This invention relates generally to providing a signed digital certificate in real time and, more particularly, to network-based methods and systems for registering, verifying, and signing a digital certificate in real time by a service provider computer system for a developer computer device so that the developer computer device can communicate with the service provider computer system through an open application programming interface (API) architecture.
There are service provider companies that provide a variety of services to numerous consumers. These service provider companies utilize computer systems to provide these services. For example, in the financial industry, companies such as large banks, interchange networks and payment networks provide certain financial services to consumers, companies and other banks. Oftentimes, these service provider companies provide services that include receiving, processing and storing financial data in computer systems managed by the service provider companies. In many cases, access to this financial data is restricted to certain approved users. Restricting access to such financial data provides at least some protection for the data. However, it also limits the potential uses of the data.
Software developers around the world are able to develop computer programs, sometimes called applications, that are configured to utilize data such as the data stored within computer systems used by certain service provider companies. Of course, in order for these computer programs to use such data, the developer programs must be able to access the data. One way to access the data stored by these service provider companies is through an open application programming interface (API).
By allowing software developers to access data stored within computer system used by these service provider companies, the service provider companies are able to leverage these developer applications as well as increase their transaction volume. Thus, by providing this data access to developers, these service provider companies are able to provide additional services to both existing and new customers, which in turn improves the profitability of these companies. However, the providing of such data access also creates certain risks and challenges for the service provider companies.
At least one known technique for authenticating a message request sent by a developer computer device to a service provider computer system is through the use of a digital signature. A digital signature can be used for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Thus, a service provider computer system can provide access to a developer computer device when the developer computer device submits a message request that has been digitally signed and authenticated by the service provider computer system.
However, in these known cases, in order for the developer computer device to use a digital signature that can be authenticated by the service provider computer system, the developer computer device must register with the service provider by submitting registration data including a certificate signing request (CSR) to the service provider computer system. The service provider manually reviews the registration data, and, if the service provider approves the developer, signs and returns the certificate to the developer via the developer computer device.
Unfortunately, in at least some of these known cases, hundreds and sometimes thousands of developers are seeking to obtain access on a daily basis to a service provider computer system. In these cases, the developers submit registration data and CSRs to the service provider for review and approval. This review and approval process can be extremely time consuming and costly for the service provider.
Accordingly, it would be desirable to provide a computer system having an open API for use by certain service provider companies that is configured to automatically review, verify, and approve in real time registration data including CSRs that are submitted by developer computers such that the developer computers can gain access to the service provider computer systems.