly, the apparatus and method creates a signed certificate set identifying certificate issuing units determined to be trusted by the anchor certificate issuing unit based on the cross certificates that the apparatus obtained. The signed certificate set includes at least a unique identifier of each trusted certificate issuing unit, such as the distinguished name (DN) of the certificate issuing unit, and public key of each trusted certificate issuing unit.
REFERENCES:
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5224163 (1993-06-01), Gasser et al.
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5666416 (1997-09-01), Micali
patent: 5671280 (1997-09-01), Rosen
patent: 5687235 (1997-11-01), Perlman et al.
patent: 5745574 (1998-04-01), Muftic
patent: 5745886 (1998-04-01), Rosen
patent: 5958050 (1999-09-01), Griffin et al.
patent: 6134550 (2000-10-01), Van Oorschot et al.
patent: 6247127 (2001-06-01), Vandergeest
patent: 6304974 (2001-10-01), Samar
patent: 6308277 (2001-10-01), Vaeth et al.
patent: 6321333 (2001-11-01), Murray
patent: 6539093 (2003-03-01), Asad et al.
patent: 6816900 (2004-11-01), Vogel et al.
patent: 2005/0081037 (2005-04-01), Kumagai et al.
Menezes, Alfred J. et al. Handbook of Applied Cryptography, 1997 CRC Press, pp. 559-581.
Burr, Bill. “Federal Bridge CA Concept”, May 2000.
Gunter, Carl A. et al. “Policy-directed Certificate Retrieval”, Mar. 2000.
Menezes et al. Handbook of Applied Cryptography, 1997, chapter 13.
Network Associates, Inc. An Introduction to Cryptography, 1999.
Polk, William T. “Bridge Certification Authorities: Connecting B2B Public Key Infrastructures”, Sep. 2000.
Shimaoka, Masaki. “Memorandum for multi-domain PKI interoperability”, 2000.
Stillson, Ken. “Dynamic Bridge Concept”, 3rd Annual PKI R&D Workshop, 2004.
Zimmermann, Philip. “PGP(tm) User's Guide Volume I: Essential Topics”, Oct. 1994.
Handbook of Applied Cryptography, Alfred Menezes et al, (1997), pp. 572-576.
PKI Architectures and Interoperability, preliminary draft for Federal PKI TWG, by W.E Burr, published on the World Wide Web, Mar. 6, 1998.
Toward a National Public Key Infrastructure, IEEE Communications Magazine, Sep. 1994 by Santosh Chokani, pp. 70-74.
Data Structures and Algorithms, Alfred V. Aho et al., (1983), Addison Wesley Publishing Company, pp. 215-218 and pp. 239-244.
Graph Theory With Applications, J. A. Bondy and U.S.R. Murty, (1981), pp. 14-21.
Levi et al., “Verification of classical certificates via nested certificates nested certificate paths,” Computer Communications and Networks, 1999, Proceedings, Eighth International Conference on, pp. 242-247.
Xu et al., “Certificate path generating protocol (CPGP) for authentic signaling in ATM networks,” Network Protocols, 1998, Proceedings, Sixth International Conference on, pp. 282-289.
Reiter et al., “Resilient authentication using path independence,” Computers, IEEE Transactions on, pp. 1351-1362.
Barron Gilberto
Entrust Limited
Simitoski Michael J
Vedder Price Kaufman & Kammholz P.C.
LandOfFree
Method and apparatus improving efficiency of end-user... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus improving efficiency of end-user..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus improving efficiency of end-user... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3903028