CN101816140A - 用于pki个性化过程的基于令牌的管理*** - Google Patents
用于pki个性化过程的基于令牌的管理*** Download PDFInfo
- Publication number
- CN101816140A CN101816140A CN200880100714.2A CN200880100714A CN101816140A CN 101816140 A CN101816140 A CN 101816140A CN 200880100714 A CN200880100714 A CN 200880100714A CN 101816140 A CN101816140 A CN 101816140A
- Authority
- CN
- China
- Prior art keywords
- token
- pki
- work station
- hardware token
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
Abstract
Description
Claims (20)
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US95241907P | 2007-07-27 | 2007-07-27 | |
US60/952,419 | 2007-07-27 | ||
US12/175,444 | 2008-07-17 | ||
US12/175,444 US8392702B2 (en) | 2007-07-27 | 2008-07-17 | Token-based management system for PKI personalization process |
PCT/US2008/070832 WO2009018032A1 (en) | 2007-07-27 | 2008-07-23 | Token-based management system for pki personalization process |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101816140A true CN101816140A (zh) | 2010-08-25 |
Family
ID=40296398
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200880100714.2A Pending CN101816140A (zh) | 2007-07-27 | 2008-07-23 | 用于pki个性化过程的基于令牌的管理*** |
Country Status (4)
Country | Link |
---|---|
US (1) | US8392702B2 (zh) |
CN (1) | CN101816140A (zh) |
MX (1) | MX2010001059A (zh) |
WO (1) | WO2009018032A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110383788A (zh) * | 2017-03-07 | 2019-10-25 | 西门子股份公司 | 用于执行一个或多个应用程序以便与提供Web服务的一个或多个服务器进行安全的数据交换的方法和安全单元、特别是用于IoT设备的安全单元 |
CN110690972A (zh) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | 令牌认证方法、装置、电子设备及存储介质 |
CN112313984A (zh) * | 2018-06-18 | 2021-02-02 | 西门子股份公司 | 用于接入移动无线电网络的子网络的接入授权的建立 |
Families Citing this family (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7272728B2 (en) | 2004-06-14 | 2007-09-18 | Iovation, Inc. | Network security and fraud detection system and method |
US8751815B2 (en) * | 2006-10-25 | 2014-06-10 | Iovation Inc. | Creating and verifying globally unique device-specific identifiers |
KR100930695B1 (ko) * | 2007-08-06 | 2009-12-09 | 현대자동차주식회사 | 디알엠 시스템 및 디알엠 콘텐츠 관리방법 |
US9323681B2 (en) | 2008-09-18 | 2016-04-26 | Avere Systems, Inc. | File storage system, cache appliance, and method |
US8214404B2 (en) | 2008-07-11 | 2012-07-03 | Avere Systems, Inc. | Media aware distributed data layout |
US8751791B2 (en) * | 2008-09-17 | 2014-06-10 | Motorola Solutions, Inc. | Method and device for confirming authenticity of a public key infrastructure (PKI) transaction event |
ES2599985T3 (es) * | 2010-01-12 | 2017-02-06 | Visa International Service Association | Validación en cualquier momento para los tokens de verificación |
AU2015200701B2 (en) * | 2010-01-12 | 2016-07-28 | Visa International Service Association | Anytime validation for verification tokens |
US8555361B2 (en) * | 2010-02-26 | 2013-10-08 | Motorola Mobility Llc | Dynamic cryptographic subscriber-device identity binding for subscriber mobility |
US8676684B2 (en) | 2010-04-12 | 2014-03-18 | Iovation Inc. | System and method for evaluating risk in fraud prevention |
US8627420B2 (en) * | 2010-04-22 | 2014-01-07 | Cisco Technologies, Inc. | Apparatus for associating a client device or service with a wireless network |
US9407626B2 (en) * | 2011-09-29 | 2016-08-02 | Red Hat, Inc. | Security token management service hosting in application server |
WO2013126882A1 (en) * | 2012-02-23 | 2013-08-29 | Applied Communication Sciences | Privacy-preserving publish-subscribe protocol in a distributed model |
