公开(公告)号：US20160142215A1

公开(公告)日：2016-05-19

申请号：US14945405

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： CHRIS A. KRUEGEL ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS ,  STEVEN K. TURNER

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  H04L9/006 ,  H04L9/3268

Abstract: A certificate management processor (CMP) in a public key infrastructure (PKI) receives a request for a certificate management operation. The CMP determines that the request is associated with at least one of an end entity and a service. The CMP identifies a certificate management identifier associated with at least one of the end entity and the service. The CMP retrieves at least one status associated with the certificate management identifier and/or at least one status associated with the certificate management operation. The CMP performs the certificate management operation on a certificate when the retrieved at least one status is determined to not be suspended.

Abstract translation: 公共密钥基础设施（PKI）中的证书管理处理器（CMP）接收证书管理操作的请求。 CMP确定该请求与终端实体和服务中的至少一个相关联。 CMP标识与终端实体和服务中的至少一个相关联的证书管理标识符。 CMP检索与证书管理标识符相关联的至少一个状态和/或与证书管理操作相关联的至少一个状态。 当检索到的至少一个状态被确定为不被暂停时，CMP对证书执行证书管理操作。

公开(公告)号：US20180048638A1

公开(公告)日：2018-02-15

申请号：US15234180

申请日：2016-08-11

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： ADAM C. LEWIS ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/53 ,  G06F2009/45587 ,  H04L9/3228 ,  H04L9/3268 ,  H04L63/06 ,  H04L63/0807

Abstract: A method and is provided for obtaining a vetted certificate for a microservice in an elastic cloud environment. The microservice receives a one-time authentication credential. The microservice utilizes the one-time authentication credential to obtain a client secret. The microservice obtains an access token and CSR (Certificate Signing Request) attributes using the client secret and constructs a CSR utilizing the CSR attributes. The microservice requests a vetted certificate from a Certificate Authority (CA) and includes the access token and the CSR in the request. If the access token and the CSR pass vetting at the CA, the CA sends a vetted certificate to the microservice.

公开(公告)号：US20160182489A1

公开(公告)日：2016-06-23

申请号：US14577841

申请日：2014-12-19

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： ADAM C. LEWIS ,  RICHARD S. PIEPHO ,  SHANTHI E. THOMAS

IPC: H04L29/06

CPC classification number: H04L63/0815 ,  H04L63/083

Abstract: A single sign-on server associated with a single sign-on client authenticates a user of a device. Subsequent to the authenticating, the single sign-on client receives a request for an authentication token from a single sign-on enabled application operating on the device. The single sign-on client determines whether an application lock flag for the single sign-on enabled application is set. Responsive to the determining, the single sign-on client provides the authentication token to the single sign-on enabled application when the application lock flag is not set and withholds the authentication token from the single sign-on enabled application when the application lock flag is set.

Abstract translation: 与单一登录客户端关联的单一登录服务器将验证设备的用户。 在认证之后，单点登录客户端从在设备上操作的单一登录启用应用程序接收到认证令牌的请求。 单点登录客户端确定是否设置了启用单一登录的应用程序锁定标志。 响应于确定，当应用程序锁定标志未设置时，单一登录客户端向单一登录启用的应用程序提供身份验证令牌，当应用程序锁定标志为 组。

公开(公告)号：US20160142216A1

公开(公告)日：2016-05-19

申请号：US14945411

申请日：2015-11-18

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： STEVEN K. TURNER ,  MARK A. BOERGER ,  ANDRZEJ GRZESIK ,  ERWIN HIMAWAN ,  CHRIS A. KRUEGEL ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/321

Abstract: A Public Key Infrastructure (PM) device receives a certificate signing request (CSR) from an end entity. The PKI device obtains at least one of: a controlling attribute of at least one PKI device associated with processing of the certificate signing request and a controlling attribute associated with the CSR. The PKI device obtains an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute. Based on the obtained EEPO, the PKI device determines at least one attribute and at least one value associated with the attribute this is to be included in a certificate and issues, to the end entity, the certificate including the at least one attribute.

Abstract translation: 公共密钥基础设施（PM）设备从终端实体接收证书签发请求（CSR）。 所述PKI设备获得以下至少一个：与所述证书签名请求的处理相关联的至少一个PKI设备的控制属性和与所述CSR相关联的控制属性。 PKI设备基于至少一个获得的控制属性获得与终端实体相关联的终端实体策略对象（EEPO）。 基于所获得的EEPO，PKI设备确定至少一个属性，并且与该属性相关联的至少一个值被包括在证书中，并向终端实体发出包括至少一个属性的证书。

公开(公告)号：US20160127353A1

公开(公告)日：2016-05-05

申请号：US14528762

申请日：2014-10-30

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： SHANTHI E. THOMAS ,  ANTHONY R. METKE ,  MARK D. SEABORN

IPC: H04L29/06

CPC classification number: H04L63/0823 ,  H04L9/006 ,  H04L9/3268 ,  H04L63/06

Abstract: In a method a public key infrastructure (PKI) device receives a certificate signing request (CSR) and an identity assertion cryptographically bound to an end entity issuing the CSR. The PKI device validates the authenticity and integrity of the CSR using the identity assertion. In response to validating the authenticity and integrity of the CSR, the PKI device issues a certificate based on at least one of the CSR and fields in the identity assertion.

Abstract translation: 在公钥基础设施（PKI）设备的方法中，接收证书签发请求（CSR）以及加密地绑定到发布CSR的终端实体的身份断言。 PKI设备使用身份断言验证CSR的真实性和完整性。 响应验证CSR的真实性和完整性，PKI设备基于身份断言中的至少一个CSR和字段发布证书。

公开(公告)号：US20150372824A1

公开(公告)日：2015-12-24

申请号：US14278991

申请日：2014-05-15

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： ERWIN HIMAWAN ,  ANTHONY R. METKE ,  SHANTHI E. THOMAS

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/3265 ,  H04L63/0823

Abstract: A certificate issuer (210) can periodically request, receive, and store current server-based certificate validation protocol (SCVP) staples (225) for supported relying parties (205) from at least one server-based certificate validation protocol (SCVP) responder (215). The certificate issuer (210) can receive a contact initiation request (220) from one of the relying parties (205). Responsive to receiving the contact initiation request (220), the certificate issuer (210) can identify a current SCVP staple from the saved staples that is applicable to the relying party (205). The certificate issuer (210) can conveying a response to the contact initiation request (220) to the relying party (205). The response can comprise the identified SCVP staple and a public key infrastructure (PKI) certificate (230) of the certificate issuer. The SCVP staple can validate a certification path between the PKI certificate (230) and a different certificate trusted by the relying party (205).

Abstract translation: 证书颁发者（210）可以从至少一个基于服务器的证书验证协议（SCVP）应答器（SCVP）应答器（210）向所支持的依赖方（205）周期性地请求，接收和存储当前基于服务器的证书验证协议（SCVP）订书钉（225） 215）。 证书发行者（210）可以从依赖方（205）之一接收联系发起请求（220）。 响应于接收到联系发起请求（220），证书发行者（210）可以从适用于依赖方（205）的订购订书钉中识别当前的SCVP订书钉。 证书发行者（210）可以向联系方（205）传送对联系发起请求（220）的响应。 该响应可以包括所识别的SCVP订书钉和证书颁发者的公钥基础设施（PKI）证书（230）。 SCVP订书钉可以验证PKI证书（230）和依赖方（205）信任的不同证书之间的认证路径。