利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

1 条记录 (耗时 0.011 秒)

    Cryptographic system and methodology for creating and managing crypto policy on certificate servers
    1.
    发明授权
    Cryptographic system and methodology for creating and managing crypto policy on certificate servers 有权
    用于在证书服务器上创建和管理加密策略的密码系统和方法

    公开(公告)号:US06336186B1

    公开(公告)日:2002-01-01

    申请号:US09156266

    申请日:1998-09-16

    申请人: Marc David Dyksterhouse Jonathan David Callas Mark James McArdle

    发明人: Marc David Dyksterhouse Jonathan David Callas Mark James McArdle

    IPC分类号: H04L900

    CPC分类号: G06F21/602 G06F21/6218 G06F2221/2141

    摘要: A cryptosystem having a Certificate (Key) Server for storing and maintaining certificate or key information in a certificate database is described. The Certificate Server allows clients to submit and retrieve keys from a database based on a set of policy constraints which are set for one's particular site (e.g., company). Access to the Certificate Server is maintained by a Certificate Policy Agent, which makes sure that the policy is enforced for a given site based on the information supplied during the configuration. During operation, the Certificate Server responds to client requests to add, search for, and retrieve certificates. The server accepts or rejects certificates based on configurable parameters enforced by a Certificate Policy Agent. When a certificate is submitted to the server, the Certificate Policy Agent checks to see if it meets the criteria for a given site based on the settings specified during the configuration. Exemplary types of checks that the Certificate Policy Agent can enforce include checking to see if the key has been signed by the appropriate entities and checking to see if the signatures or User IDs associated with a key are approved for submission. If the submission criteria established during the configuration are met, the key is accepted by the server. If the key being submitted does not pass the policy requirements, it is rejected and (optionally) a copy is placed in a “pending bucket” where the key can subsequently be examined by the system administrator to determine if the key should be allowed on the server.

    摘要翻译: 描述了具有用于在证书数据库中存储和维护证书或密钥信息的证书(密钥)服务器的密码系统。 证书服务器允许客户端基于为特定站点(例如公司)设置的一组策略约束,从数据库提交和检索密钥。 证书服务器的访问由证书策略代理维护,这将确保根据配置期间提供的信息为给定站点强制实施该策略。 在运行期间,证书服务器响应客户端请求以添加,搜索和检索证书。 服务器根据证书策略代理执行的可配置参数接受或拒绝证书。 当证书提交给服务器时,证书策略代理将根据配置中指定的设置来检查是否符合给定站点的条件。 证书策略代理可以执行的示例性类型的检查包括检查密钥是否已被相应实体签名,并检查与密钥相关联的签名或用户ID是否被批准提交。 如果在配置期间建立的提交标准得到满足,则该密钥将被服务器接受。 如果提交的密钥没有通过策略要求,则它被拒绝,并且(可选地)将副本放置在“挂起的桶”中,其中密钥随后可被系统管理员检查以确定是否应该允许密钥在 服务器。