CA2543096C - Protected dynamic provisioning of credentials - Google Patents

Protected dynamic provisioning of credentials Download PDF

Info

Publication number
CA2543096C
CA2543096C CA2543096A CA2543096A CA2543096C CA 2543096 C CA2543096 C CA 2543096C CA 2543096 A CA2543096 A CA 2543096A CA 2543096 A CA2543096 A CA 2543096A CA 2543096 C CA2543096 C CA 2543096C
Authority
CA
Canada
Prior art keywords
server
peer
key
party
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA2543096A
Other languages
English (en)
French (fr)
Other versions
CA2543096A1 (en
Inventor
Nancy Cam Winget
Mark Krischer
Ilan Frenkel
Hao Zhou
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Publication of CA2543096A1 publication Critical patent/CA2543096A1/en
Application granted granted Critical
Publication of CA2543096C publication Critical patent/CA2543096C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
CA2543096A 2003-11-05 2004-10-12 Protected dynamic provisioning of credentials Expired - Fee Related CA2543096C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/702,167 US7788480B2 (en) 2003-11-05 2003-11-05 Protected dynamic provisioning of credentials
US10/702,167 2003-11-05
PCT/US2004/033477 WO2005048524A1 (en) 2003-11-05 2004-10-12 Protected dynamic provisioning of credentials

Publications (2)

Publication Number Publication Date
CA2543096A1 CA2543096A1 (en) 2005-05-26
CA2543096C true CA2543096C (en) 2013-01-08

Family

ID=34551603

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2543096A Expired - Fee Related CA2543096C (en) 2003-11-05 2004-10-12 Protected dynamic provisioning of credentials

Country Status (7)

Country Link
US (1) US7788480B2 (enExample)
EP (1) EP1692808B1 (enExample)
JP (1) JP4842831B2 (enExample)
CN (1) CN1875567B (enExample)
AU (1) AU2004310323A1 (enExample)
CA (1) CA2543096C (enExample)
WO (1) WO2005048524A1 (enExample)

