WO2000051039A1 - Site certificate system - Google Patents

Site certificate system Download PDF

Info

Publication number
WO2000051039A1
WO2000051039A1 PCT/AU1999/001173 AU9901173W WO0051039A1 WO 2000051039 A1 WO2000051039 A1 WO 2000051039A1 AU 9901173 W AU9901173 W AU 9901173W WO 0051039 A1 WO0051039 A1 WO 0051039A1
Authority
WO
WIPO (PCT)
Prior art keywords
site
organisation
certificate authority
certificate
domain name
Prior art date
Application number
PCT/AU1999/001173
Other languages
French (fr)
Inventor
Robert John Watson
Original Assignee
Enshrine Ca Pty Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enshrine Ca Pty Ltd. filed Critical Enshrine Ca Pty Ltd.
Priority to AU27823/00A priority Critical patent/AU2782300A/en
Publication of WO2000051039A1 publication Critical patent/WO2000051039A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • the present invention relates to a site certificate system and, more particularly, to such system adapted for rapid and timely maintenance of authentication status of a site certificate adapted particularly for use on what is commonly known as the "Internet”.
  • the Internet may be described as a worldwide interconnection of computers all of which are adapted to communicate according to a common protocol currently the protocol is known as TCP/IP.
  • PSTN public switch telephone network
  • restricted channels Communication between computers according to this protocol takes place across a multitude of communication channels including the public switch telephone network (PSTN) and also more restricted channels.
  • PSTN public switch telephone network
  • a problem with this arrangement is that the trusted third party which issues the site identification upon which other parties then rely may, itself, not always have up to date information as to the status and identity of the owners of the site in respect of which the site identification is issued.
  • the invention consists in a site certificate system for use on the Internet (as defined in the specification) , said system comprising a certificate authority adapted to issue site identifications characteristic of a predetermined organisation, said certificate authority also being adapted to communicate with a domain name server registry thereby to issue a revocation notification to the domain name server registry and update a revocation list for use by the domain name server registry so as to indicate to a relying party that said predetermined organisation does not satisfy certain selected parameters; said selected parameters being under near continuous monitoring by said certificate authority.
  • Fig. 1 is a block diagram of a site certificate system according to a first embodiment of the invention.
  • FIG. 1 there is shown, in block diagram form, components of a site identification system adapted to co-operate in accordance with a first embodiment of the invention.
  • the site certificate system 10 includes a Certificate Authority (CA) 11, a domain name server (DNS) 12, a first organisation server 13 and a relying party 14.
  • CA Certificate Authority
  • DNS domain name server
  • each of the sites 11, 12, 13, 14 is adapted to communicate over the Internet 15 by way of computer interface .
  • a computer 16 of relying party 14 will place a query onto the Internet seeking the address of first organisation server 13.
  • a domain name server 12 will match the name of the organisation 17 with an Internet address of first organisation server 13 following which a data connection over Internet 15 will be established between
  • first organisation server 13 will be interrogated by computer 16 for the purposes of : 1. Authenticating the identity of first organisation server 13 ;
  • the site identification 18 is issued by certificate authority 11, the certificate authority 11 being a trusted third party.
  • First organisation server 13 is under the control and sponsorship of organisation 17;
  • certificate authority 11 maintains a near continuous monitoring of selected parameters pertaining to identity, ownership and financial status of organisation 17 whereby, should one or more of those parameters change m a way which would indicate that site identification 18 no longer reflects correctly the identity, ownership or financial status of organisation 17 then the certificate authority 11 lists the site identification 18 as no longer valid and takes steps to notify the domain name server 12 to re-route enquiries made over the Internet in relation to the domain name of first organisation server to a page which indicates that the site ID 18 of organisation 17 has been revoked.
  • the revocation list 19 published by the certificate authority 11 resides on certificate authority 11.
  • the domain name server may also redirect queries concerning organisation 17 to the computer upon which the revocation list 19 resides.
  • relying party 14 can be confident to a higher level than heretofore that a communication with first organisation server 13 over Internet 15 is a communication with a site which has the sponsorship and approval of organisation 17 and that organisation 17 is m a position to provide the sponsorship and/or approval with reference to the selected parameters which, m this instance, comprise identity, ownership and financial status .

Abstract

A site certificate system for use on the Internet (15) (as defined in the specification), said system comprising a certificate authority (11) adapted to issue site identifications (18) characteristic of a predetermined organisation (17), said certificate authority also being adapted to communicate with a domain name server registry (12) thereby to issue non-compliance notifications and a revocation list (19) for use by the domain name server registry so as to indicate to a relying party (14) that said predetermined organisation does not satisfy certain selected parameters; said selected parameters being under near continuous monitoring by said certificate authority.

