公开(公告)号：US20160142216A1

公开(公告)日：2016-05-19

申请号：US14945411

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： STEVEN K. TURNER ,  MARK A. BOERGER ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  CHRIS A. KRUEGEL ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/321

Abstract: A Public Key Infrastructure (PM) device receives a certificate signing request (CSR) from an end entity. The PKI device obtains at least one of: a controlling attribute of at least one PKI device associated with processing of the certificate signing request and a controlling attribute associated with the CSR. The PKI device obtains an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute. Based on the obtained EEPO, the PKI device determines at least one attribute and at least one value associated with the attribute this is to be included in a certificate and issues, to the end entity, the certificate including the at least one attribute.

Abstract translation: 公共密钥基础设施（PM）设备从终端实体接收证书签发请求（CSR）。 所述PKI设备获得以下至少一个：与所述证书签名请求的处理相关联的至少一个PKI设备的控制属性和与所述CSR相关联的控制属性。 PKI设备基于至少一个获得的控制属性获得与终端实体相关联的终端实体策略对象（EEPO）。 基于所获得的EEPO，PKI设备确定至少一个属性，并且与该属性相关联的至少一个值被包括在证书中，并向终端实体发出包括至少一个属性的证书。

公开(公告)号：US20160142215A1

公开(公告)日：2016-05-19

申请号：US14945405

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： CHRIS A. KRUEGEL ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS ,  STEVEN K. TURNER

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  H04L9/006 ,  H04L9/3268

Abstract: A certificate management processor (CMP) in a public key infrastructure (PKI) receives a request for a certificate management operation. The CMP determines that the request is associated with at least one of an end entity and a service. The CMP identifies a certificate management identifier associated with at least one of the end entity and the service. The CMP retrieves at least one status associated with the certificate management identifier and/or at least one status associated with the certificate management operation. The CMP performs the certificate management operation on a certificate when the retrieved at least one status is determined to not be suspended.

Abstract translation: 公共密钥基础设施（PKI）中的证书管理处理器（CMP）接收证书管理操作的请求。 CMP确定该请求与终端实体和服务中的至少一个相关联。 CMP标识与终端实体和服务中的至少一个相关联的证书管理标识符。 CMP检索与证书管理标识符相关联的至少一个状态和/或与证书管理操作相关联的至少一个状态。 当检索到的至少一个状态被确定为不被暂停时，CMP对证书执行证书管理操作。

公开(公告)号：US20210067349A1

公开(公告)日：2021-03-04

申请号：US16556594

申请日：2019-08-30

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： CHRIS A. KRUEGEL ,  STEVEN K. TURNER ,  MARK SHAHAF

IPC: H04L9/32 ,  H04L9/30

Abstract: A method, mobile device, and PKI are provided for enrolling a mobile device into a PKI domain for certificate management is provided. A first asymmetric key pair and a unique identifier is established in a device. The first asymmetric key pair includes a public key and a private key. The public key and the unique identifier are transferred to the PKI domain. The public key and the unique identifier are imported into the PKI domain. The device generates a second asymmetric kay pair and sends a certificate signing request (CSR) that is protected with the digital signature of the first asymmetric key pair. The CSR is transferred to the PKI domain. The PKI domain authenticates the CSR using the first public key and the unique identifier. Upon validation, the PKI domain issues a certificate to the device.