公开(公告)号：US07484089B1

公开(公告)日：2009-01-27

申请号：US10985414

申请日：2004-11-10

申请人： Mark Kogen ,  Herve Garcia ,  Fred Pinn ,  Elton Lin ,  Warren Tan

发明人： Mark Kogen ,  Herve Garcia ,  Fred Pinn ,  Elton Lin ,  Warren Tan

IPC分类号： H04L21/00

CPC分类号： H04L63/062 ,  H04L63/0823 ,  H04L63/0853

摘要： A method and system for combining multiple access points and utilizing certificates as an access method to a system from multiple access points enables use of a certificate that is stored within a smart card to access a host system through a browser, such that when the user accesses the application on the server, the application requires that the card and certificate be present for authentication of the individual user, and concurrently allows an external system to access applications on a host server using a certificate stored on the external system for authenticating itself to the host server. A certificate for certificate-based authentication is created and distributed to a choice of storage methods, such as a microcomputer of an integrated chip card, a computer disk of a computing device disposed in a secure environment, or a Hardware Security Module (HSM) associated with the computing device. The certificate is managed over its life span at least partly via a Lightweight Directory Assistance protocol (LDAP) directory shared by a certificate authority (CA) and the host system. Access to the host system is allowed using the certificate for public key-based authentication to the host system.

摘要翻译： 用于组合多个接入点并且利用证书作为来自多个接入点的系统的接入方法的方法和系统使得能够使用存储在智能卡内的证书通过浏览器访问主机系统，使得当用户访问 服务器上的应用程序，应用程序要求存在用于个人用户认证的卡和证书，并且同时允许外部系统使用存储在外部系统上的证书来访问主机服务器上的应用程序，以便向主机认证自身 服务器。 创建用于基于证书的认证的证书并将其分配到存储方法的选择，例如集成芯片卡的微型计算机，安置在安全环境中的计算设备的计算机磁盘或相关联的硬件安全模块（HSM） 与计算设备。 该证书至少部分通过由证书颁发机构（CA）和主机系统共享的轻型目录服务协议（LDAP）目录进行管理。 允许使用主机系统的基于公钥身份验证的证书对主机系统进行访问。