-
公开(公告)号:US09306932B2
公开(公告)日:2016-04-05
申请号:US13328334
申请日:2011-12-16
IPC分类号: H04L29/06
CPC分类号: H04L63/0823
摘要: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).
-
公开(公告)号:US08984283B2
公开(公告)日:2015-03-17
申请号:US13197079
申请日:2011-08-03
CPC分类号: H04L9/3268 , H04L9/3263 , H04L63/0823
摘要: Methods and apparatuses for validating the status of digital certificates include a relying party receiving at least one digital certificate and determining if the at least one digital certificate is to be validated against a private certificate status database. The relying party accesses the private certificate status database and cryptographically validates the authenticity of data in the private certificate status database. The relying party also validates the at least one digital certificate based on information in at least one of the private certificate status database and a public certificate status database.
摘要翻译: 用于验证数字证书的状态的方法和装置包括依赖方接收至少一个数字证书,并确定是否要针对私人证书状态数据库验证至少一个数字证书。 依赖方访问私有证书状态数据库,并密码验证私有证书状态数据库中数据的真实性。 依赖方还基于至少一个私有证书状态数据库和公共证书状态数据库中的信息来验证至少一个数字证书。
-
3.发明授权Method and device for enabling a trust relationship using an unexpired public key infrastructure (PKI) certificate 有权使用未到期公钥基础设施(PKI)证书启用信任关系的方法和设备公开(公告)号:US08826006B2
公开(公告)日:2014-09-02
申请号:US12262761
申请日:2008-10-31
申请人: Liang Guo , Whay Chiou Lee , Anthony R. Metke
发明人: Liang Guo , Whay Chiou Lee , Anthony R. Metke
CPC分类号: H04L9/3268 , H04L9/006 , H04L9/0891 , H04L9/321
摘要: A method and device are useful for enabling a trust relationship using an unexpired public key infrastructure (PKI) certificate, where a current status of the PKI certificate is unavailable. The method includes determining at a relying party that a certificate status update for the PKI certificate is unavailable (step 905). Next, in response to the certificate status update being unavailable, a tolerable certificate status age (TCSA) for the PKI certificate is determined at the relying party based on one or more attributes associated with a certificate holder of the PKI certificate (step 910). Using the PKI certificate, a trust relationship is enabled between the relying party and the certificate holder after determining the TCSA and before an expiration of the TCSA (step 915).
摘要翻译: 方法和设备对于使用未到期的公钥基础设施(PKI)证书启用信任关系是有用的,其中PKI证书的当前状态不可用。 该方法包括在依赖方确定PKI证书的证书状态更新不可用(步骤905)。 接下来,响应于证书状态更新不可用,基于与PKI证书的证书持有者相关联的一个或多个属性,在依赖方确定PKI证书的可容忍证书状态年龄(TCSA)(步骤910)。 使用PKI证书,在确定TCSA之后和TCSA到期之前,依赖方和证书持有者之间启用信任关系(步骤915)。
-
公开(公告)号:US08149737B2
公开(公告)日:2012-04-03
申请号:US11199783
申请日:2005-08-09
IPC分类号: H04L12/44
CPC分类号: H04W72/082 , H04W74/04 , H04W84/04
摘要: A method and system for data transmission by computational devices in a wireless network (100) are disclosed. A computational device (102) organizes the wireless network in a hierarchical topology having at least one root node and updates a list of interferers and a list of descendents. Then, the computational device allocates a Contention Free Period (CFP) slot to each computational device in the wireless network based on at least one of the list of interferers and the list of descendents and transmits data during the allocated CFP slot.