US9043456B2 (en) * | 2012-02-28 | 2015-05-26 | Arris Technology, Inc. | Identity data management system for high volume production of product-specific identity data |
CN102833593B (zh) * | 2012-07-17 | 2015-12-16 | 晨星软件研发(深圳)有限公司 | 一种智能电视应用的授权方法、***及智能电视 |
WO2014074865A2 (en) * | 2012-11-09 | 2014-05-15 | Timothy Mossbarger | Entity network translation (ent) |
US9270649B1 (en) * | 2013-03-11 | 2016-02-23 | Emc Corporation | Secure software authenticator data transfer between processing devices |
US8966599B1 (en) * | 2013-03-14 | 2015-02-24 | Amazon Technologies, Inc. | Automatic token renewal for device authentication |
FR3015168A1 (fr) | 2013-12-12 | 2015-06-19 | Orange | Procede d'authentification par jeton |
JP6268616B2 (ja) * | 2013-12-16 | 2018-01-31 | パナソニックIpマネジメント株式会社 | 認証システムおよび認証方法 |
US9218468B1 (en) | 2013-12-16 | 2015-12-22 | Matthew B. Rappaport | Systems and methods for verifying attributes of users of online systems |
US20160180335A1 (en) * | 2014-12-17 | 2016-06-23 | Empire Technology Development Llc | Alarm service |
US10387636B2 (en) * | 2015-10-20 | 2019-08-20 | Vivint, Inc. | Secure unlock of a device |
US10164963B2 (en) * | 2015-10-23 | 2018-12-25 | Oracle International Corporation | Enforcing server authentication based on a hardware token |
CN106648440B (zh) * | 2015-10-28 | 2020-07-24 | 华为技术有限公司 | 操作存储设备的控制方法和存储设备 |
CN105516083A (zh) * | 2015-11-25 | 2016-04-20 | 上海华为技术有限公司 | 一种数据安全管理的方法、装置及*** |
CA2944935A1 (en) * | 2015-11-27 | 2017-05-27 | The Toronto-Dominion Bank | System and method for remotely activating a pin-pad terminal |
US9537865B1 (en) * | 2015-12-03 | 2017-01-03 | International Business Machines Corporation | Access control using tokens and black lists |
US10154037B2 (en) | 2017-03-22 | 2018-12-11 | Oracle International Corporation | Techniques for implementing a data storage device as a security device for managing access to resources |
WO2018236420A1 (en) | 2017-06-20 | 2018-12-27 | Google Llc | CLOUD EQUIPMENT SECURITY MODULES FOR CRYPTOGRAPHIC EXTERNALIZATION OPERATIONS |
US11456881B2 (en) | 2017-06-30 | 2022-09-27 | Motorola Solutions, Inc. | Lifecycle management method and apparatus for trusted certificates and trust chains |
US10404675B2 (en) * | 2017-08-16 | 2019-09-03 | Bank Of America Corporation | Elastic authentication system |
US11397571B2 (en) * | 2018-01-17 | 2022-07-26 | Kymeta Corporation | Method and apparatus for remotely updating satellite devices |
US11632360B1 (en) | 2018-07-24 | 2023-04-18 | Pure Storage, Inc. | Remote access to a storage device |
JP7113269B2 (ja) * | 2018-08-28 | 2022-08-05 | パナソニックIpマネジメント株式会社 | 通信システムおよび通信方法 |
US10936191B1 (en) | 2018-12-05 | 2021-03-02 | Pure Storage, Inc. | Access control for a computing system |
US11102002B2 (en) * | 2018-12-28 | 2021-08-24 | Dell Products, L.P. | Trust domain isolation management in secured execution environments |
CA3138221A1 (en) | 2019-05-23 | 2020-11-26 | Citrix Systems, Inc. | Secure web application delivery platform |
US11296881B2 (en) * | 2019-10-30 | 2022-04-05 | Microsoft Technology Licensing, Llc | Using IP heuristics to protect access tokens from theft and replay |
US11803631B2 (en) * | 2020-05-06 | 2023-10-31 | Arris Enterprises Llc | Binding a hardware security token to a host device to prevent exploitation by other host devices |
DE102020115033A1 (de) * | 2020-06-05 | 2021-12-09 | Bundesdruckerei Gmbh | System zum Betrieb eines USB-Geräts |
