What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method for provision of identity verification certificate

US11516207B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11516207-B2
Application number	US-202016890584-A
Country	US
Kind code	B2
Filing date	Jun 2, 2020
Priority date	Jun 2, 2020
Publication date	Nov 29, 2022
Grant date	Nov 29, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for facilitating a provision of a certificate that securely verifies an identification of an application is provided. The method includes: validating a bootstrap identity that identifies the application at a time of invocation; generating a first token that is signed with a first private key and transmitting the signed first token to the application; receiving, from an external server, a request for a public key to be used for verifying the first private key; and transmitting the requested public key to the external server in order to prompt the external server to provide the certificate to the application. When prompted to provide the certificate to the application, the external server generates a second token that is signed with a second private key and transmits the certificate in conjunction with the signed second token to the application. The private keys are never shared with the application.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for facilitating a provision of a certificate that securely verifies an identification of an application, the method being implemented by at least one processor, the method comprising: receiving, from the application, a request for an identity of a target directory that relates to an external server, the request including a bootstrap identity that is provided by a platform of the application and identifies both the platform and the application at a time of invocation; validating the bootstrap identity that is provided by the platform of the application; generating a first private key based on the validated bootstrap identity; generating a first token that is signed with the first private key and transmitting the signed first token to the application without transmitting the first private key used to generate the first token, such that the application is restricted from access to the first private key; receiving, from the external server after the signed first token has been received by the external server from the application, a request for a public key to be used for verifying the first private key; and transmitting, to the external server, the requested public key based on the signed first token and in order to prompt the external server to provide the certificate to the application, wherein when prompted to provide the certificate to the application, the external server is configured to generate a second token that is signed with a second private key and to transmit the certificate in conjunction with the signed second token to the application, and wherein the application accesses a protected resource with the second token. 2. The method of claim 1 , wherein each of the first private key and the second private key is never provided to the application. 3. The method of claim 1 , wherein at least one from among the signed first token and the signed second token uses a JavaScript Object Notation (JSON) Web Token (JWT) format. 4. The method of claim 1 , wherein the external server is an Active Directory Federation Services (ADFS) server. 5. A method for obtaining a certificate that securely verifies an identification of an application, the method being implemented by at least one processor configured to execute the application, the method comprising: transmitting, by the at least one processor to a first server, a request for an identity of a target directory that relates to an second server configured to generate the certificate, the request including a bootstrap identity that is provided by a platform and identifies both the platform and the application at a time of invocation; generating a first private key based on the bootstrap identity; receiving, by the at least one processor from the first server, a first token that is signed with the first private key without transmitting the first private key used to generate the first token, such that the application is restricted from access to the first private key; transmitting, by the at least one processor to the second server, the signed first token; and receiving the certificate from the second server after the second server has obtained a public key from the first server and used the public key to verify the signed first token, and receiving, in conjunction with the certificate, a second token that is generated by the second server and signed with a second private key, wherein the application accesses a protected resource with the second token. 6. The method of claim 5 , further comprising: transmitting, by the at least one processor to a third server configured to control access to a resource, a request that relates to the resource, the request including the certificate and the signed second token; and receiving a response to the request from the third server. 7. The method of claim 6 , wherein the receiving of the response to the request occurs after the third server has obtained the public key from the second server and used the public key to verify the signed second token. 8. The method of claim 6 , wherein each of the first private key and the second private key is never provided to the at least one processor. 9. The method of claim 6 , wherein at least one from among the signed first token and the signed second token uses a JavaScript Object Notation (JSON) Web Token (JWT) format. 10. The method of claim 6 , wherein the second server is an Active Directory Federation Services (ADFS) server. 11. The method of claim 6 , wherein the third server includes a web application programming interface (API). 12. A computing apparatus for facilitating a provision of a certificate that securely verifies an identification of an application, the computing apparatus comprising: a processor; a memory; and a communication interface coupled to each of the processor and the memory, wherein the processor is configured to: receive, from the application via the communication interface, a request for an identity of a target directory that relates to an external server, the request including a bootstrap identity that is provided by a platform of the application and identifies both the platform and the application at a time of invocation; validate the bootstrap identity that is provided by the platform of the application; generate a first private key based on the validated bootstrap identity; generate a first token that is signed with the first private key and transmit the signed first token to the application via the communication interface without transmitting the first private key used to generate the first token, such that the application is restricted from accessing the first private key; receive, from the external server via the communication interface after the signed first token has been received by the external server from the application, a request for a public key to be used for verifying the first private key; and transmit, to the external server via the communication interface, the requested public key based on the signed first token and in order to prompt the external server to provide the certificate to the application, wherein when prompted to provide the certificate to the application, the external server is configured to generate a second token that is signed with a second private key and to transmit the certificate in conjunction with the signed second token to the application, and wherein the application accesses a protected resource with the second token. 13. The computing apparatus of claim 12 , wherein each of the first private key and the second private key is never provided to the application. 14. The computing apparatus of claim 12 , wherein at least one from among the signed first token and the signed second token uses a JavaScript Object Notation (JSON) Web Token (JWT) format. 15. The computing apparatus of claim 12 , wherein the external server is an Active Directory Federation Services (ADFS) server.

Assignees

Jpmorgan Chase Bank Na

Inventors

Classifications

H04L9/3263
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
H04L9/3268
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
G06F21/44
Program or device authentication · CPC title
H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/0442
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title

Patent family

Related publications grouped by family.

View patent family 78704866

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11516207B2 cover?: A method for facilitating a provision of a certificate that securely verifies an identification of an application is provided. The method includes: validating a bootstrap identity that identifies the application at a time of invocation; generating a first token that is signed with a first private key and transmitting the signed first token to the application; receiving, from an external server,…
Who is the assignee on this patent?: Jpmorgan Chase Bank Na
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Secure enrollment of devices with cloud platforms

Method and system for distributing attestation key and certificate in trusted computing

Digital certificate for verifying application purpose of data usage

Dynamic Access Control to Network Resources Using Federated Full Domain Logon

Frequently asked questions