The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 25, 2003
Filed:
Dec. 31, 1998
Khalid Asad, Frederick, MD (US);
Michael A. Brown, Vienna, VA (US);
Adarsh Gupta, Potomac, MD (US);
Manjit Singh Kohli, Germantown, MD (US);
J. Matthew Sebastian, Reston, VA (US);
International Business Machines Corporation, Armonk, NY (US);
Abstract
Users and security aware applications are able to request operations on and manipulate role based digital certificates (and their corresponding private keys) distributed among multiple key rings through the use of a Key Ring Organizer (KRO). In a typical use of the KRO, the computer network is coupled to a secure server and at least one end-user terminal; a Registration Authority; and an organization server hosting secure applications. The end-user terminal includes a general purpose Web browser with a KRO plug-in module and a KRO managing a set of key rings, where each key ring may contain multiple keys. The KRO components include the KRO, a set of KRO catalogs (typically one), a built-in key ring, and multiple external key rings. A key ring can be of any type, including a smart card, key disk, or remote file. A catalog (typically a file) contains a set of entries in which each entry contains a set of attributes and a reference to a key record stored in a key ring. Public key data is stored in a catalog during key generation and later verified against the certificate to be stored in a key ring in order to maintain the integrity of the association between references in a catalog and the key pairs to which they refer. A built-in key ring is contained within each catalog and is managed by end-users like any other key ring; however, outside the KRO environment, a built-in key ring is not accessed independently from the catalog which contains it. This mechanism greatly increases mobility. In a typical client-server session the KRO is accessed by a secure server application using Key Ring Organizer Language (KROL) messages sent to the KRO plug-in over a secure protocol (e.g., SSL) to generate, store and select role based keys for use in signing documents or authenticating end-users. The KRO provides a mechanism whereby signature requests are always authorized by the owner of the signing private key. The KRO also allows digital key parameters to be configured by the end-user so that authentication request must be authorized by the user as well.