US20220385481A1 (en) * | 2021-06-01 | 2022-12-01 | International Business Machines Corporation | Certificate-based multi-factor authentication |
US20240015158A1 (en) * | 2022-07-07 | 2024-01-11 | Capital One Services, Llc | Systems and methods for granting account access to a guest contact |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5142578A (en) * | 1991-08-22 | 1992-08-25 | International Business Machines Corporation | Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors |
GB9905056D0 (en) * | 1999-03-05 | 1999-04-28 | Hewlett Packard Co | Computing apparatus & methods of operating computer apparatus |
US6985583B1 (en) * | 1999-05-04 | 2006-01-10 | Rsa Security Inc. | System and method for authentication seed distribution |
EP2290577B1 (en) * | 2000-02-18 | 2017-08-16 | Vasco Data Security International GmbH | Token device having a USB connector |
US6959089B1 (en) * | 2000-04-07 | 2005-10-25 | General Instrument Corporation | Method and apparatus for secure transmission of data |
US7028181B1 (en) * | 2000-06-09 | 2006-04-11 | Northrop Grumman Corporation | System and method for efficient and secure revocation of a signature certificate in a public key infrastructure |
US7047409B1 (en) * | 2000-06-09 | 2006-05-16 | Northrop Grumman Corporation | Automated tracking of certificate pedigree |
FI20010596A0 (fi) * | 2001-03-22 | 2001-03-22 | Ssh Comm Security Oyj | Turvallisuusjärjestelmä tietoliikenneverkkoa varten |
US7243366B2 (en) * | 2001-11-15 | 2007-07-10 | General Instrument Corporation | Key management protocol and authentication system for secure internet protocol rights management architecture |
US7206936B2 (en) * | 2001-12-19 | 2007-04-17 | Northrop Grumman Corporation | Revocation and updating of tokens in a public key infrastructure system |
US7475250B2 (en) * | 2001-12-19 | 2009-01-06 | Northrop Grumman Corporation | Assignment of user certificates/private keys in token enabled public key infrastructure system |
US7278026B2 (en) * | 2002-01-02 | 2007-10-02 | Mcgowan Tim | Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication |
AU2003277850A1 (en) * | 2002-09-16 | 2004-04-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Loading data onto an electronic device |
US7260224B1 (en) * | 2003-06-30 | 2007-08-21 | Microsoft Corporation | Automated secure key transfer |
US7548620B2 (en) * | 2004-02-23 | 2009-06-16 | Verisign, Inc. | Token provisioning |
US7552322B2 (en) * | 2004-06-24 | 2009-06-23 | Palo Alto Research Center Incorporated | Using a portable security token to facilitate public key certification for devices in a network |
US7707405B1 (en) * | 2004-09-21 | 2010-04-27 | Avaya Inc. | Secure installation activation |
-
2008
- 2008-07-17 US US12/175,444 patent/US8392702B2/en active Active
- 2008-07-23 CN CN200880100714.2A patent/CN101816140A/zh active Pending
- 2008-07-23 MX MX2010001059A patent/MX2010001059A/es active IP Right Grant
- 2008-07-23 WO PCT/US2008/070832 patent/WO2009018032A1/en active Application Filing
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110383788A (zh) * | 2017-03-07 | 2019-10-25 | 西门子股份公司 | 用于执行一个或多个应用程序以便与提供Web服务的一个或多个服务器进行安全的数据交换的方法和安全单元、特别是用于IoT设备的安全单元 |
US11432156B2 (en) | 2017-03-07 | 2022-08-30 | Siemens Aktiengesellschaft | Security unit for an IoT device and method for running one or more applications for the secured exchange of data with one or more servers which provide web services |
CN112313984A (zh) * | 2018-06-18 | 2021-02-02 | 西门子股份公司 | 用于接入移动无线电网络的子网络的接入授权的建立 |