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7237117B2 (en) 2001-03-16 2007-06-26 Kenneth P. Weiss Universal secure registry
US20050120213A1 (en) * 2003-12-01 2005-06-02 Cisco Technology, Inc. System and method for provisioning and authenticating via a network
EP2239240A1 (de) * 2004-06-21 2010-10-13 Sika Technology AG Zementmahlhilfsmittel
US8146142B2 (en) * 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US7356539B2 (en) 2005-04-04 2008-04-08 Research In Motion Limited Policy proxy
US7673330B2 (en) * 2006-01-05 2010-03-02 Microsoft Corporation Ad-hoc creation of group based on contextual information
US8001055B2 (en) * 2006-02-21 2011-08-16 Weiss Kenneth P Method, system and apparatus for secure access, payment and identification
US8234220B2 (en) 2007-02-21 2012-07-31 Weiss Kenneth P Universal secure registry
US11227676B2 (en) 2006-02-21 2022-01-18 Universal Secure Registry, Llc Universal secure registry
WO2008004174A2 (en) * 2006-07-06 2008-01-10 Koninklijke Philips Electronics N.V. Establishing a secure authenticated channel
US8341411B2 (en) 2006-08-16 2012-12-25 Research In Motion Limited Enabling use of a certificate stored in a smart card
JP2010507295A (ja) * 2006-10-17 2010-03-04 アベガ システムズ ピーティーワイ リミテッド メディアワイヤレスネットワークの設定及び接続
US8781441B1 (en) * 2007-02-08 2014-07-15 Sprint Communications Company L.P. Decision environment for devices that fail authentication
US8447977B2 (en) 2008-12-09 2013-05-21 Canon Kabushiki Kaisha Authenticating a device with a server over a network
US8756690B2 (en) * 2009-09-30 2014-06-17 Symbol Technologies, Inc. Extensible authentication protocol attack detection systems and methods
US20110197267A1 (en) * 2010-02-05 2011-08-11 Vivianne Gravel Secure authentication system and method
CA2696037A1 (en) 2010-03-15 2011-09-15 Research In Motion Limited Advertisement and dynamic configuration of wlan prioritization states
EP2383955B1 (en) 2010-04-29 2019-10-30 BlackBerry Limited Assignment and distribution of access credentials to mobile communication devices
US8929346B2 (en) 2010-05-14 2015-01-06 Blackberry Limited Advertisement and distribution of notifications in a wireless local area network (WLAN)
US8442024B2 (en) 2010-05-14 2013-05-14 Research In Motion Limited Advertisement and distribution of notifications in a wireless local area network (WLAN)
US8458279B2 (en) * 2010-05-14 2013-06-04 Research In Motion Limited Advertisement and distribution of notifications using extensible authentication protocol (EAP) methods
US8681769B2 (en) 2010-05-14 2014-03-25 Blackberry Limited Incorporation of a notification in a network name
WO2012037479A1 (en) 2010-09-17 2012-03-22 Universal Secure Registry, Llc Apparatus, system and method employing a wireless user-device
US8818906B1 (en) * 2010-10-05 2014-08-26 Jpmorgan Chase Bank, N.A. Systems and methods for performing authentication of a customer interacting with a banking platform
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US8750180B2 (en) 2011-09-16 2014-06-10 Blackberry Limited Discovering network information available via wireless networks
US8942221B2 (en) 2011-11-10 2015-01-27 Blackberry Limited Caching network discovery responses in wireless networks
US9204299B2 (en) 2012-05-11 2015-12-01 Blackberry Limited Extended service set transitions in wireless networks
US10812964B2 (en) 2012-07-12 2020-10-20 Blackberry Limited Address assignment for initial authentication
US9137621B2 (en) 2012-07-13 2015-09-15 Blackberry Limited Wireless network service transaction protocol
US9301127B2 (en) 2013-02-06 2016-03-29 Blackberry Limited Persistent network negotiation for peer to peer devices
US8782774B1 (en) * 2013-03-07 2014-07-15 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
US9203832B2 (en) 2013-03-12 2015-12-01 Cable Television Laboratories, Inc. DTCP certificate authentication over TLS protocol
US9628400B2 (en) 2013-07-24 2017-04-18 Cisco Technology, Inc. Interest forwarding for interactive client anonymity
JP6850530B2 (ja) * 2014-10-20 2021-03-31 タタ コンサルタンシー サービシズ リミテッドTATA Consultancy Services Limited セキュアセッションの確立と暗号化データ交換のためのコンピュータ利用システム及びコンピュータ利用方法
WO2016106535A1 (zh) * 2014-12-28 2016-07-07 高剑青 蜂窝网络系统
US10129220B2 (en) 2015-06-13 2018-11-13 Avocado Systems Inc. Application and data protection tag
US10270810B2 (en) 2015-06-14 2019-04-23 Avocado Systems Inc. Data socket descriptor based policies for application and data behavior and security
US10397277B2 (en) 2015-06-14 2019-08-27 Avocado Systems Inc. Dynamic data socket descriptor mirroring mechanism and use for security analytics
US10193889B2 (en) 2015-06-14 2019-01-29 Avocado Systems Inc. Data socket descriptor attributes for application discovery in data centers
US10148697B2 (en) 2015-06-16 2018-12-04 Avocado Systems Inc. Unified host based security exchange between heterogeneous end point security agents
US10193930B2 (en) 2015-06-29 2019-01-29 Avocado Systems Inc. Application security capability exchange via the application and data protection layer
US10356068B2 (en) * 2015-07-14 2019-07-16 Avocado Systems Inc. Security key generator module for security sensitive applications
US10354070B2 (en) 2015-08-22 2019-07-16 Avocado Systems Inc. Thread level access control to socket descriptors and end-to-end thread level policies for thread protection
US10581620B2 (en) 2016-11-14 2020-03-03 Integrity Security Services Llc Scalable certificate management system architectures
US10503881B2 (en) * 2016-11-14 2019-12-10 Integrity Security Services Llc Secure provisioning and management of devices
US10972455B2 (en) * 2018-04-24 2021-04-06 International Business Machines Corporation Secure authentication in TLS sessions
US10764029B1 (en) 2019-04-02 2020-09-01 Carey Patrick Atkins Asymmetric Encryption Algorithm
JP7315825B2 (ja) * 2019-06-14 2023-07-27 ダイキン工業株式会社 機器管理システムおよび認証方法
WO2021102023A1 (en) * 2019-11-19 2021-05-27 Arris Enterprises Llc Transmission of secure information in a content distribution network
US10903990B1 (en) 2020-03-11 2021-01-26 Cloudflare, Inc. Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint
EP4278638B1 (en) 2021-07-29 2025-07-02 Samsung Electronics Co., Ltd. Method and system for securely handling re-connection of client devices to a wireless network
US12488081B2 (en) * 2023-10-25 2025-12-02 Blackberry Limited Communicating credentials between two operating systems

