Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-06-10
2004-11-30
Vu, Kim (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S175000
Reexamination Certificate
active
06826685
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to digital certificates, and more particularly, to the generation and distribution of digital certificates.
BACKGROUND OF THE INVENTION
Many methods have been developed to secure the integrity of electronic message data during transmission. Simple encryption is the most common method of securing data. Encryption suitably refers to the transformation of plaintext data into an unintelligible form known as ciphertext. Encryption is usually accomplished by the application of mathematical algorithms on the plaintext data. These algorithms are defined by parameters known as ‘keys’. Two common encryption methods are symmetric methods, which use private keys, and asymmetric methods, which use public keys. Both private key encryption (such as DES (Data Encryption Standard)) and public key encryption methods have been implemented, but, key cryptographic methods alone do not allow a recipient to authenticate the validity of the public key nor to validate the identity of the sender.
In general, authentication allows for the verification that someone or something is valid or genuine. Digital signature authentication allows the receiver of a message to be confident of the identity of the sender and/or the integrity of the message. Digital signatures have been used to guarantee the validity of a public key by being incorporated into a digital certificate. The ‘signed’ document containing the digital signature attests to the validity and public key of the person signing the message, and prevents one user from impersonating another through a phony key pair. Along with the public key and the subject name, the certificate also contains the validity period of the key, the name of the issuer of the certificate and the certificate serial number. The information in the certificate is digitally signed by the issuer. However, a secure, centralized repository is required for storing and managing the keys.
For example, the X.500 directory may be used as a repository for storing certificates, with association of the public keys of network users with their distinguished name. (An X.500 distinguished name refers to a unique object in the X.500 Directory, and is a sequence of vertex points leading from the ‘root’ of the tree to the object of interest, as is conventionally understood). The X.500 standard defines an authentication framework, known as X.509, for use by OSI (Open Systems International connection) applications to provide a basis for authentication and security services. The X.509 framework describes how authentication information is formed and placed in the directory. The X.509 authentication framework also defines basic security services, including simple and strong authentication. Strong authentication involves the use of public key cryptographic standard (PKCS) and a trusted hierarchy of Certificate Authorities (CAs), where a CA refers to a trusted source for obtaining a user's authentication information or certificate and that controls a Public Key Infrastructure (PKI). Thus, traditional methods of key generation and certificate distribution rely on human interaction with CAs.
Accordingly, a need remains for a streamlined way of generating identities for widely distributed applications that use PKI for authentication. The present invention addresses such a need.
SUMMARY OF THE INVENTION
The present invention provides method and system aspects for automated generation and distribution of certificates in a computer network of computer systems. These aspects include generating a request by a first computer system for a certificate from a second computer system, and responding to the request in the second computer system by automatically generating the certificate and distributing the certificate to the first computer system. Further, generating a request includes issuing a POST/CERTREQ request, and sending a self-signed certificate from the first computer system to the second computer system. Automatically generating the certificate includes sending a sequence of certificates to the first computer system, the sequence of certificates including the newly generated certificate of the first computer system with a signature from the second computer system and a self-signed certificate from the second computer system.
Through the present invention, the generation and distribution of digital certificates for use by communicating Java™ applications for authentication are effectively achieved. A straightforward approach utilizes standard HTTP protocol in conjunction with a Java development kit version 1.1. These and other advantages of the aspects of the present invention will be more fully understood in conjunction with the following detailed description and accompanying drawings.
REFERENCES:
patent: 5001752 (1991-03-01), Fischer
patent: 5604804 (1997-02-01), Micali
patent: 5825890 (1998-10-01), Elgamal
patent: 5884270 (1999-03-01), Walker
patent: 6021495 (2000-02-01), Jain et al.
patent: 6035402 (2000-03-01), Vaeth et al.
patent: 6178409 (2001-01-01), Weber et al.
Smith, R. E. Internet Cryptography. Addison Wesley Longman, Inc. 1997. pp. 313-320.*
Berners-Lee et al. “Hypertext Transfer Protocol—HTTP/1.0” Request For Comments: 1945. Published on the Internet. May 1996. pp. 31.*
“Java Security Architecture” Published on the Internet by Sun Microsystems. Oct. 1, 1997. Section 6.1. Retrieved through the Internet at <www.sdsu.edu/doc/jdk1.2/docs/guide/security/spec>.*
“What's New in VM:Webserver Release 2.0” Published on the Internet by Sterling Software, Inc. Dec. 1997. Retrieved through the Internet at <www.vm.sterling.com>.*
“VM:Webgateway Web Server; Reference-Commands” Sterling Software, Inc. 1998. Retrieved through the Internet at <www.oes-cs.dk/VM:Webgateway/help/commands/certreq.html>.*
“Domino Go Webserver Messages” Published on the Internet via IBM BookManager BookServer. May 8, 1998. Retrieved through the Internet at <www.s390.ibm.com:80/bookmgr-cgi/bookmgr.cmd/BOOKS/FIGMSG00/1%2e8>.
Sawyer Law Group LLP
Song Hosuk
Vu Kim
LandOfFree
Method and system for the digital certificate generation and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for the digital certificate generation and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for the digital certificate generation and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3345780