摘要翻译: 公开了一种用于在无线网络(100)中的计算设备进行数据传输的方法和系统。 计算设备(102)以具有至少一个根节点的分层拓扑组织无线网络,并更新干扰源列表和后代列表。 然后,计算设备基于干扰源列表和后代列表中的至少一个,在无线网络中的每个计算设备上分配无竞争周期(CFP)时隙,并在所分配的CFP时隙期间发送数据。
-
5.发明申请METHOD AND DEVICE FOR ENABLING A TRUST RELATIONSHIP USING AN EXPIRED PUBLIC KEY INFRASTRUCTURE (PKI) CERTIFICATE 有权使用已过期的公开密钥基础结构(PKI)证书启用信任关系的方法和设备公开(公告)号:US20100115267A1
公开(公告)日:2010-05-06
申请号:US12262786
申请日:2008-10-31
申请人: Liang Guo , Whay Chiou Lee , Anthony R. Metke
发明人: Liang Guo , Whay Chiou Lee , Anthony R. Metke
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/006 , H04L9/3268 , H04L2209/80
摘要: A method and device are useful for enabling a trust relationship using an expired public key infrastructure (PKI) certificate. The method includes determining at a relying party a maximum permissible grace period during which the PKI certificate can be conditionally granted a valid status (step 905). Next, at the relying party an uncertainty interval is determined, during which the relying party is unable to detect a revocation of the PKI certificate (step 910). A certificate grace period is then determined at the relying party from a function of the maximum permissible grace period, the uncertainty interval and at least one attribute defined in the PKI certificate (step 915). Using the PKI certificate, a trust relationship is then enabled between the relying party and a certificate holder of the PKI certificate, after determining the grace period and before an expiration of the grace period (step 920).
摘要翻译: 一种方法和设备对于使用过期的公共密钥基础设施(PKI)证书启用信任关系很有用。 该方法包括在依赖方确定PKI证书有条件地被授予有效状态的最大允许宽限期(步骤905)。 接下来,在依赖方确定不确定性间隔,在该期间,依赖方不能检测到PKI证书的撤销(步骤910)。 然后根据最大允许宽限期,不确定性间隔和PKI证书中定义的至少一个属性的功能,在依赖方确定证书宽限期(步骤915)。 使用PKI证书,在确定宽限期之后和宽限期到期之前,在依赖方与PKI证书的证书持有者之间启用信任关系(步骤920)。
-
6.发明申请METHOD AND DEVICE FOR DYNAMIC DEPLOYMENT OF TRUST BRIDGES IN AN AD HOC WIRELESS NETWORK 有权在无线网络中动态分配信任桥的方法和设备公开(公告)号:US20090276841A1
公开(公告)日:2009-11-05
申请号:US12112319
申请日:2008-04-30
申请人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
发明人: Liang Guo , Qi Bao , Donald E. Eastlake, III , Whay Chiou Lee , Anthony R. Metke
IPC分类号: H04L9/32
CPC分类号: H04L63/0823 , H04W84/12
摘要: A method for deploying a trust bridge in an ad hoc wireless network can provide interoperability for multi-organizational authentication. The method includes processing at a delegate certification authority (DCA) node device authorizations received from of a plurality of certification authorities (CAs) of different organizations, where the authorizations authorize the DCA node device to serve as a DCA representing the CAs (step 1105). The DCA node device then processes context information received from the ad hoc wireless network (step 1110). Next, the DCA node device determines, based on the context information, that a second node device should be enabled as a new trust bridge (step 1115). The DCA node device then performs a trust bridge deployment to enable the second node device to serve as the new trust bridge (step 1120).
摘要翻译: 在自组织无线网络中部署信任网桥的方法可以为多机构认证提供互操作性。 该方法包括在来自不同组织的多个认证机构(CA)的接收认证机构(DCA)节点设备授权处理,其中授权授权DCA节点设备充当代表CA的DCA(步骤1105) 。 DCA节点设备然后处理从自组织无线网络接收的上下文信息(步骤1110)。 接下来,DCA节点设备基于上下文信息确定第二节点设备应该被启用为新的信任桥(步骤1115)。 DCA节点设备然后执行信任桥部署以使得第二节点设备能够用作新的信任桥(步骤1120)。
-
公开(公告)号:US20090109870A1
公开(公告)日:2009-04-30
申请号:US11924859
申请日:2007-10-26
申请人: Anthony R. Metke , Randy L. Ekl
发明人: Anthony R. Metke , Randy L. Ekl
IPC分类号: H04L12/28
CPC分类号: H04W40/32 , H04L45/46 , H04L63/104 , H04L63/20 , H04W12/06
摘要: A method for merging of ad hoc network partitions within an ad hoc network, the method includes forming a plurality of network partitions by forming a security association among each of a group of partitioned nodes. Each network partition includes a Network Identifier. A node operating within one of the network partitions receives an update message from another node, compares its current Network Identifier to the received Network Identifier; and determines whether to update to the received Network Identifier using an arbitration method when the received Network Identifier is different from the current Network Identifier.
