发明申请
US20100082975A1 METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI)
有权
公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置
- 专利标题: METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI)
- 专利标题(中): 公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置
-
申请号: US12241566申请日: 2008-09-30
-
公开(公告)号: US20100082975A1公开(公告)日: 2010-04-01
- 发明人: Anthony R. Metke , Donald E. Eastlake, III
- 申请人: Anthony R. Metke , Donald E. Eastlake, III
- 申请人地址: US IL Schaumburg
- 专利权人: Motorola, Inc.
- 当前专利权人: Motorola, Inc.
- 当前专利权人地址: US IL Schaumburg
- 主分类号: H04L9/00
- IPC分类号: H04L9/00
摘要:
A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
公开/授权文献
信息查询