US11304058B2 (en) | 2018-06-18 | 2022-04-12 | Siemens Aktiengesellschaft | Setting up access authorization to access a subnetwork of a mobile radio network |
CN112313984B (zh) * | 2018-06-18 | 2022-09-09 | 西门子股份公司 | 建立接入授权的方法、辅助***、用户设备以及存储器 |
CN110690972A (zh) * | 2019-10-11 | 2020-01-14 | 迈普通信技术股份有限公司 | 令牌认证方法、装置、电子设备及存储介质 |
CN110690972B (zh) * | 2019-10-11 | 2022-02-22 | 迈普通信技术股份有限公司 | 令牌认证方法、装置、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
MX2010001059A (es) | 2010-03-03 |
WO2009018032A1 (en) | 2009-02-05 |
US20090031131A1 (en) | 2009-01-29 |
US8392702B2 (en) | 2013-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101816140A (zh) | 用于pki个性化过程的基于令牌的管理*** | |
CN109410406B (zh) | 一种授权方法、装置和*** | |
KR102202547B1 (ko) | 액세스 요청을 검증하기 위한 방법 및 시스템 | |
CN101401387B (zh) | 用于嵌入式设备的访问控制方法 | |
CN1992722B (zh) | 用于控制远程网络供电设备的安全性的***和方法 | |
CN100438421C (zh) | 用于对网络位置的子位置进行用户验证的方法和*** | |
CN101222488B (zh) | 控制客户端访问网络设备的方法和网络认证服务器 | |
CN101291228B (zh) | 一种超级密码的生成、认证方法和***、设备 | |
US20120204245A1 (en) | Secure authentication using one-time passwords | |
WO2004079988A1 (en) | Secure object for convenient identification | |
CN101872399A (zh) | 基于双重身份认证的动态数字版权保护方法 | |
WO2008070857A1 (en) | Real-time checking of online digital certificates | |
CN108701384B (zh) | 用于监控对能电子控制的装置的访问的方法 | |
EP1678683B1 (en) | A lock system and a method of configuring a lock system. | |
CN110401613A (zh) | 一种认证管理方法和相关设备 | |
US11245523B2 (en) | Method for implementing client side credential control to authorize access to a protected device | |
US7451307B2 (en) | Communication apparatus, communication system, communication apparatus control method and implementation program thereof | |
US8990887B2 (en) | Secure mechanisms to enable mobile device communication with a security panel | |
DE102017121648B3 (de) | Verfahren zum anmelden eines benutzers an einem endgerät | |
WO2007030517A2 (en) | Systems and methods for third-party authentication | |
KR102682490B1 (ko) | 무인 셀프 스토리지 서비스 방법 및 무인 셀프 스토리지 시스템 | |
US12047494B2 (en) | Protected protocol for industrial control systems that fits large organizations | |
DE102017012249A1 (de) | Mobiles Endgerät und Verfahren zum Authentifizieren eines Benutzers an einem Endgerät mittels mobilem Endgerät | |
CN111295653B (zh) | 改进安全网络中设备的注册 | |
US20220182229A1 (en) | Protected protocol for industrial control systems that fits large organizations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: GENERAL INSTRUMENT HOLDING CO., LTD. Free format text: FORMER OWNER: GENERAL INSTRUMENT CO. Effective date: 20130926 Owner name: MOTOROLA MOBILITY LLC Free format text: FORMER OWNER: GENERAL INSTRUMENT HOLDING CO., LTD. Effective date: 20130926 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20130926 Address after: Illinois Applicant after: MOTOROLA MOBILITY LLC Address before: California Applicant before: General instrument Holdings Ltd. Effective date of registration: 20130926 Address after: California Applicant after: General instrument Holdings Ltd. Address before: American Pennsylvania Applicant before: GENERAL INSTRUMENT Corp. |
|
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160615 Address after: California, USA Applicant after: Google Technology Holdings LLC Address before: Illinois Applicant before: MOTOROLA MOBILITY LLC |
|
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100825 |
|
RJ01 | Rejection of invention patent application after publication |