公开(公告)号：US09503269B2

公开(公告)日：2016-11-22

申请号：US14278991

申请日：2014-05-15

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： Erwin Himawan ,  Anthony R. Metke ,  Shanthi E. Thomas

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/00

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/3265 ,  H04L63/0823

Abstract: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

Abstract translation: 证书颁发者（210）可以从至少一个基于服务器的证书验证协议（SCVP）应答器（SCVP）应答器（210）向所支持的依赖方（205）周期性地请求，接收和存储当前基于服务器的证书验证协议（SCVP）订书钉（225） 215）。 证书发行者（210）可以从依赖方（205）之一接收联系发起请求（220）。 响应于接收到联系发起请求（220），证书发行者（210）可以从适用于依赖方（205）的订购订书钉中识别当前的SCVP订书钉。 证书发行者（210）可以向联系方（205）传送对联系发起请求（220）的响应。 该响应可以包括所识别的SCVP订书钉和证书颁发者的公钥基础设施（PKI）证书（230）。 SCVP订书钉可以验证PKI证书（230）和依赖方（205）信任的不同证书之间的认证路径。

公开(公告)号：US09344455B2

公开(公告)日：2016-05-17

申请号：US14447257

申请日：2014-07-30

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： Erwin Himawan ,  Anthony R Metke ,  George Popovich ,  Shanthi E Thomas

IPC: H04L29/06 ,  H04L9/00 ,  H04W12/08 ,  H04W12/04 ,  H04L9/32 ,  H04L12/46 ,  G06F21/62

CPC classification number: H04L63/20 ,  H04L9/3234 ,  H04L12/4633 ,  H04L63/04 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/205

Abstract: A first communication device having a secure access to a security module establishes a collaborative network by forming a collaborative security association with a second communication device associated with a user of the first communication device. The first communication device (a) sends an advertisement of services associated with the security module to the second communication device and receives an advertisement response from the second communication device or (b) receives a solicitation request for services associated with the security module from the second communication device. Responsive to receiving one of the advertisement response and the solicitation request, the first communication device determines whether the second communication device is authorized to access the security module. The first communication device processes and forwards security service messages between the second communication device and the security module, in response to determining that the second communication device is authorized to access the security module.

Abstract translation: 具有对安全模块的安全访问的第一通信设备通过与与第一通信设备的用户相关联的第二通信设备形成协作安全关联来建立协作网络。 第一通信设备（a）向第二通信设备发送与安全模块相关联的服务的广告，并从第二通信设备接收广告响应，或（b）从第二通信设备接收与安全模块相关联的服务的请求请求 通讯装置 响应于接收广告响应和请求请求之一，第一通信设备确定第二通信设备是否被授权访问安全模块。 响应于确定第二通信设备被授权访问安全模块，第一通信设备在第二通信设备和安全模块之间处理和转发安全服务消息。

公开(公告)号：US09055036B2

公开(公告)日：2015-06-09

申请号：US13780378

申请日：2013-02-28

Applicant: Motorola Solutions, Inc.

Inventor： Erwin Himawan

IPC: H04L29/00 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/123

Abstract: A first device initiates a handshake message exchange with a second device according to a security protocol. The first device determines that an application datagram is to be transmitted according to a first transport protocol that limits a size of a datagram based on a defined size. The first device also determines that an application datagram size is larger than the defined size. The first device fragments the application datagram if the application datagram size is larger than the defined size and secures the application datagram with the security protocol. The first device also encapsulates the application datagram fragments in handshake messages, wherein an encapsulated application datagram fragment is transmitted from the first device to the second device in a first security protocol record. The first device may also transmit, to the second device, another application datagram secured with the security protocol.

Abstract translation: 第一设备根据安全协议发起与第二设备的握手消息交换。 第一设备确定应该根据限定基于规定大小的数据报的大小的第一传输协议传输应用数据报。 第一个设备还确定应用程序数据报大小大于定义的大小。 如果应用程序数据报大小大于定义的大小，则第一个设备将应用程序数据报分片，并使用安全协议保护应用程序数据报。 第一设备还将应用数据报片段封装在握手消息中，其中封装的应用数据报片段在第一安全协议记录中从第一设备传输到第二设备。 第一设备还可以向第二设备发送利用安全协议保护的另一个应用数据报。

公开(公告)号：US20140245453A1

公开(公告)日：2014-08-28

申请号：US13780378

申请日：2013-02-28

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Erwin Himawan

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/123

Abstract: A first device initiates a handshake message exchange with a second device according to a security protocol. The first device determines that an application datagram is to be transmitted according to a first transport protocol that limits a size of a datagram based on a defined size. The first device also determines that an application datagram size is larger than the defined size. The first device fragments the application datagram if the application datagram size is larger than the defined size and secures the application datagram with the security protocol. The first device also encapsulates the application datagram fragments in handshake messages, wherein an encapsulated application datagram fragment is transmitted from the first device to the second device in a first security protocol record. The first device may also transmit, to the second device, another application datagram secured with the security protocol.

Abstract translation: 第一设备根据安全协议发起与第二设备的握手消息交换。 第一设备确定应该根据限定基于规定大小的数据报的大小的第一传输协议传输应用数据报。 第一个设备还确定应用程序数据报大小大于定义的大小。 如果应用程序数据报大小大于定义的大小，则第一个设备将应用程序数据报分片，并使用安全协议保护应用程序数据报。 第一设备还将应用数据报片段封装在握手消息中，其中封装的应用数据报片段在第一安全协议记录中从第一设备传输到第二设备。 第一设备还可以向第二设备发送利用安全协议保护的另一个应用数据报。