---------- Forwarded message ---------- Date: Fri, 8 Feb 2002 09:25:08 +0100 From: Stefan Kelm <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: (Fwd) Key server patent FYI, there's more information at: <http://patft.uspto.gov/netacgi/nph- Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1= '6336186'.WKU.> ------- Forwarded message follows ------- Date sent: Wed, 6 Feb 2002 20:44:44 -0800 (PST) From: Len Sassaman <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Key server patent. FYI, NAI's newly granted key server policy patent: http://www.delphion.com/details?pn=US06336186__ ------- End of forwarded message ------- A cryptosystem having a Certificate (Key) Server for storing and maintaining certificate or key information in a certificate database is described. The Certificate Server allows clients to submit and retrieve keys from a database based on a set of policy constraints which are set for one's particular site (e.g., company). Access to the Certificate Server is maintained by a Certificate Policy Agent, which makes sure that the policy is enforced for a given site based on the information supplied during the configuration. During operation, the Certificate Server responds to client requests to add, search for, and retrieve certificates. The server accepts or rejects certificates based on configurable parameters enforced by a Certificate Policy Agent. When a certificate is submitted to the server, the Certificate Policy Agent checks to see if it meets the criteria for a given site based on the settings specified during the configuration. Exemplary types of checks that the Certificate Policy Agent can enforce include checking to see if the key has been signed by the appropriate entities and checking to see if the signatures or User IDs associated with a key are approved for submission. If the submission criteria established during the configuration are met, the key is accepted by the server. If the key being submitted does not pass the policy requirements, it is rejected and (optionally) a copy is placed in a "pending bucket" where the key can subsequently be examined by the system administrator to determine if the key should be allowed on the server. ------------------------------------------------------- Dipl.-Inform. Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Albert-Nestler-Strasse 9, D-76131 Karlsruhe Tel. +49 721 6105-461, Fax +49 721 6105-455 E-Mail [EMAIL PROTECTED], http://www.secorvo.de ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
