80 results about "Certificate signing request" patented technology

A method and system for signing a digital certificate in real time for accessing a service application hosted within a service provider (SP) computer system through an open application programming interface (API) platform is provided. The API platform is in communication with a memory device. The method includes receiving registration data from a developer computer device wherein the developer computer device is associated with a developer and configured to store a developer application, receiving a certificate signing request (CSR) from the developer computer device wherein the CSR includes a public key associated with the developer, verifying the registration data as being associated with the developer, signing the CSR to produce a signed certificate after verifying the registration data wherein the verifying and signing steps are performed by the SP computer system in real time, and transmitting the signed certificate and a client ID to the developer computer device.

A method to enable remote, secure, self-provisioning of a subscriber unit includes, a security provisioning server: receiving, from a subscriber unit, a certificate signing request having subscriber unit configuration trigger data; generating provisioning data for the subscriber unit using the subscriber unit configuration trigger data; and in response to the certificate signing request, providing to the subscriber unit the provisioning data and a subscriber unit certificate having authorization attributes associated with the provisioning data, to enable the self-provisioning of the subscriber unit.

A server certificate issuing system confirms existence of a Web server for which a certificate is to be issued. The web server includes means for generating an entry screen to input application matters for an issuance of a server certificate, means for generating a key pair of a public key and a private key, means for generating a certificate signing request file (CSR) containing the generated public key, and means for generating a verification page indicating intention of requesting the issuance of the certificate. A registration server retrieves the CSR from a received server certificate request and accesses the Web server to read the verification information, and compares the read verification information with the CSR. If the verification information read from the Web server is identical to the CSR, it is determined that the Web server for which the server certificate is to be issued exists.

A method for self-service authentication of a client and a server. The method includes the server receiving an initialization command from the client. The initialization command may be transmitted to the server via a client web browser over an unsecured data transfer link. The method continues with requesting authentication information from the client. In response to receiving the authentication information from the client, the server transmits a client software component to the client. The client software component utilizes a client-side library installed on the operating system of the client to generate the various client credentials described above. Thereafter, the certificate signing request may be transmitted to a certificate server for signing the certificate signing request. The signed certificate signing request is then received by the client via the client web browser. The client utilizes the information associated with the signed certificate signing request with the client-side library installed on the client to generate a client certificate.

A certificate validation method for causing a certificate validation server to receive a certificate validation request from a given terminal device, build a certification path of from a first certificate authority (CA) to a second CA, perform validation of the certification path, and send a validation result to the terminal which issued the certificate validation request is disclosed. The validation server detects either a key update of any given CA or a compromise of the given CA, acquires a certificate of relevant CA and first certificate status information and second certificate status information, stores the acquired information in a storage unit or, alternatively, updates the information stored in the storage based on the acquired information, and performs the building of a certification path and validation of the certification path by use of the information of the storage unit.

A method begins by a requesting device transmitting a certificate signing request to a managing unit, wherein the certificate signing request includes fixed certificate information and suggested certificate information. The method continues with the managing unit forwarding the certificate signing request to a certificate authority and receiving a signed certificate from the certificate authority, wherein the signed certificate includes a certificate and a certification signature and wherein the certificate includes the fixed certificate information and determined certificate information based on the suggested certificate information. The method continues with the managing unit interpreting the fixed certificate information of the signed certificate to identify the requesting device and forwarding the signed certificate to the identified requesting device.

Methods and systems for creating and managing certificates for gaming machines in a gaming network using a portable memory device are described. A gaming machine creates a certificate signing request which is stored on a portable memory device at the machine by an operator. The memory device is handed over to a certificate authority (CA) security officer at the casino and is coupled with an appropriate CA server. A certificate batch utility program on the server downloads and processes the CSRs. A certificate services program on the server issues gaming machine certificates according to the CSRs. In one embodiment, the certificates are uploaded onto the memory device, along with copies of certificate authority server certificates, including a root CA certificate. The CA security officer hands the memory device to the casino floor operator. At the machine, the operator inserts or couples the device and software on the machine identifies and downloads its certificate based on the certificate file name. The machine also downloads copies of the CA server certificates which it may use in a certificate chain validation procedure. In another embodiment, the certificates are placed in a shared file on the CA server and retrieved by the gaming machines over a gaming network.

A certificate server is provided for issuing digital certificates to be used by a network resource and/or a client resource. The certificate server is configured to communicate with the network resource or the client resource to receive a certificate request. Upon receiving the certificate request, the certificate server may automate the process for authenticating the certificate request, validating the terms of the certificate request and digitally signing the certificate request. An authentication appliance may communicate with or be integrated within the certificate server. The certificate server includes a web service server, a certificate authority component, and a database that enable communication with either the network resource, client resource, or the authentication appliance to automate the administration process typically involved in receiving and signing a certificate request. The certificate authority component may sign the certificate request with a trusted root chain associated with the network resource.

