Browse Prior Art Database

A mechanism for importing a governmental office's certificate to JRE running on applicant's PC

IP.com Disclosure Number: IPCOM000016429D
Original Publication Date: 2003-Feb-24
Included in the Prior Art Database: 2003-Jun-21
Document File: 2 page(s) / 112K

Publishing Venue

IBM

Abstract

Disclosed is a mechanism for importing a governmental office's certificate to JRE running on applicant's PC. In an online application system that Japanese government promotes, a digital signature is necessary for an XML application form. When the applicant applies online from a browser, usually a signed applet is used for a digital signature. To keep this signed applet to be browser independent, JRE, which runs as a broswer plug-in, is used in general.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

  A mechanism for importing a governmental office's certificate to JRE running on applicant's PC

Disclosed is a mechanism for importing a governmental office's certificate to
JRE running on applicant's PC.

In an online application system that Japanese government promotes, a digital
signature is necessary for an XML application form.

When the applicant applies online from a browser, usually a signed applet is
used for a digital signature.

To keep this signed applet to be browser independent, JRE, which runs as a
broswer plug-in, is used in general.

Since governmental office's certificate is not granted as a trusted CA in JRE
by default, unlike that of VeriSign, a security dialog pop-up will appear
warning the security certificate is not issued from a trusted authority, when
the applet is signed with the governmental office's certificate.

In order to avoid this message, it is nessesary to embed governmental office's
certificate to JRE keystore, where certificates are kept. Usually, one types
a Java command to import the certificate, however it is not easy to ask all
people and companyies to do this. Therefore, a mechanism to embed the
certificate automatically is established, and is described in the following
flow.

[1.installation of JRE]
(1) The applicant downloads the JRE installation program from Sun Microsystems
Corp. homepage, and installs it on his/her PC. JRE is now ready to function
as a browser plug-in, and signed applet can run on the browser using it.

[2.installing governmental office's server-side SSL certificate]
(2) Download governmental office's root certificate (CER file) from
governmental office's homepage, and import it to the certificate store of the
applicant's browser.
(3) Verify whether it has the same finger-print with the certification
published in governmental office's homepage.

[3.installing governmental office's JRE certificate]
(4) Governmental office site prepares a Java program that automatically
installs the certification into JRE, embeds the root certificate of the
governmental office and creates a signed applet by signing it with its secret
key. The applicant accesses the governmental office's homepage by server-side
SSL, and connects to the download page that has this applet. This time,
because of the certificate that signed the applet, a security...