-
1.发明申请METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) 有权公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置公开(公告)号:US20120210129A1
公开(公告)日:2012-08-16
申请号:US13452408
申请日:2012-04-20
IPC分类号: H04L9/30
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates.
摘要翻译: 提供了外部组织路径长度(EOPL)验证的方法。 组织的依赖方节点从外部组织的主题节点接收认证请求。 然后,依赖方节点从证书链中获得并评估证书,所述证书链将主体节点链接到依赖方节点的信任锚点,其中,来自证书链的至少一个证书包括启用的外部组织标志(EOF)和/ 或外部组织路径长度约束(EOPLC)。 当依赖方节点确定从证书链中的证书中启用的EOF的总数量超过证书链中的证书的最低EOPLC值时,依赖方节点使主体节点的认证无效。
-
2.发明申请METHOD AND DEVICE FOR DYNAMIC DEPLOYMENT OF TRUST BRIDGES IN AN AD HOC WIRELESS NETWORK 有权在无线网络中动态分配信任桥的方法和设备公开(公告)号:US20090276841A1
公开(公告)日:2009-11-05
申请号:US12112319
申请日:2008-04-30
申请人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
发明人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , H04W84/12
摘要: A method for deploying a trust bridge in an ad hoc wireless network can provide interoperability for multi-organizational authentication. The method includes processing at a delegate certification authority (DCA) node device authorizations received from of a plurality of certification authorities (CAs) of different organizations, where the authorizations authorize the DCA node device to serve as a DCA representing the CAs (step 1105). The DCA node device then processes context information received from the ad hoc wireless network (step 1110). Next, the DCA node device determines, based on the context information, that a second node device should be enabled as a new trust bridge (step 1115). The DCA node device then performs a trust bridge deployment to enable the second node device to serve as the new trust bridge (step 1120).
摘要翻译: 在自组织无线网络中部署信任网桥的方法可以为多机构认证提供互操作性。 该方法包括在来自不同组织的多个认证机构(CA)的接收认证机构(DCA)节点设备授权处理,其中授权授权DCA节点设备充当代表CA的DCA(步骤1105) 。 DCA节点设备然后处理从自组织无线网络接收的上下文信息(步骤1110)。 接下来,DCA节点设备基于上下文信息确定第二节点设备应该被启用为新的信任桥(步骤1115)。 DCA节点设备然后执行信任桥部署以使得第二节点设备能够用作新的信任桥(步骤1120)。
-
公开(公告)号:US11418318B2
公开(公告)日:2022-08-16
申请号:US11465620
申请日:2006-08-18
摘要: A portable electronic device is operable as a portable certification authority. The portable electronic device stores a pair of keys of a public key infrastructure, issued by a parent certification authority and generates a certificate dependent upon the pair of keys. The private key and corresponding public key certificate are transmitted to a network device of a second agency to allow the device to be authenticated by any node of the network of the first agency that posses anchor information of the parent certification authority. This enables the device of the second agency to be authenticated by a network node of the first agency.
-
4.发明授权Method and apparatus for external organization path length validation within a public key infrastructure (PKI) 有权公共密钥基础设施(PKI)内外部组织路径长度验证的方法和装置公开(公告)号:US08484461B2
公开(公告)日:2013-07-09
申请号:US12241566
申请日:2008-09-30
IPC分类号: H04L9/30
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
摘要翻译: 提供了一种用于外部组织(EO)路径长度(EOPL)验证的方法和装置。 依赖方节点(RPN)存储当前EO路径长度约束(EOPLC)值,以及维持实际外部组织路径长度计数的EOPL计数器。 RPN获得将主节点(SN)链接到其信任锚点的证书链,并处理链中的证书。 当证书具有比当前EOPLC值更低的EOPLC时,RPN用较低的EOPLC替换当前的EOPLC值。 当当前正在评估的证书包含启用的EO标志时,RPN将EOPL计数器递增1。 当EOPL计数器大于当前EOPLC值时,EOPL验证失败,并且当链中的最后剩余证书被处理而不使EOPL计数器超过当前EOPLC值时,EOPL验证失败。
-
5.发明申请METHOD AND APPARATUS FOR EXTERNAL ORGANIZATION PATH LENGTH VALIDATION WITHIN A PUBLIC KEY INFRASTRUCTURE (PKI) 有权公共关键基础设施(PKI)中外部组织路线长度验证的方法和装置公开(公告)号:US20100082975A1
公开(公告)日:2010-04-01
申请号:US12241566
申请日:2008-09-30
IPC分类号: H04L9/00
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
摘要翻译: 提供了一种用于外部组织(EO)路径长度(EOPL)验证的方法和装置。 依赖方节点(RPN)存储当前EO路径长度约束(EOPLC)值,以及维持实际外部组织路径长度计数的EOPL计数器。 RPN获得将主节点(SN)链接到其信任锚点的证书链,并处理链中的证书。 当证书具有比当前EOPLC值更低的EOPLC时,RPN用较低的EOPLC替换当前的EOPLC值。 当当前正在评估的证书包含启用的EO标志时,RPN将EOPL计数器递增1。 当EOPL计数器大于当前EOPLC值时,EOPL验证失败,并且在链中的最后剩余证书被处理而不使EOPL计数器超过当前EOPLC值时,EOPL验证失败。
-
