Policy-based security certificate filtering

发明授权

US08458768B2 Policy-based security certificate filtering 有权

标题翻译：基于策略的安全证书过滤

请登陆查看更多内容

专利标题： Policy-based security certificate filtering
专利标题（中）： 基于策略的安全证书过滤
申请号： US13111907

申请日： 2011-05-19
公开(公告)号： US08458768B2

公开(公告)日： 2013-06-04
发明人: Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
申请人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
申请人地址： US NY Armonk
专利权人： International Business Machines Corporation
当前专利权人： International Business Machines Corporation
当前专利权人地址： US NY Armonk
代理商 Marcia L. Doubet
主分类号： H04L29/06
IPC分类号： H04L29/06

Policy-based security certificate filtering

摘要：

Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要（中）：

策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体相关联的根证书的本地副本。可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开/授权文献

US20110219442A1 Policy-Based Security Certificate Filtering 公开/授权日：2011-09-08

信息查询

Espacenet