Description

SITE CERTIFICATE SYSTEM
The present invention relates to a site certificate system and, more particularly, to such system adapted for rapid and timely maintenance of authentication status of a site certificate adapted particularly for use on what is commonly known as the "Internet".
BACKGROUND The Internet may be described as a worldwide interconnection of computers all of which are adapted to communicate according to a common protocol currently the protocol is known as TCP/IP.
Communication between computers according to this protocol takes place across a multitude of communication channels including the public switch telephone network (PSTN) and also more restricted channels.
One problem with this form of communication system is that it can be difficult to ensure data integrity and confidentiality. Allied to this is the problem of identity of sources of data - that is how can a relying party be sure that the data it receives purporting to come from a particular computer site does, in fact, come from that site, come with the clear authority of the owner of the site, and, more particularly, that the owners of the site are who they purport to be . A partial solution to this identity confirmation or authentication problem has come about by trusted third parties providing a secure electronic file which can be utilised to confirm site identity.
A problem with this arrangement is that the trusted third party which issues the site identification upon which other parties then rely may, itself, not always have up to date information as to the status and identity of the owners of the site in respect of which the site identification is issued.
It is an object of the present invention to address or alleviate this problem.
BRIEF DESCRIPTION OF INVENTION
The invention consists in a site certificate system for use on the Internet (as defined in the specification) , said system comprising a certificate authority adapted to issue site identifications characteristic of a predetermined organisation, said certificate authority also being adapted to communicate with a domain name server registry thereby to issue a revocation notification to the domain name server registry and update a revocation list for use by the domain name server registry so as to indicate to a relying party that said predetermined organisation does not satisfy certain selected parameters; said selected parameters being under near continuous monitoring by said certificate authority.
BRIEF DESCRIPTION OF DRAWINGS
One embodiment of the invention will now be described with reference to the accompanying drawing wherein:
Fig. 1 is a block diagram of a site certificate system according to a first embodiment of the invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENT
With reference to Fig. 1 there is shown, in block diagram form, components of a site identification system adapted to co-operate in accordance with a first embodiment of the invention.
The site certificate system 10 includes a Certificate Authority (CA) 11, a domain name server (DNS) 12, a first organisation server 13 and a relying party 14. In this embodiment each of the sites 11, 12, 13, 14 is adapted to communicate over the Internet 15 by way of computer interface .
In use, a computer 16 of relying party 14 will place a query onto the Internet seeking the address of first organisation server 13. A domain name server 12 will match the name of the organisation 17 with an Internet address of first organisation server 13 following which a data connection over Internet 15 will be established between
computer 16 of relying party 14 and first organisation server 13 of organisation 17.
As part of the establishment of the data connection the site identification 18 residing on first organisation server 13 will be interrogated by computer 16 for the purposes of : 1. Authenticating the identity of first organisation server 13 ; and
2. Providing an encryption key for the purposes of encrypting the data stream passing between computer 16 of relying party 14 and first organisation server 13 of organisation 17.
The site identification 18 is issued by certificate authority 11, the certificate authority 11 being a trusted third party.
Having interrogated the site identification 18 computer 16 of the relying party 14 may then proceed with data interchange over the Internet 15 between computer 16 and first organisation server 13 with a higher level of confidence than would otherwise be the case that: 1. First organisation server 13 is under the control and sponsorship of organisation 17; and
2. Data sent to and derived from first organisation 13 will not be able to be decoded by any other parties having access to the Internet 15.
In this embodiment certificate authority 11 maintains a near continuous monitoring of selected parameters pertaining to identity, ownership and financial status of organisation 17 whereby, should one or more of those parameters change m a way which would indicate that site identification 18 no longer reflects correctly the identity, ownership or financial status of organisation 17 then the certificate authority 11 lists the site identification 18 as no longer valid and takes steps to notify the domain name server 12 to re-route enquiries made over the Internet in relation to the domain name of first organisation server to a page which indicates that the site ID 18 of organisation 17 has been revoked. The revocation list 19 published by the certificate authority 11 resides on certificate authority 11. The domain name server may also redirect queries concerning organisation 17 to the computer upon which the revocation list 19 resides. In this matter relying party 14 can be confident to a higher level than heretofore that a communication with first organisation server 13 over Internet 15 is a communication with a site which has the sponsorship and approval of organisation 17 and that organisation 17 is m a position to provide the sponsorship and/or approval with reference to the selected parameters which, m this instance, comprise identity, ownership and financial status .
The above describes only one embodiment of the present invention and modifications, obvious to those skilled in the art, can be made thereto without departing from the scope and spirit of the present invention.