6.发明授权Method and system for mutual authentication of wireless communication network nodes 有权无线通信网络节点相互认证的方法和系统公开(公告)号:US08862881B2
公开(公告)日:2014-10-14
申请号:US11420968
申请日:2006-05-30
CPC分类号: H04L63/0869 , H04L9/3273 , H04L2209/80 , H04W12/04 , H04W12/06 , H04W84/18
摘要: A method and system for mutually authenticating a first node and a second node operating in a wireless communication network enables mutual authentication when the first node and the second node are unable to directly authenticate each other. The method includes identifying, at the first node, a third node that can authenticate both the first node and the second node (step 215). Authentication data for authenticating the first node with the third node is then transmitted from the first node to the third node (step 220). Keying material that is received from the third node is then processed at the first node (step 225). A shared secret mutual authentication protocol is then processed, whereby the first node and the second node are mutually authenticated by proving that they each have authenticated with the third node and each have the keying material (step 230).
摘要翻译: 在第一节点和第二节点不能直接相互认证的情况下,用于相互认证第一节点和在无线通信网络中操作的第二节点的方法和系统使得能够进行相互认证。 该方法包括在第一节点处识别能够认证第一节点和第二节点的第三节点(步骤215)。 然后从第一节点向第三节点发送用于认证具有第三节点的第一节点的认证数据(步骤220)。 然后在第一节点处处理从第三节点接收的键控材料(步骤225)。 然后处理共享秘密相互认证协议,由此第一节点和第二节点通过证明它们各自已经与第三节点认证并且每个具有密钥材料来相互认证(步骤230)。
-
7.发明授权Method and apparatus for external organization path length validation within a public key infrastructure (PKI) 有权公共密钥基础设施(PKI)内外部组织路径长度验证的方法和装置公开(公告)号:US08726012B2
公开(公告)日:2014-05-13
申请号:US13452408
申请日:2012-04-20
IPC分类号: H04L29/06
CPC分类号: G06F21/33 , G06F2221/2145 , H04L9/007 , H04L9/3265 , H04L63/064 , H04L63/0823
摘要: A method for external organization path length (EOPL) validation is provided. A relying party node of an organization receives an authentication request from a subject node of an external organization. The relying party node then obtains and evaluates certificates from a chain of certificates that link the subject node to a trust anchor of the relying party node wherein, at least one certificate from the chain of certificates comprises an enabled external organization flag (EOF) and/or an external organization path length constraint (EOPLC). The relying party node invalidates authentication of the subject node when the relying party node determines that a total number of enabled EOFs from certificates in the chain of certificates exceeds the lowest EOPLC value from certificates in the chain of certificates.
摘要翻译: 提供了外部组织路径长度(EOPL)验证的方法。 组织的依赖方节点从外部组织的主题节点接收认证请求。 然后,依赖方节点从证书链中获得并评估证书,所述证书链将主体节点链接到依赖方节点的信任锚点,其中,来自证书链的至少一个证书包括启用的外部组织标志(EOF)和/ 或外部组织路径长度约束(EOPLC)。 当依赖方节点确定从证书链中的证书中启用的EOF的总数量超过证书链中的证书的最低EOPLC值时,依赖方节点使主体节点的认证无效。
-
8.发明授权Method and device for dynamic deployment of trust bridges in an ad hoc wireless network 有权用于在自组织无线网络中动态部署信任网桥的方法和设备公开(公告)号:US08539225B2
公开(公告)日:2013-09-17
申请号:US12112319
申请日:2008-04-30
申请人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
发明人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04W84/12
摘要: A method for deploying a trust bridge in an ad hoc wireless network can provide interoperability for multi-organizational authentication. The method includes processing at a delegate certification authority (DCA) node device authorizations received from of a plurality of certification authorities (CAs) of different organizations, where the authorizations authorize the DCA node device to serve as a DCA representing the CAs (step 1105). The DCA node device then processes context information received from the ad hoc wireless network (step 1110). Next, the DCA node device determines, based on the context information, that a second node device should be enabled as a new trust bridge (step 1115). The DCA node device then performs a trust bridge deployment to enable the second node device to serve as the new trust bridge (step 1120).
摘要翻译: 在自组织无线网络中部署信任网桥的方法可以为多机构认证提供互操作性。 该方法包括在来自不同组织的多个认证机构(CA)的接收认证机构(DCA)节点设备授权处理,其中授权授权DCA节点设备充当代表CA的DCA(步骤1105) 。 DCA节点设备然后处理从自组织无线网络接收的上下文信息(步骤1110)。 接下来,DCA节点设备基于上下文信息确定第二节点设备应该被启用为新的信任桥(步骤1115)。 DCA节点设备然后执行信任桥部署以使得第二节点设备能够用作新的信任桥(步骤1120)。
-
公开(公告)号:US07793103B2
公开(公告)日:2010-09-07
申请号:US11464744
申请日:2006-08-15
IPC分类号: H04L9/32
CPC分类号: H04L9/0891 , G06Q20/3674 , H04L9/083 , H04L9/0838 , H04L2209/80 , H04W12/04 , H04W84/18
摘要: An ad hoc network includes a first node, a second node, and a third node. The first node and second node share a first shared secret key, and the first node and third node share a second shared secret key. The second node and third node share a temporal key. The first node generates a unique key, encrypts the unique key with a first shared secret key to generate a first encrypted unique key and transmits the first encrypted unique key to the second node. The first node encrypts the unique key with a second shared secret key to generate a second encrypted unique key and transmits the second encrypted unique key to the third node. To establish the temporal key, the second node decrypts the first encrypted unique key and the third node decrypts the second encrypted unique key thereby each generating the unique key.
摘要翻译: 自组织网络包括第一节点,第二节点和第三节点。 第一节点和第二节点共享第一共享秘密密钥,并且第一节点和第三节点共享第二共享秘密密钥。 第二节点和第三节点共享一个临时密钥。 第一节点生成唯一密钥,用第一共享秘密密钥加密唯一密钥以生成第一加密唯一密钥,并将第一加密唯一密钥发送到第二节点。 第一节点用第二个共享秘密密钥加密唯一密钥,以生成第二加密唯一密钥,并将第二加密唯一密钥发送到第三个节点。 为了建立时间密钥,第二节点解密第一加密唯一密钥,第三节点解密第二加密唯一密钥,从而每个生成唯一密钥。
-
10.发明授权Method and system for propagating mutual authentication data in wireless communication networks 有权在无线通信网络中传播相互认证数据的方法和系统公开(公告)号:US07561551B2
公开(公告)日:2009-07-14
申请号:US11380118
申请日:2006-04-25
IPC分类号: H04W4/00
CPC分类号: H04L63/0869 , H04L63/0823 , H04L63/166 , H04W12/06 , H04W84/18 , H04W88/04 , H04W92/18
摘要: A method and system for propagating mutual authentication data in both a first wireless communication network and a second wireless communication network is useful for unifying wireless communication networks. The method includes mutually authenticating a first node operating in the first network and a second node operating in the second network (step 205). A unification message is then transmitted from the first node to a third node operating in the second network, where the unification message indicates that the first node is authenticated with the second network (step 210). In response to the unification message, authentication messages from the third node and the second node are then relayed through the first node, for mutually authenticating the third node and the second node (step 215).
摘要翻译: 在第一无线通信网络和第二无线通信网络中传播相互认证数据的方法和系统对于统一无线通信网络是有用的。 该方法包括相互认证在第一网络中操作的第一节点和在第二网络中操作的第二节点(步骤205)。 然后,统一消息从第一节点发送到在第二网络中操作的第三节点,其中统一消息指示第一节点被第二网络认证(步骤210)。 响应于统一消息,来自第三节点和第二节点的认证消息然后通过第一节点进行中继,用于相互认证第三节点和第二节点(步骤215)。
-
-
-
-
-
-
-
-
-
搜索结果
24 条记录 (耗时 0.019 秒)