Techniques are disclosed relating to relating to a public key infrastructure (PKI). In one embodiment, an integrated circuit is disclosed that includes at least one processor and a secure circuit isolated from access by the processor except through a mailbox mechanism. The secure circuit is configured to generate a key pair having a public key and a private key, and to issue, to a certificate authority (CA), a certificate signing request (CSR) for a certificate corresponding to the key pair. In some embodiments, the secure circuit may be configured to receive, via the mailbox mechanism, a first request from an application executing on the processor to issue a certificate to the application. The secure circuit may also be configured to perform, in response to a second request, a cryptographic operation using a public key circuit included in the secure circuit.

A digital certificate is created transparently on a mobile device. A VPN appliance receives user credentials from an app, the credentials familiar to the user and associated with an enterprise authentication service. The credentials are validated, comprising the first user authentication in a two-factor authentication method. The user is then presented with a display in the app asking for a PIN. The appliance generates a PIN and sends it to the user via the user enterprise email. The user enters the PIN in the app display. This is the second factor in the two-factor authentication. Once the user is authenticated, the appliance sends data for generating a Certificate Signing Request (CSR) to the app. The app generates a CSR and the appliance sends the CSR to an enterprise CA. A certificate is signed and enrolled. The signed digital certificate is then sent to the wrapped app.

A transport layer security (TLS) connection is established between a signature device and the host computer via an interface (e.g., a universal serial bus (USB) interface). The signature device acts as a TLS server, and the host computer acts as a TLS client. Data such as pen data, control data, or image data may be received or transmitted via a USB bulk transfer mechanism. In one aspect, the host computer sends a command via the interface to the signature device to generate a new key pair, receives a certificate signing request (CSR) from the signature device via the interface, sends the CSR to a user certificate authority, receives a public key certificate from the user certificate authority, and sends the public key certificate to the signature device via the interface.

Systems and methodologies that facilitate obtaining a digital certificate from a Certificate Authority, by using a well defined protocol exchanged between a user machine and the Certificate Authority. The well defined protocol employs; a purchasing component and an update component. Once a user has obtained a domain name, the purchasing component can be used to query the Certificate Authority for terms of the service plans to issue the digital certificate and to programmatically create and transmit a certificate signing request. The purchase component will also allow the signed certificate to be configured on the requesting cluster of machines. The update component can provide a revised and/or updated list of contact information to the Certificate Authority in addition to revoking an existing certificate.

Techniques for credentials management in large scale virtual private network (VPN) deployment are disclosed. In some embodiments, credentials management in large scale VPN deployment includes generating a public/private key pair and a certificate signing request at a satellite device; automatically communicating the certificate signing request to a portal over a public, untrusted network to authenticate the satellite device using a serial number associated with the satellite device, in which the certificate signing request and the serial number are verified by the portal; and receiving a certificate from the portal for using to establish VPN connections and configuration information for the satellite device, in which the certificate includes a credential signed by a trusted certificate authority, and the configuration information includes gateway configuration information identifying a plurality of gateways to which the satellite device is configured to connect using VPN connections.

A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.

A method begins by a dispersed storage (DS) processing module receiving a certificate signing request (CSR) from a user device. The method continues with the DS processing module generating a set of hidden passwords based on the CSR and accessing a set of authenticating units to obtain a set of passkeys. The method continues with the DS processing module retrieving a set of encrypted shares and decrypting the set of encrypted shares to produce a set of encoded shares. The method continues with the DS processing module decoding the set of encoded shares to recapture a private key and generating a user signed certificate based on the private key. The method continues with the DS processing module discarding the private key to substantially protect the private key from the user device and outputting the user signed certificate to the user device.

In a method a public key infrastructure (PKI) device receives a certificate signing request (CSR) and an identity assertion cryptographically bound to an end entity issuing the CSR. The PKI device validates the authenticity and integrity of the CSR using the identity assertion. In response to validating the authenticity and integrity of the CSR, the PKI device issues a certificate based on at least one of the CSR and fields in the identity assertion.

Disclosed herein is a method for providing assurance information regarding a business entity to a customer for an electronic transaction. The method comprises submitting a compliance token to a certificate authority as part of a certificate signing request wherein the compliance token comprises an assessment result describing the business entity's level of compliance with an assurance policy, as determined by an assessor, receiving an assurance certificate from the certificate authority, wherein the certificate includes the compliance token, and providing the assurance certificate to a customer in order to provide security information to the customer as part of an electronic transaction.

Authenticating a networking appliance attempting to attach to a network includes receiving at least one value associated with an identity of the networking appliance; receiving a certificate signing request (CSR) from the networking appliance, wherein the CSR comprises credential data associated with the identity of the networking appliance; and generating an appliance certificate based on the credential data and a certificate authority (CA) certificate associated with the computer. The method also includes returning the appliance certificate to the networking appliance; receiving a request from the networking appliance to attach to the network; and authenticating the identity of the networking appliance based on both a) the at least one value associated with the identity of the networking appliance; and b) the appliance certificate.