利索-全球专利检索

  1. 登录
  2. 注册
发明授权
US07984479B2 Policy-based security certificate filtering 失效
基于策略的安全证书过滤

Policy-based security certificate filtering
摘要:
Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要(中):

策略过滤服务内置在执行环境的安全处理中,用于解决如何处理通信实体的数字安全证书,而不需要通过证书颁发机构(“CA”)链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则(或其他策略格式)来指定策略。 在确定所需的根CA证书不可用时,优选地在握手期间调用该过滤。 在一种方法中,策略使用规则来规定允许证书的条件(即被视为已被验证)以及指定证书被阻止的条件的其他规则(即被视为无效)。 优选地,按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开/授权文献
信息查询
Espacenet
0/0