摘要翻译: 一种用于在自组织网络内合并自组织网络分区的方法,所述方法包括通过在一组分区节点中的每一个之间形成安全关联来形成多个网络分区。 每个网络分区包括一个网络标识符。 在一个网络分区内运行的节点从另一个节点接收更新消息,将其当前的网络标识符与接收到的网络标识符进行比较; 并且当所接收的网络标识符与当前网络标识符不同时,确定是否使用仲裁方法来更新所接收的网络标识符。
-
公开(公告)号:US20080046716A1
公开(公告)日:2008-02-21
申请号:US11465620
申请日:2006-08-18
IPC分类号: H04L9/00
CPC分类号: H04L9/006 , H04L9/3263 , H04L63/06 , H04L63/0823 , H04L2209/80
摘要: A portable electronic device is operable as a portable certification authority. The portable electronic device stores a pair of keys of a public key infrastructure, issued by a parent certification authority and generates a certificate dependent upon the pair of keys. The private key and corresponding public key certificate are transmitted to a network device of a second agency to allow the device to be authenticated by any node of the network of the first agency that posses anchor information of the parent certification authority. This enables the device of the second agency to be authenticated by a network node of the first agency.
摘要翻译: 便携式电子设备可操作为便携式认证机构。 便携式电子设备存储由父证书颁发机构颁发的公开密钥基础设施的一对密钥,并且生成依赖于一对密钥的证书。 私钥和相应的公钥证书被发送到第二代理机构的网络设备,以允许设备由具有父认证机构的锚定信息的第一代理机构的网络的任何节点进行认证。 这使得第二代理机构的设备能够被第一代理机构的网络节点认证。
-
9.发明申请Method and apparatus for providing a supplicant access to a requested service 有权用于向请求的服务提供请求者访问的方法和装置公开(公告)号:US20070143605A1
公开(公告)日:2007-06-21
申请号:US11311959
申请日:2005-12-19
申请人: Anthony R. Metke , Bob D. LoGalbo
发明人: Anthony R. Metke , Bob D. LoGalbo
IPC分类号: H04L9/00
摘要: Providing a supplicant access to at least one requested service is described. An authentication request is received, wherein the authentication request comprises an association request and an identifier to a requested service. A relationship between the supplicant and the requested service based on the association request is created. Then, the association request for the requested service is fulfilled and an authentication server based upon the requested service identified in the authentication request is determined. Finally, the supplicant is authenticated for the requested service.
摘要翻译: 描述对至少一个所请求的服务的请求者访问。 接收认证请求,其中所述认证请求包括关联请求和对所请求服务的标识符。 创建基于关联请求的请求者与请求的服务之间的关系。 然后,满足对所请求服务的关联请求,并且确定基于认证请求中标识的请求服务的认证服务器。 最后,请求者对所请求的服务进行身份验证。
-
10.发明申请METHOD AND DEVICE FOR DYNAMICALLY UPDATING AND MAINTAINING CERTIFICATE PATH DATA ACROSS REMOTE TRUST DOMAINS 审中-公开用于通过远程信任域动态更新和维护证书路径数据的方法和设备公开(公告)号:US20140068251A1
公开(公告)日:2014-03-06
申请号:US13601214
申请日:2012-08-31
IPC分类号: H04L29/06
CPC分类号: H04L63/0823 , H04L9/006 , H04L9/3265
摘要: A method and device is provided for dynamically maintaining and updating public key infrastructure (PKI) certificate path data across remote trusted domains to enable relying parties to efficiently authenticate other nodes in an autonomous ad-hoc network. A certificate path management unit (CPMU) monitors a list of sources for an occurrence of a life cycle event capable of altering an existing PKI certificate path data. Upon determining that the life cycle event has occurred, the CPMU calculates a new PKI certificate path data to account for the occurrence of the life cycle event and provides the new PKI certificate path data to at least one of a relying party in a local domain or a remote CPMU in a remote domain.
摘要翻译: 提供了一种方法和设备,用于在远程可信域之间动态地维护和更新公共密钥基础设施(PKI)证书路径数据,以使依赖方有效地认证自治自组织网络中的其他节点。 证书路径管理单元(CPMU)监视能够改变现有PKI证书路径数据的生命周期事件发生的源的列表。 在确定生命周期事件已经发生时,CPMU计算新的PKI证书路径数据以考虑生命周期事件的发生,并将新的PKI证书路径数据提供给本地域中的依赖方中的至少一个或 远程域中的远程CPMU。
-
-
-
-
-
-
-
-
-
搜索结果
67 条记录 (耗时 0.031 秒)
