CN102612820B - 基于证书属性的ip安全证书交换 - Google Patents

基于证书属性的ip安全证书交换 Download PDF

Info

Publication number
CN102612820B
CN102612820B CN201080051233.4A CN201080051233A CN102612820B CN 102612820 B CN102612820 B CN 102612820B CN 201080051233 A CN201080051233 A CN 201080051233A CN 102612820 B CN102612820 B CN 102612820B
Authority
CN
China
Prior art keywords
certificate
endpoint
attributes
ipsec
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201080051233.4A
Other languages
English (en)
Chinese (zh)
Other versions
CN102612820A (zh
Inventor
A·帕纳修克
D·兰吉高达
A·舒克拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of CN102612820A publication Critical patent/CN102612820A/zh
Application granted granted Critical
Publication of CN102612820B publication Critical patent/CN102612820B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
CN201080051233.4A 2009-11-12 2010-10-28 基于证书属性的ip安全证书交换 Expired - Fee Related CN102612820B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/616,789 US9912654B2 (en) 2009-11-12 2009-11-12 IP security certificate exchange based on certificate attributes
US12/616,789 2009-11-12
PCT/US2010/054573 WO2011059774A2 (en) 2009-11-12 2010-10-28 Ip security certificate exchange based on certificate attributes

Publications (2)

Publication Number Publication Date
CN102612820A CN102612820A (zh) 2012-07-25
CN102612820B true CN102612820B (zh) 2016-03-02

Family

ID=43975149

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201080051233.4A Expired - Fee Related CN102612820B (zh) 2009-11-12 2010-10-28 基于证书属性的ip安全证书交换

Country Status (6)

Country Link
US (1) US9912654B2 (https=)
EP (1) EP2499778B1 (https=)
JP (1) JP5714596B2 (https=)
KR (1) KR101791708B1 (https=)
CN (1) CN102612820B (https=)
WO (1) WO2011059774A2 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102010044518A1 (de) * 2010-09-07 2012-03-08 Siemens Aktiengesellschaft Verfahren zur Zertifikats-basierten Authentisierung
JP5880401B2 (ja) * 2012-11-15 2016-03-09 富士ゼロックス株式会社 通信装置及びプログラム
US20160366124A1 (en) * 2015-06-15 2016-12-15 Qualcomm Incorporated Configuration and authentication of wireless devices
JP6727292B2 (ja) * 2015-08-24 2020-07-22 華為技術有限公司Huawei Technologies Co.,Ltd. セキュリティ認証方法、構成方法、および関連デバイス
JP7208707B2 (ja) * 2017-02-17 2023-01-19 キヤノン株式会社 情報処理装置及びその制御方法とプログラム
WO2019133434A1 (en) * 2017-12-29 2019-07-04 Pensando Systems Inc. Methods and systems for cryptographic identity based network microsegmentation
KR102250081B1 (ko) 2019-02-22 2021-05-10 데이터얼라이언스 주식회사 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법
US11783062B2 (en) 2021-02-16 2023-10-10 Microsoft Technology Licensing, Llc Risk-based access to computing environment secrets

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1770769A (zh) * 2004-10-14 2006-05-10 微软公司 使用IPsec提供网络隔离的系统和方法