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) * 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US7334127B2 (en) * 1995-04-21 2008-02-19 Certicom Corp. Key agreement and transport protocol
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
US6397056B1 (en) * 1999-04-30 2002-05-28 Telefonaktiebolaget L M Ericsson (Publ) System and method for reducing network signaling load in a radio telecommunications network
US20040049585A1 (en) * 2000-04-14 2004-03-11 Microsoft Corporation SERVER SIDE CONFIGURATION OF CLIENT IPSec LIFETIME SECURITY PARAMETERS
US6785713B1 (en) * 2000-05-08 2004-08-31 Citrix Systems, Inc. Method and apparatus for communicating among a network of servers utilizing a transport mechanism
JP2002141895A (ja) * 2000-11-01 2002-05-17 Sony Corp コンテンツ配信システムおよびコンテンツ配信方法
US6934389B2 (en) * 2001-03-02 2005-08-23 Ati International Srl Method and apparatus for providing bus-encrypted copy protection key to an unsecured bus
US20020157024A1 (en) * 2001-04-06 2002-10-24 Aki Yokote Intelligent security association management server for mobile IP networks
KR100438431B1 (ko) * 2002-02-23 2004-07-03 삼성전자주식회사 통신 네트워크에서 가상 사설 네트워크 서비스 접속을위한 보안 시스템 및 방법
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling
US7221757B2 (en) * 2002-08-15 2007-05-22 Opentv, Inc. Method and system for accelerated data encryption
US7275156B2 (en) * 2002-08-30 2007-09-25 Xerox Corporation Method and apparatus for establishing and using a secure credential infrastructure
GB0221674D0 (en) * 2002-09-18 2002-10-30 Nokia Corp Linked authentication protocols
US7779152B2 (en) * 2003-01-24 2010-08-17 Nokia Corporation Establishing communication tunnels
US20040268126A1 (en) * 2003-06-24 2004-12-30 Dogan Mithat C. Shared secret generation for symmetric key cryptography
US7299354B2 (en) * 2003-09-30 2007-11-20 Intel Corporation Method to authenticate clients and hosts to provide secure network boot

Also Published As

Publication number Publication date
EP1692808B1 (en) 2014-01-15
CN1875567A (zh) 2006-12-06
US7788480B2 (en) 2010-08-31
JP2007511167A (ja) 2007-04-26
AU2004310323A1 (en) 2005-05-26
US20050097362A1 (en) 2005-05-05
EP1692808A1 (en) 2006-08-23
CN1875567B (zh) 2013-05-15
CA2543096A1 (en) 2005-05-26
JP4842831B2 (ja) 2011-12-21
WO2005048524A1 (en) 2005-05-26

Similar Documents

Publication Publication Date Title
CA2543096C (en) Protected dynamic provisioning of credentials
CN1883176B (zh) 用于经由网络进行供给和认证的系统和方法
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
Jeong et al. Integrated OTP-based user authentication scheme using smart cards in home networks
JP2007511167A5 (enExample)
US20150089618A1 (en) Single sign-on process
US20100100953A1 (en) PassThru for Client Authentication
Cam-Winget et al. The flexible authentication via secure tunneling extensible authentication protocol method (EAP-FAST)
KR20050000481A (ko) 이중 요소 인증된 키 교환 방법 및 이를 이용한 인증방법과 그 방법을 포함하는 프로그램이 저장된 기록매체
CN110020524A (zh) 一种基于智能卡的双向认证方法
Ali et al. A comparative study of authentication methods for wi-fi networks
Zhou et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1
Liu et al. Extensible authentication protocols for IEEE standards 802.11 and 802.16
Rai et al. Strong password based EAP-TLS authentication protocol for WiMAX
KR20070062199A (ko) 아이디/패스워드를 이용한 사용자 인증 방법
Singh et al. Survey and analysis of Modern Authentication system
Jeong et al. Integrated OTP-based user authentication and access control scheme in home networks
KR100759813B1 (ko) 생체정보를 이용한 사용자 인증 방법
Jain et al. SAP: a low-latency protocol for mitigating evil twin attacks and high computation overhead in WI-FI networks
Pagliusi et al. PANA/IKEv2: an Internet authentication protocol for heterogeneous access
Mogollon Access authentication
Zhou et al. RFC 7170: Tunnel Extensible Authentication Protocol (TEAP) Version 1
Kurt et al. User Identity Protection in Wireless Local Area Networks
Vaidya et al. HOTP-based user authentication scheme in home networks
Kahya et al. Formal Analysis of Key Management in mobile Wimax

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20171012