A secure end-to-end communications system provides end users access to vault-based
custom applications of an organization for purposes of conducting electronic commerce.
The system includes a web-based vault controller running an application, e.g. a
registrations application in a vault cryptographically linked to a database and
a Certificate Management System (CMS) for generating digital certificates, and
at least one remote vault agent coupled to the vault controller for providing vault-based
custom applications to end users. An X.500 directory is coupled to the CMS and
cryptographically linked to the remote vault agents for storing end user data.
The remote vault agent is an application which comprises a collection of Application
Programming Interfaces (APIs) which provide a secure interface to the vault controller;
a Lightweight Data Access Protocol (LDAP) used to access the X.500 directory; a
secure depositor coupled to vault-based custom applications of an organization.
The secure depositor includes APIs to perform cryptographic functions in passing
communications between vaults used by the vault agent and vaults used by the vault
controller or vaults used by other vault agent applications and a secure depositor
library which uses functions in the LDAP to access the X.500 directory. The remote
vault agent accesses the web based vault controller on a non-web basis to enable
remote custom applications to communicate securely with vault-based applications,
such as a registration application that administers digital certificates.
