Lightweight public key infrastructure employing disposable certificates
The present invention relates to public key cryptosystems, and more particularly, to a public key infrastructure employing disposable short-term certificates for authentication and/or authorization. A PKI includes an off-line registration authority that issues a first unsigned certificate to a subje...
Saved in:
| Main Author | |
|---|---|
| Format | Patent |
| Language | English |
| Published |
13.07.2004
|
| Online Access | Get full text |
Cover
Loading…
| Summary: | The present invention relates to public key cryptosystems, and more particularly, to a public key infrastructure employing disposable short-term certificates for authentication and/or authorization.
A PKI includes an off-line registration authority that issues a first unsigned certificate to a subject that binds a public key of the subject to long-term identification information related to the subject and maintains a certificate database of unsigned certificates in which it stores the first unsigned certificate An on-line credentials server issues a short-term disposable certificate to the subject that binds the public key of the subject from the first unsigned certificate to the long-term identification information related to the subject from the first unsigned certificate. The credentials server maintains a table that contains entries corresponding to valid unsigned certificates stored in the certificate database. The subject presents the short-term disposable certificate to a verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key in the short-term disposable certificate. |
|---|