Centralized certificate management system for two-way...

Data processing: database and file management or data structures – Database design – Data structure types

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C707S793000, C380S029000, C380S029000, C380S030000

Reexamination Certificate

active

06233577

ABSTRACT:

REFERENCE TO A “MICROFICHE APPENDIX”
Appendix A, which is a part of the present disclosure, is a microfiche appendix entitled “Centralized Certificate Management System for Two-way Communication Devices in Data Networks” consisting of 2 sheets of microfiche having a total of 184 frames. The microfiche Appendix is a source code listing of one embodiment of the centralized certificate management system for two-way interactive communication devices over a wireless data network in the present invention, which is described more completely below.
A portion of the disclosure of this patent document contains material, that includes, but is not limited to, Appendices A, B and C, which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyrights whatsoever.
BACKGROUND OF THE INVENTION
1. Field of Invention
The present invention relates to data security between server computers and client computers in data networks, and more particularly relates to systems for managing, in a proxy server computer, digital certificates for two-way interactive communication devices over the data networks; wherein the two-way interactive communication devices, such as mobile devices, cellular phones, landline telephones and Internet appliance controllers, have generally limited computing resources such as computing power, memory and graphical display capability.
2. Description of the Related Art
A fast-growing trend on the Internet is electronic commerce. The electronic commerce is an integrative concept designed to draw together a wide range of business support services, trading support systems for commodities, products, customized products and custom-built goods and services; ordering and logistic support systems; settlement support systems; and management information and statistical reporting systems, all via the Internet. It is well known, however, that the Internet is a wide open, public and international network of interconnected computers and electronic devices around the world. The ability to send and receive secure data becomes a fundamental requirement in conducting electronic commerce over the Internet. To transact business over the open network, a business or organization must have an efficient and reliable manner to establish its identity and credibility to protect itself and its customers from imposters. Similarly, customers need assurance that their private information they may submit over the Internet can not be read by anyone but the business that they submit to.
One of the on-going efforts to ensure private communications or business transactions between two authenticated parties is to use digital certificates to bind the identities of the two parties to a pair of electronic keys that can be used to encrypt and sign digital information transmitted over the Internet. A digital certificate makes it possible to verify someone's claim that they have the right to use a given key, which helps prevent others from using phony keys to impersonate authorized users. Used in conjunction with encryption, digital certificates provide a more complete security solution by assuring the identity of all parties involved in a transaction through an open network.
The current architecture for using the digital certificates is binding between two computers, one being a client computer and the other being a server computer, on the Internet, that means both computers physically hold their own certificates, requiring a memory space to keep certificates. In case, one of the certificates becomes invalid (expired, revoked or no longer usable), the computer that owns the invalid certificate may acquire a new certificate from a certificate issuing authority. However, the acquiring process generally takes a number of minutes and a significant amount of computing power. When a communication session between the two computers is established, the two computers authenticate each other by examining the counterpart's certificate. A session key is created when the authentication is successful and a secure communication session thus commences using the session key to encrypt all information exchanging between the two computers. The authentication process also takes a significant amount of computing power.
When the client computer is a small two-way communication device such as a mobile computing device, a cellular phone, a landline telephone, or an Internet appliance controller, the above architecture is hardly applicable. To increase the portability and mobility, most of such two-way communication devices are designed small in size, light in weight, low in power consumption and as economically as possible. Such designs, often considered as thin-client designs, result in a very limited computing power, typically equivalent to less than one percent of what is provided in a typical desktop or portable computer and the memory capacity thereof is generally less than 250 kilobytes. That means that the thin client devices would not have extra memory spaces to store a number of certificates and the required computing power to acquire a new certificate in real time if one of the possessed certificates becomes invalid. There is thus a great need for providing the thin clients with a mechanism to effectively manage the certificates.


REFERENCES:
patent: 5586260 (1996-12-01), Hu
patent: 5659616 (1997-08-01), Sudia
patent: 5671279 (1997-09-01), Elgamal
patent: 5675649 (1997-10-01), Brennan et al.
patent: 5745574 (1998-04-01), Muftic
patent: 5774552 (1998-06-01), Grimmer
patent: 5872848 (1999-02-01), Romney et al.
patent: 5903651 (1999-05-01), Kocher
patent: 5903882 (1999-05-01), Asay et al.
Goldman, J., “Internet Security, the next generation. When software encryption is not enough”, WEB Techniques, vol.2, No.11, Abstract Only, Nov. 1997.*
King, C., “Building a corporate public key infrastructure”, Computer Security journal, vol.13, No.2, abstract only, Fall 1997.*
Sameshima, Y., “Security architecture based on secret key and priviledge attribute certificates”, Distributed Platforms, Abstract Only, Mar. 1996.*
“HDTP Specification,”Unwired Planet, Inc., Version 1.1, Part No. HDTP-SPEC-DOC-101, Jul. 15, 1997, pp. 1-40.
“HDML 2.0 Language Reference,”Unwired Planet, Inc., Version 2.0, Part No. HDMLREF-DOC-200, Revision D, Jul. 1997, pp. 1-56.
Aziz A. et al.:Privacy and authentication For Wireless Local Area Networks a Secure Communications Protocol to Prevent Unauthorized Access: IEEE Personal Communications, US, IEEE Communications Society, vol. 1, No. 1, pp. 25-31; 1 Jan. 1994.
Lai, M.K.F. et al.:A Mobile subscriber Proxy Preserving Writer-to Reader Message Security: Annual Military Communications Conference, US, New York, IEEE, vol. 15thpp. 461-467, 1996.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Centralized certificate management system for two-way... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Centralized certificate management system for two-way..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Centralized certificate management system for two-way... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2457602

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.