System and method for installing and using a temporary certificate at a ...

A system installs and enables the use ol a temporary certificate at a remote site. The system comprises a global server site, a temporary client site and a web site. The global server site includes a security module that identifies and authenticates the user at the temporary client site, and a web server engine that downloads a key generation downloadable and a certificate request engine downloadable upon user authentication to the client site. The client site includes a web engine that executes the key generation downloadable to generate a public key and a private key, and executes the certificate request engine downloadable to send the a temporary certificate request (including the public key) to the global server site. A temporary certificate generator at the global server site generates a temporary certificate having the public key and a validity period. The web server on the global server site sends the temporary certificate and a certificate installation downloadable to the web engine on the client site, which executes the downloadable thereby installing the temporary certificate. The web server on the global server site can also send a certificate maintenance downloadable and a certificate de-installation downloadable to the client site. The web server engine maintains a revocation list that contains information identifying revoked temporary certificates, so that a revoked but thusfar unexpired certificate cannot be improperly used. The web site reviews the temporary certificate for authenticity and contacts the global server site to review the revocation list and determine whether the temporary certificate has been revoked.

44 Claims, 12 Drawing Sheets

U.S. PATENT DOCUMENTS

5.048.085 9/1991 Abraham et al 380/23

5,220,603 * 6/1993 Parker 380/21

5,263,157 11/1993 Janis 707/9

5,373,559 12/1994 Kaufman et al 380/30

5,420,927 * 5/1995 Micali 380/23

5,434,918 7/1995 Kung et al 380/25

5,491,752 2/1996 Kaufman et al 380/30

5,495,533 2/1996 Linehan 380/21

5,544,322 8/1996 Cheng et al 395/200.12

5,572,643 11/1996 Judson 395/793

5,581,749 12/1996 Hossain et al 707/1

5,613,012 3/1997 Hoffman et al 382/115

5,623,601 4/1997 Vu 395/187.01

5,627,658 5/1997 Connors et al 358/407

5,644,354 7/1997 Thompson et al 348/13

5,647,002 7/1997 Branson 380/49

5,657,390 8/1997 Elgamal et al 380/49

5,666,530 9/1997 Clark et al 395/617

5,666,553 9/1997 Crozier 395/803

5,682,478 10/1997 Watson et al 395/200.12

5,682,524 10/1997 Freund et al 395/605

5,684,990 11/1997 Boothby 707/203

5,701,423 12/1997 Crozier 395/335

5,706,427 1/1998 Tabuki 395/187.01

5,706,502 1/1998 Foley et al 707/10

5,715,403 2/1998 Stefik 705/44

5,721,779 2/1998 Funk 380/23

5,757,916 5/1998 MacDoran et al 380/25

5,778,346 7/1998 Frid-Nielsen et al 395/208

5.784.463 7/1998 Chen et al 380/21

5.784.464 7/1998 Akiyama et al 380/25

5,787,172 * 7/1998 Arnold 380/21

5.799.086 * 8/1998 Sudia 380/23

5,828,840 10/1998 Cowan et al 395/200.33

5,870,544 * 2/1999 Curds 395/187.01

5,951,652 * 9/1999 Ingrassia, Jr 709/248

5,982,898 * 11/1999 Hsu et al 380/23

5,999,947 12/1999 Zollinger et al 707/203

OTHER PUBLICATIONS

Article by Nelson et al., entitled: "Security for Infinite Networks" Published by IEEE Communications Magazine on Aug. 22, 1995, pp. 11-19.

Article by Greenwald et al., entitled: "Designing an Academic Firewall: Policy, Practice, and Experience with SURF" Published by IEEE Communications Magazine on Feb. 22, 1996, pp. 79-92.

Article by Kiuchi et al., entitled: "C-HTTP—The Development of a Secure, Closed HTTP-based Network on the Internet" Published by IEEE Proceedings of SNDSS on Feb. 22, 1996, pp. 64-75.

Article by S. Cobb, entitled: "Establishing Firewall Policy" Published by National Computer Security Assn. on Jun. 25-27, 1996, pp. 198-205.

Tanenbaum, Andrew S., "Computer Network", Third Edition, Prentice-Hall 1996, ISBN 0-13-349945-6, Chapter 7, Sections 7.1.4 to 7.1.6, pp. 597-618. Knudsen, Jonathan, "Java Cryptography", First Edition, O'Reilly & Assoc. 1998, ISBN 1-56592-402-9, pp. 79-91. Web page: www.verisign.com/press/product/isv.html, Verisign Press Release, "Verisign Enhances Digital IDS to Enable Universal Website Login and One-Step Registration", Nov. 3, 1998, 3 pages.

Freier et al., entitled "The SSL Protocol, Version 3.0," Netscape Communications, dated Nov. 18, 1996, pp. 1-59, Downloaded from URL=http://www.home.netscape.com/ eng/ssl3/draft302.txt.

Mark R. Brown et al. "Using Netscape 2", Second Edition, QUE Corporation, 1995, Chapter 34 "Sun's Java and the Netscape Browser", pp. 885-907.

* cited by examiner