Methods for establishing a secure point-to-point call on a trunked network
    1.
    发明授权
    Methods for establishing a secure point-to-point call on a trunked network 有权
    在集群网络上建立安全点对点呼叫的方法

    公开(公告)号:US08724812B2

    公开(公告)日:2014-05-13

    申请号:US12983067

    申请日:2010-12-31

    IPC分类号: H04L9/08

    摘要: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.

    摘要翻译: 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处,使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个,并分配业务信道。 此外,响应于该请求,控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。

    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS
    2.
    发明申请
    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS 有权
    用于安全转发对称加密密钥的方法和设备

    公开(公告)号:US20110026714A1

    公开(公告)日:2011-02-03

    申请号:US12511731

    申请日:2009-07-29

    IPC分类号: H04L9/08 H04L9/00

    摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

    摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

    Methods and device for secure transfer of symmetric encryption keys
    3.
    发明授权
    Methods and device for secure transfer of symmetric encryption keys 有权
    用于安全传输对称加密密钥的方法和设备

    公开(公告)号:US08509448B2

    公开(公告)日:2013-08-13

    申请号:US12511731

    申请日:2009-07-29

    IPC分类号: G06F21/00

    摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

    摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS
    4.
    发明申请
    METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS 审中-公开
    用于通过远程信任域动态更新和维护证书路径数据的方法和设备

    公开(公告)号:US20140068251A1

    公开(公告)日:2014-03-06

    申请号:US13601214

    申请日:2012-08-31

    IPC分类号: H04L29/06

    摘要: A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.

    摘要翻译: 提供了一种方法和设备,用于在远程可信域之间动态地维护和更新公共密钥基础设施(PKI)证书路径数据,以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元(CPMU)监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时,CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生,并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。

    Method and device for distributing public key infrastructure (PKI) certificate path data
    5.
    发明授权
    Method and device for distributing public key infrastructure (PKI) certificate path data 有权
    用于分发公钥基础设施(PKI)证书路径数据的方法和设备

    公开(公告)号:US08595484B2

    公开(公告)日:2013-11-26

    申请号:US12181694

    申请日:2008-07-29

    IPC分类号: H04L9/00

    摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

    摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。

    Utilizing a stapling technique with a server-based certificate validation protocol to reduce overhead for mobile communication devices

    公开(公告)号:US09306932B2

    公开(公告)日:2016-04-05

    申请号:US13328334

    申请日:2011-12-16

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0823

    摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

    Private certificate validation method and apparatus
    7.
    发明授权
    Private certificate validation method and apparatus 有权
    私人证书验证方法和设备

    公开(公告)号:US08984283B2

    公开(公告)日:2015-03-17

    申请号:US13197079

    申请日:2011-08-03

    摘要: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.

    摘要翻译: 用于验证数字证书的状态的方法和装置包括依赖方接收至少一个数字证书,并确定是否要针对私人证书状态数据库验证至少一个数字证书。 依赖方访问私有证书状态数据库,并密码验证私有证书状态数据库中数据的真实性。 依赖方还基于至少一个私有证书状态数据库和公共证书状态数据库中的信息来验证至少一个数字证书。

    UTILIZING A STAPLING TECHNIQUE WITH A SERVER-BASED CERTIFICATE VALIDATION PROTOCOL TO REDUCE OVERHEAD FOR MOBILE COMMUNICATION DEVICES

    公开(公告)号:US20130159703A1

    公开(公告)日:2013-06-20

    申请号:US13328334

    申请日:2011-12-16

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0823

    摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

    Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network
    9.
    发明授权
    Method and apparatus for distributing certificate revocation lists (CRLs) to nodes in an ad hoc network 有权
    将证书撤销列表(CRL)分发到自组织网络中的节点的方法和装置

    公开(公告)号:US08438388B2

    公开(公告)日:2013-05-07

    申请号:US12059666

    申请日:2008-03-31

    IPC分类号: H04L9/32

    摘要: A method and apparatus for distributing Certificate Revocation List (CRL) information in an ad hoc network are provided. Ad hoc nodes in an ad hoc network can each transmit one or more certificate revocation list advertisement message(s) (CRLAM(s)). Each CRLAM includes an issuer certification authority (CA) field that identifies a certification authority (CA) that issued a particular certificate revocation list (CRL), a certificate revocation list (CRL) sequence number field that specifies a number that specifies the version of the particular certificate revocation list (CRL) that was issued by the issuer certification authority (CA). Nodes that receive the CRLAMs can then use the CRL information provided in the CRLAM to determine whether to retrieve the particular certificate revocation list (CRL).

    摘要翻译: 提供了一种在自组织网络中分发证书吊销列表(CRL)信息的方法和装置。 自组织网络中的自组织节点可以各自发送一个或多个证书撤销列表通告消息(一个或多个)。 每个CRLAM包括发行者证书颁发机构(CA)字段,用于标识颁发特定证书吊销列表(CRL)的证书颁发机构(CA),证书撤销列表(CRL)序列号字段,其指定指定版本的版本的证书颁发机构 特定证书撤销列表(CRL)由发行者证书颁发机构(CA)颁发。 接收CRLAM的节点可以使用CRLAM中提供的CRL信息来确定是否检索特定的证书吊销列表(CRL)。

    METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA
    10.
    发明申请
    METHOD AND DEVICE FOR DISTRIBUTING PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE PATH DATA 有权
    分配公钥基础结构(PKI)证书路径数据的方法和设备

    公开(公告)号:US20100031027A1

    公开(公告)日:2010-02-04

    申请号:US12181694

    申请日:2008-07-29

    IPC分类号: H04L9/00

    摘要: A method and device for distributing public key infrastructure (PKI) certificate path data enables relying nodes to efficiently authenticate other nodes in an autonomous ad-hoc network. The method includes compiling, at a certificate path management unit (CPMU), the PKI certificate path data (step 405). One or more available certificate paths are then determined at the CPMU for at least one relying node (step 410). Next, the PKI certificate path data are distributed by transmitting a certificate path data message from the CPMU to the at least one relying node (step 415). The certificate path data message includes information identifying one or more trusted certification authorities associated with the one or more available certificate paths.

    摘要翻译: 用于分发公共密钥基础设施(PKI)证书路径数据的方法和设备使得依赖节点有效地认证自治自组织网络中的其他节点。 该方法包括在证书路径管理单元(CPMU)下编译PKI证书路径数据(步骤405)。 然后在CPMU为至少一个依赖节点确定一个或多个可用证书路径(步骤410)。 接下来,通过从CPMU向至少一个依赖节点发送证书路径数据消息来分发PKI证书路径数据(步骤415)。 证书路径数据消息包括标识与一个或多个可用证书路径相关联的一个或多个可信证书颁发机构的信息。