-
1.发明申请METHOD AND DEVICE FOR CONFIRMING AUTHENTICITY OF A PUBLIC KEY INFRASTRUCTURE (PKI) TRANSACTION EVENT 有权公开密钥基础设施(PKI)交易事件确认方法和设备公开(公告)号:US20100070755A1
公开(公告)日:2010-03-18
申请号:US12212032
申请日:2008-09-17
IPC分类号: H04L9/00
CPC分类号: H04L63/0442 , H04L63/12
摘要: A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.
摘要翻译: 用于确认通信网络中的依赖节点和主体节点之间的公共密钥基础设施(PKI)事务事件的真实性的方法和设备能够改善网络安全性。 根据一些实施例,该方法包括在PKI事件记录(PEL)服务器处建立与依赖节点进行安全通信的过程(步骤705)。 接下来,PEL服务器处理从依赖节点接收的报告的PKI事务事件数据(步骤710)。 报告的PKI事务事件数据描述依赖节点和主体节点之间的PKI事务事件。 然后将所报告的PKI事务事件数据从PEL服务器发送到主题节点(步骤715)。 因此,主体节点可以将报告的PKI事务事件数据与对应的本地PKI事务事件数据进行比较,以确认PKI事务事件的真实性。
-
2.发明申请METHOD AND APPARATUS FOR DISTRIBUTING CERTIFICATE REVOCATION LISTS (CRLs) TO NODES IN AN AD HOC NETWORK 有权分发证券交易所(CRL)到广告网络中的节目的方法和装置公开(公告)号:US20090249062A1
公开(公告)日:2009-10-01
申请号:US12059666
申请日:2008-03-31
IPC分类号: H04L9/32
CPC分类号: H04L9/3268 , H04L63/0823 , H04L2209/60 , H04L2209/80 , H04W12/06 , H04W84/18
摘要: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).
摘要翻译: 提供了一种在自组织网络中分发证书吊销列表(CRL)信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息(一个或多个)。 每个CRLAM包括发行者证书颁发机构(CA)字段,用于标识颁发特定证书吊销列表(CRL)的证书颁发机构(CA),证书撤销列表(CRL)序列号字段,其指定指定版本的版本的证书颁发机构 特定证书撤销列表(CRL)由发行者证书颁发机构(CA)颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表(CRL)。
-
3.发明申请METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS 审中-公开用于通过远程信任域动态更新和维护证书路径数据的方法和设备公开(公告)号:US20140068251A1
公开(公告)日:2014-03-06
申请号:US13601214
申请日:2012-08-31
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/006 , H04L9/3265
摘要: A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.
摘要翻译: 提供了一种方法和设备,用于在远程可信域之间动态地维护和更新公共密钥基础设施(PKI)证书路径数据,以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元(CPMU)监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时,CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生,并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。
-
4.发明授权Method and device for distributing public key infrastructure (PKI) certificate path data 有权用于分发公钥基础设施(PKI)证书路径数据的方法和设备公开(公告)号:US08595484B2
公开(公告)日:2013-11-26
申请号:US12181694
申请日:2008-07-29
IPC分类号: H04L9/00
CPC分类号: H04L9/3268 , H04L9/007 , H04L9/3265 , H04L2209/80
摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.
摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。
-
5.发明授权Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network 有权将证书撤销列表(CRL)分发到自组织网络中的节点的方法和装置公开(公告)号:US08438388B2
公开(公告)日:2013-05-07
申请号:US12059666
申请日:2008-03-31
IPC分类号: H04L9/32
CPC分类号: H04L9/3268 , H04L63/0823 , H04L2209/60 , H04L2209/80 , H04W12/06 , H04W84/18
摘要: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).
摘要翻译: 提供了一种在自组织网络中分发证书吊销列表(CRL)信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息(一个或多个)。 每个CRLAM包括发行者证书颁发机构(CA)字段,用于标识颁发特定证书吊销列表(CRL)的证书颁发机构(CA),证书撤销列表(CRL)序列号字段,其指定指定版本的版本的证书颁发机构 特定证书撤销列表(CRL)由发行者证书颁发机构(CA)颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表(CRL)。
-
6.发明申请METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA 有权分配公钥基础结构(PKI)证书路径数据的方法和设备公开(公告)号:US20100031027A1
公开(公告)日:2010-02-04
申请号:US12181694
申请日:2008-07-29
IPC分类号: H04L9/00
CPC分类号: H04L9/3268 , H04L9/007 , H04L9/3265 , H04L2209/80
摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.
摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。
-
7.发明授权Method and device for confirming authenticity of a public key infrastructure (PKI) transaction event 有权用于确认公钥基础设施(PKI)交易事件真实性的方法和设备公开(公告)号:US08751791B2
公开(公告)日:2014-06-10
申请号:US12212032
申请日:2008-09-17
CPC分类号: H04L63/0442 , H04L63/12
摘要: A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step 705). Next, the PEL server processes reported PKI transaction event data received from the relying node (step 710). The reported PKI transaction event data describe the PKI transaction event between the relying node and the subject node. The reported PKI transaction event data are then transmitted from the PEL server to the subject node (step 715). The subject node can thus compare the reported PKI transaction event data with corresponding local PKI transaction event data to confirm the authenticity of the PKI transaction event.
摘要翻译: 用于确认通信网络中的依赖节点和主体节点之间的公共密钥基础设施(PKI)事务事件的真实性的方法和设备能够改善网络安全性。 根据一些实施例,该方法包括在PKI事件记录(PEL)服务器处建立与依赖节点进行安全通信的过程(步骤705)。 接下来,PEL服务器处理从依赖节点接收的报告的PKI事务事件数据(步骤710)。 报告的PKI事务事件数据描述依赖节点和主体节点之间的PKI事务事件。 然后将报告的PKI事务事件数据从PEL服务器发送到主题节点(步骤715)。 因此,主体节点可以将报告的PKI事务事件数据与对应的本地PKI事务事件数据进行比较,以确认PKI事务事件的真实性。
-
公开(公告)号:US09306932B2
公开(公告)日:2016-04-05
申请号:US13328334
申请日:2011-12-16
IPC分类号: H04L29/06
CPC分类号: H04L63/0823
摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).
-
公开(公告)号:US08984283B2
公开(公告)日:2015-03-17
申请号:US13197079
申请日:2011-08-03
CPC分类号: H04L9/3268 , H04L9/3263 , H04L63/0823
摘要: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.
摘要翻译: 用于验证数字证书的状态的方法和装置包括依赖方接收至少一个数字证书,并确定是否要针对私人证书状态数据库验证至少一个数字证书。 依赖方访问私有证书状态数据库,并密码验证私有证书状态数据库中数据的真实性。 依赖方还基于至少一个私有证书状态数据库和公共证书状态数据库中的信息来验证至少一个数字证书。
-
公开(公告)号:US20130159703A1
公开(公告)日:2013-06-20
申请号:US13328334
申请日:2011-12-16
IPC分类号: H04L29/06
CPC分类号: H04L63/0823
摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).
-
-
-
-
-
-
-
-
-
搜索结果
22 条记录 (耗时 0.018 秒)
