Thomas L Gindin

7139911, Nov 21, 2006

Feb 28, 2001

09/795203

James W. Sweeny - Millbrook NY, US
Messaoud Benantar - Austin TX, US
John J. Petreshock - Poughkeepsie NY, US
Thomas L. Gindin - Potomac MD, US
John C. Dayka - New Paltz NY, US

International Business Machines Corporation - Armonk NY

H04L 9/00
H04K 1/00

713156, 713175, 713176, 713157, 713182

A method of certifying a host-identification mapping extension included in a digital certificate, the digital certificate issued and signed by a specific certification authority. In an exemplary embodiment of the invention, the method includes assigning a trust value for each certification authority included in a set of certification authorities. A digital certificate containing the host-identification mapping extension therein is received, with the host-identification mapping extension further containing a plurality of identification attributes therein. The plurality of identification attributes are evaluated, along with the trust value assigned to the specific certification authority issuing the digital certificate. A determination is then made, based upon the plurality of identification attributes and the trust value, as to whether the host-mapping extension is to be certified.

7143285, Nov 28, 2006

May 22, 2001

09/862797

Thomas L. Gindin - Potomac MD, US
Messaoud Benantar - Austin TX, US
James W. Sweeny - Millbrook NY, US
John C. Dayka - New Paltz NY, US

International Business Machines Corporation - Armonk NY

H04L 9/00

713156, 713175

A method for creating a proof of possession confirmation for inclusion by a certification authority into a digital certificate, the digital certificate for use by an end user, is disclosed. In an exemplary embodiment of the invention, the method includes receiving from the certification authority, in response to a certificate request by the end user, a plurality of data fields corresponding to a target host system, the end user, and a form of proof of identity possession by the end user. The content of the plurality of data fields is analyzed and the accuracy thereof is verified. If the plurality of data fields is verified as accurate, then a signed object is sent to the certification authority, the signed object comprising the proof of possession confirmation.

7543147, Jun 2, 2009

Oct 28, 2004

10/975955

Messaoud B. Benantar - Austin TX, US
Thomas L. Gindin - Potomac MD, US
James W. Sweeny - Milbrook NY, US

International Business Machines Corporation - Armonk NY

H04L 9/00

713175, 713155, 713156, 713182, 726 5, 726 6, 726 18, 726 27

A method for creating a proof of possession confirmation for inclusion by an attribute certificate authority into an attribute certificate, the attribute certificate for use by an end user. The method includes receiving from the attribute certificate authority in response to a request by the end user, a plurality of data fields corresponding to a target system, the identity of the end user, and a proof of identity possession by the end user. The method further includes preparing a data structure corresponding to an authorization attribute of the attribute certificate, the data structure including a target system name, the identity of the end user, and the key identifier of the end user. Using a private key associated with the target system, the method includes signing the data structure resulting in a proof of possession confirmation, and sending the proof of possession confirmation to the attribute certificate authority for inclusion into the attribute certificate.

20030065920, Apr 3, 2003

Oct 1, 2001

09/968126

Messaoud Benantar - Austin TX, US
John Dayka - New Paltz NY, US
Thomas Gindin - Potomac MD, US
James Sweeny - Millbrook NY, US

International Business Machines Corporation - Armonk NY

H04L009/00

713/175000

A method and apparatus for creating a digital certificate for a subject in an information handling system in which users of a host system authenticate themselves to the host system by presenting a host user ID and a host password. The host system has a host authentication system associated with it for automatically authenticating users to the host system using the host authentication information. Upon receiving a certification request from a subject, a certificate authority determines whether the certification request is for a general user certificate or for a host user certificate. If the certification request is for a general user certificate, the certificate authority places the request in a queue for processing by a human administrator. If the certification request is for a host user certificate, the certificate authority obtains a host user ID and password from the requester and authenticates the requester by presenting this host authentication information to the host authentication system. The host authentication system authenticates the requester by comparing the password presented by the requester with the password stored in the record of the host user registry corresponding to the user ID presented by the requester. If the requester is authenticated by the host authentication system as being a host user, the certificate authority creates a host user certificate for the requester. The host user certificate assigns to the requester a common name that is the obtained from the host user registry rather than from the requester.

6854056, Feb 8, 2005

Sep 21, 2000

09/667090

Messaoud Benantar - Austin TX, US
Thomas L. Gindin - Potomac MD, US
Ivan Milman - Austin TX, US

International Business Machines Corporation - Armonk NY

H04L009/00
G06F011/30

713156, 713155, 713168, 713182, 713201, 380282, 709227, 709229

A method or system is presented for coupling identities through the use of digital certificates, thereby allowing a client to be authenticated for a variety of services without those services having to modify their existing methods of authentication. The client generates a request for a digital certificate containing its host identity for a targeted host and secret data associated with its host identity. The secret data has been encrypted using the public key of the certifying authority that receives the request for the digital certificate. The certifying authority decrypts the secret data using its private key and encrypts the secret data using the public key of the targeted host. The digital certificate is then generated and returned to the client. At some point in time, a host receives the certificate from the client and obtains the client's host identity from the certificate, i. e. the host identity uniquely identifies the client or the user of the client to the host.