公开(公告)号：US20180103068A1

公开(公告)日：2018-04-12

申请号：US15840702

申请日：2017-12-13

Applicant: eBay Inc.

Inventor： Michael Dean Kleinpeter ,  Raju Venkata Kolluru

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/44

CPC classification number: H04L63/20 ,  G06F21/445 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/062 ,  H04L63/0823 ,  H04L2209/56

Abstract: Systems and methods to rotate security assets used for secure communication are described. The system retrieves security assets from a security asset repository, the security assets including a first version of the certificate and a second version of the certificate. Further, the system receives, over a network, a third certificate, at a client machine, the third certificate being received from the first remote server machine of the plurality of remote server machines. Further, the system identifies, at the client machine, whether a first remote server machine associated with the first subject name is trusted by identifying whether the third certificate matches any one of the first version of the certificate and the second version of the certificate. Finally, the system establishes a secure communication session with the first remote server machine based on identifying that the first remote server is trusted.

公开(公告)号：US09172541B2

公开(公告)日：2015-10-27

申请号：US14516196

申请日：2014-10-16

Applicant: eBay Inc.

Inventor： Raju Venkata Kolluru ,  Michael Dean Kleinpeter ,  Liam Sean Lynch ,  Christopher J. Kasten ,  Rajesh Kanungo

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/33 ,  G06Q20/02 ,  G06Q20/38 ,  G06Q20/40

CPC classification number: H04L9/3247 ,  G06F21/33 ,  G06F2221/2129 ,  G06Q20/02 ,  G06Q20/3829 ,  G06Q20/40 ,  G06Q20/4014 ,  H04L9/32 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/126

Abstract: A computer-implemented system and method for pool-based identity generation and use for service access is disclosed. The method in an example embodiment includes seeding an identity generator with a private key; retrieving independently verifiable data corresponding to a service consumer; using the independently verifiable data to create signed assertions corresponding to the service consumer; generating a non-portable identity document associated with the service consumer, the identity document including the signed assertions; signing the identity document with the private key; and conveying the signed identity document to the service consumer via a secure link.

Abstract translation: 公开了一种用于基于池的身份生成和用于服务访问的计算机实现的系统和方法。 示例实施例中的方法包括使用私钥对身份生成器进行种子化; 检索对应于服务消费者的独立可验证数据; 使用可独立验证的数据来创建与服务消费者相对应的签名断言; 生成与服务消费者相关联的非便携式身份证件，身份证件包括签名的断言; 用私钥签署身份证件; 并通过安全链接将签名的身份证件传送给服务使用者。