公开(公告)号：US20160142215A1

公开(公告)日：2016-05-19

申请号：US14945405

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： CHRIS A. KRUEGEL ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS ,  STEVEN K. TURNER

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  H04L9/006 ,  H04L9/3268

Abstract: A certificate management processor (CMP) in a public key infrastructure (PKI) receives a request for a certificate management operation. The CMP determines that the request is associated with at least one of an end entity and a service. The CMP identifies a certificate management identifier associated with at least one of the end entity and the service. The CMP retrieves at least one status associated with the certificate management identifier and/or at least one status associated with the certificate management operation. The CMP performs the certificate management operation on a certificate when the retrieved at least one status is determined to not be suspended.

Abstract translation: 公共密钥基础设施（PKI）中的证书管理处理器（CMP）接收证书管理操作的请求。 CMP确定该请求与终端实体和服务中的至少一个相关联。 CMP标识与终端实体和服务中的至少一个相关联的证书管理标识符。 CMP检索与证书管理标识符相关联的至少一个状态和/或与证书管理操作相关联的至少一个状态。 当检索到的至少一个状态被确定为不被暂停时，CMP对证书执行证书管理操作。

公开(公告)号：US20160036854A1

公开(公告)日：2016-02-04

申请号：US14447257

申请日：2014-07-30

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： ERWIN HIMAWAN ,  ANTHONY R METKE ,  GEORGE POPOVICH ,  SHANTHI E THOMAS

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/08

CPC classification number: H04L63/20 ,  H04L9/3234 ,  H04L12/4633 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/205

Abstract: A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module.

Abstract translation: 具有对安全模块的安全访问的第一通信设备通过与与第一通信设备的用户相关联的第二通信设备形成协作安全关联来建立协作网络。 第一通信设备（a）向第二通信设备发送与安全模块相关联的服务的广告，并从第二通信设备接收广告响应，或（b）从第二通信设备接收与安全模块相关联的服务的请求请求 通讯装置 响应于接收广告响应和请求请求之一，第一通信设备确定第二通信设备是否被授权访问安全模块。 响应于确定第二通信设备被授权访问安全模块，第一通信设备在第二通信设备和安全模块之间处理和转发安全服务消息。

公开(公告)号：US20160142216A1

公开(公告)日：2016-05-19

申请号：US14945411

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： STEVEN K. TURNER ,  MARK A. BOERGER ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  CHRIS A. KRUEGEL ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/321

Abstract: A Public Key Infrastructure (PM) device receives a certificate signing request (CSR) from an end entity. The PKI device obtains at least one of: a controlling attribute of at least one PKI device associated with processing of the certificate signing request and a controlling attribute associated with the CSR. The PKI device obtains an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute. Based on the obtained EEPO, the PKI device determines at least one attribute and at least one value associated with the attribute this is to be included in a certificate and issues, to the end entity, the certificate including the at least one attribute.

Abstract translation: 公共密钥基础设施（PM）设备从终端实体接收证书签发请求（CSR）。 所述PKI设备获得以下至少一个：与所述证书签名请求的处理相关联的至少一个PKI设备的控制属性和与所述CSR相关联的控制属性。 PKI设备基于至少一个获得的控制属性获得与终端实体相关联的终端实体策略对象（EEPO）。 基于所获得的EEPO，PKI设备确定至少一个属性，并且与该属性相关联的至少一个值被包括在证书中，并向终端实体发出包括至少一个属性的证书。

公开(公告)号：US20150372824A1

公开(公告)日：2015-12-24

申请号：US14278991

申请日：2014-05-15

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： ERWIN HIMAWAN ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/3265 ,  H04L63/0823

Abstract: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

Abstract translation: 证书颁发者（210）可以从至少一个基于服务器的证书验证协议（SCVP）应答器（SCVP）应答器（210）向所支持的依赖方（205）周期性地请求，接收和存储当前基于服务器的证书验证协议（SCVP）订书钉（225） 215）。 证书发行者（210）可以从依赖方（205）之一接收联系发起请求（220）。 响应于接收到联系发起请求（220），证书发行者（210）可以从适用于依赖方（205）的订购订书钉中识别当前的SCVP订书钉。 证书发行者（210）可以向联系方（205）传送对联系发起请求（220）的响应。 该响应可以包括所识别的SCVP订书钉和证书颁发者的公钥基础设施（PKI）证书（230）。 SCVP订书钉可以验证PKI证书（230）和依赖方（205）信任的不同证书之间的认证路径。