Claims

1. A site certificate system for use on the Internet (as defined in the specification) , said system comprising a certificate authority adapted to issue site identifications characteristic of a predetermined organisation, said certificate authority also being adapted to communicate with a domain name server registry thereby to issue non- compliance notifications and a revocation list for use by the domain name server registry so as to indicate to a relying party that said predetermined organisation does not satisfy certain selected parameters; said selected parameters being under near continuous monitoring by said certificate authority.
2. The site certificate system of Claim 1 wherein said selected parameters comprise one or more of identity, ownership and financial status .
3. The site certificate system of Claim 1 or Claim 2 wherein said step of near continuous monitoring comprises monitoring on a daily basis.
PCT/AU1999/001173 1999-02-26 1999-12-24 Site certificate system WO2000051039A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU27823/00A AU2782300A (en) 1999-02-26 1999-12-24 Site certificate system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPP8933 1999-02-26
AUPP8933A AUPP893399A0 (en) 1999-02-26 1999-02-26 Site certificate system

Publications (1)

Publication Number Publication Date
WO2000051039A1 true WO2000051039A1 (en) 2000-08-31

Family

ID=3813132

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1999/001173 WO2000051039A1 (en) 1999-02-26 1999-12-24 Site certificate system

Country Status (2)

Country Link
AU (1) AUPP893399A0 (en)
WO (1) WO2000051039A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005148A1 (en) * 2000-07-07 2002-01-17 The Toneguzzo Group Pty Limited Content filtering and management
US7225164B1 (en) * 2000-02-15 2007-05-29 Sony Corporation Method and apparatus for implementing revocation in broadcast networks
US7711952B2 (en) 2004-09-13 2010-05-04 Coretrace Corporation Method and system for license management

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998009209A1 (en) * 1996-08-30 1998-03-05 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
WO1998011716A1 (en) * 1996-09-10 1998-03-19 E-Stamp Corporation Method and system for electronic document certification
WO1998037675A1 (en) * 1997-02-19 1998-08-27 Verifone, Inc. A system, method and article of manufacture for secure digital certification of electronic commerce
US5850442A (en) * 1996-03-26 1998-12-15 Entegrity Solutions Corporation Secure world wide electronic commerce over an open network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5850442A (en) * 1996-03-26 1998-12-15 Entegrity Solutions Corporation Secure world wide electronic commerce over an open network
WO1998009209A1 (en) * 1996-08-30 1998-03-05 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
WO1998011716A1 (en) * 1996-09-10 1998-03-19 E-Stamp Corporation Method and system for electronic document certification
WO1998037675A1 (en) * 1997-02-19 1998-08-27 Verifone, Inc. A system, method and article of manufacture for secure digital certification of electronic commerce

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7225164B1 (en) * 2000-02-15 2007-05-29 Sony Corporation Method and apparatus for implementing revocation in broadcast networks
WO2002005148A1 (en) * 2000-07-07 2002-01-17 The Toneguzzo Group Pty Limited Content filtering and management
US7711952B2 (en) 2004-09-13 2010-05-04 Coretrace Corporation Method and system for license management

Also Published As

Publication number Publication date
AUPP893399A0 (en) 1999-03-25

Similar Documents

Publication Publication Date Title
US7747852B2 (en) Chain of trust processing
US7383434B2 (en) System and method of looking up and validating a digital certificate in one pass
US7702902B2 (en) Method for a web site with a proxy domain name registration to receive a secure socket layer certificate
US6823454B1 (en) Using device certificates to authenticate servers before automatic address assignment
JP2022504420A (en) Digital certificate issuance methods, digital certificate issuance centers, storage media and computer programs
CN111262692B (en) Key distribution system and method based on block chain
US8086848B2 (en) Automated process for a web site to receive a secure socket layer certificate
US7520339B2 (en) Apparatus for achieving integrated management of distributed user information
JP4758095B2 (en) Certificate invalidation device, communication device, certificate invalidation system, program, and recording medium
JP2006053923A5 (en)
EP2258095A1 (en) Identity management
KR20090086276A (en) Metadata broker
JP2007110377A (en) Network system
CN101883106A (en) Network access authentication method and server based on digital certificate
US20020194471A1 (en) Method and system for automatic LDAP removal of revoked X.509 digital certificates
CN111193755B (en) Data access method, data encryption method and data encryption and access system
Hsu et al. Intranet security framework based on short-lived certificates
US20090144437A1 (en) Securing a Server in a Dynamic Addressing Environment
CN108243164B (en) Cross-domain access control method and system for E-government cloud computing
WO2000051039A1 (en) Site certificate system
Selkirk Using XML security mechanisms
EP1854260A1 (en) Access rights control in a device management system
JP2003303174A (en) Method and device for authenticating terminal
JP2000207362A (en) Network system and its user authenticating method
JP2001236320A (en) Terminal specifying method for www

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase