公开(公告)号：US07500097B2

公开(公告)日：2009-03-03

申请号：US11069803

申请日：2005-02-28

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

IPC分类号： H04L9/00 ,  G06F7/04 ,  G06F17/30

CPC分类号： H04L63/0823

摘要： An improved certificate issuing system may comprise a novel arrangement for expressing certificate issuing policy. The policy may be expressed in a human-readable policy expression language and stored for example in a file that is consumed by a certificate issuing system at runtime. The policy may thus be easily changed by altering the digital file. Certain techniques are also provided for extending the capabilities of the certificate issuing system so it may apply and enforce new policies.

摘要翻译： 改进的证书颁发系统可以包括用于表达证书颁发策略的新颖的安排。 该策略可以以人类可读的策略表达语言表示，并且存储在例如在运行时由证书颁发系统消耗的文件中。 因此，通过改变数字文件可以容易地改变策略。 还提供了某些技术来扩展证书颁发系统的能力，以便它可以应用和执行新的策略。

公开(公告)号：US07509489B2

公开(公告)日：2009-03-24

申请号：US11077920

申请日：2005-03-11

申请人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

发明人： Gregory Kostal ,  Muthukrishnan Paramasivam ,  Ravindra Nath Pandya ,  Scott C. Cottrille ,  Vasantha K Ravula ,  Vladimir Yarmolenko ,  Charles F. Rose, III ,  Yuhui Zhong

IPC分类号： H04L9/00 ,  G06F7/04 ,  G06F17/30

CPC分类号： G06F21/33 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/102 ,  H04L2209/68

摘要： An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

摘要翻译： 改进的证书颁发系统可以包括用于将来自证书和证书请求从第一格式转换为第二格式的证书转换引擎。 然后证书颁发引擎可以以通用格式的传入请求进行操作。 发卡引擎可以根据证书颁发政策向客户颁发证书。 该策略可以表示为可以在运行时消费的策略表达式语言中的数据，其提供了灵活且有效地改变发布策略。 发放的证书可以翻译成请求客户端使用的格式。 在将证书交付给请求的客户端之前，这种翻译可由翻译引擎执行。