Method of and apparatus for providing secure distributed directory services and public key infrastructure

Assignee

• Xcert Software, Inc. · CA

Inventors

• Patrick Richard · Edinburgh, GB
• Andrew Csinger · Vancouver, CA
• Bruce Knipe · Vancouver, CA
• Bruce Woodward · Orem, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2211/008
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In an exemplary embodiment, the server receives the client's Distinguishing Name (DN), and then searches its directory for identification information and access control rights for this specific context. The server can act as a stand-alone server or in conjunction with other directory services on the network. A client must have a verifiable identity in order for secure communications to continue. A client's identity can be said to be fully verifiable if the server has access to the directory service that maintains that client's DN. The client receives the server's DN, and the client can then determine whether or not to accept a response to a request for information (i.e., trust the response). The client determines the identity of the server using some directory service (the client can act stand-alone or as a client of other directory servers). A server is fully verifiable if the client can identify the directory service that maintains the server's DN. In both cases, determining identity is predicated on being able to identify a directory service. Since servers and clients are issued identities (DN's) from some directory service before they participate in secure communications, they …