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5530758A (en) * 1994-06-03 1996-06-25 Motorola, Inc. Operational methods for a secure node in a computer network
US5548646A (en) * 1994-09-15 1996-08-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
CA2228687A1 (en) * 1998-02-04 1999-08-04 Brett Howard Secured virtual private networks
US7461250B1 (en) * 1999-07-22 2008-12-02 Rsa Security, Inc. System and method for certificate exchange
GB2357226B (en) * 1999-12-08 2003-07-16 Hewlett Packard Co Security protocol
US20020007346A1 (en) * 2000-06-06 2002-01-17 Xin Qiu Method and apparatus for establishing global trust bridge for multiple trust authorities
US7113996B2 (en) * 2000-07-21 2006-09-26 Sandy Craig Kronenberg Method and system for secured transport and storage of data on a network
US7072870B2 (en) * 2000-09-08 2006-07-04 Identrus, Llc System and method for providing authorization and other services
US6915437B2 (en) * 2000-12-20 2005-07-05 Microsoft Corporation System and method for improved network security
US7073055B1 (en) * 2001-02-22 2006-07-04 3Com Corporation System and method for providing distributed and dynamic network services for remote access server users
US7272714B2 (en) * 2002-05-31 2007-09-18 International Business Machines Corporation Method, apparatus, and program for automated trust zone partitioning
US7185199B2 (en) * 2002-08-30 2007-02-27 Xerox Corporation Apparatus and methods for providing secured communication
US20040093492A1 (en) * 2002-11-13 2004-05-13 Olivier Daude Virtual private network management with certificates
JP4352728B2 (ja) 2003-03-11 2009-10-28 株式会社日立製作所 サーバ装置、端末制御装置及び端末認証方法
AR043588A1 (es) * 2003-03-12 2005-08-03 Nationwide Mutual Insurance Co Metodo para implementar un programa de administracion de riesgos
US7308711B2 (en) 2003-06-06 2007-12-11 Microsoft Corporation Method and framework for integrating a plurality of network policies
US20050086468A1 (en) * 2003-10-17 2005-04-21 Branislav Meandzija Digital certificate related to user terminal hardware in a wireless network
AU2005234051A1 (en) * 2004-04-12 2005-10-27 Intercomputer Corporation Secure messaging system
US20060085850A1 (en) * 2004-10-14 2006-04-20 Microsoft Corporation System and methods for providing network quarantine using IPsec
KR100759489B1 (ko) 2004-11-18 2007-09-18 삼성전자주식회사 이동통신망에서 공개키 기반구조를 이용한 아이피보안터널의 보안 방법 및 장치
US20060174125A1 (en) * 2005-01-31 2006-08-03 Brookner George M Multiple cryptographic key security device
US20080022392A1 (en) * 2006-07-05 2008-01-24 Cisco Technology, Inc. Resolution of attribute overlap on authentication, authorization, and accounting servers
US20090025080A1 (en) * 2006-09-27 2009-01-22 Craig Lund System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
US8429734B2 (en) * 2007-07-31 2013-04-23 Symantec Corporation Method for detecting DNS redirects or fraudulent local certificates for SSL sites in pharming/phishing schemes by remote validation and using a credential manager and recorded certificate attributes
AU2009205675B2 (en) * 2008-01-18 2014-09-25 Identrust, Inc. Binding a digital certificate to multiple trust domains
US20100318788A1 (en) * 2009-06-12 2010-12-16 Alexandro Salvarani Method of managing secure communications
US8250866B2 (en) 2009-07-30 2012-08-28 Ford Global Technologies, Llc EGR extraction immediately downstream pre-turbo catalyst

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1770769A (zh) * 2004-10-14 2006-05-10 微软公司 使用IPsec提供网络隔离的系统和方法

Also Published As

Publication number Publication date
EP2499778A2 (en) 2012-09-19
EP2499778B1 (en) 2019-08-07
KR20120094926A (ko) 2012-08-27
WO2011059774A2 (en) 2011-05-19
CN102612820A (zh) 2012-07-25
US20110113481A1 (en) 2011-05-12
JP5714596B2 (ja) 2015-05-07
US9912654B2 (en) 2018-03-06
KR101791708B1 (ko) 2017-11-20
WO2011059774A3 (en) 2011-09-29
JP2013511209A (ja) 2013-03-28
EP2499778A4 (en) 2017-01-04

Similar Documents

Publication Publication Date Title
CN102612820B (zh) 基于证书属性的ip安全证书交换
CN101099143B (zh) 使用属性证书实现网络设备授权的系统与方法
CN111523108B (zh) 用于加密密钥管理、联合和分配的系统和方法
US8918641B2 (en) Dynamic platform reconfiguration by multi-tenant service providers
JP4746333B2 (ja) コンピューティングシステムの効率的かつセキュアな認証
US20230009167A1 (en) Post-connection client certificate authentication
EP2328107B1 (en) Identity controlled data center
US20080320566A1 (en) Device provisioning and domain join emulation over non-secured networks
CN101136746A (zh) 一种认证方法及系统
CN113678410A (zh) 提供连接租赁交换和相互信任协议的计算系统和相关方法
WO2022143935A1 (zh) 基于区块链的sdp访问控制方法及系统
CN114640512A (zh) 安全服务系统、访问控制方法和计算机可读存储介质
CN111628960B (zh) 用于连接至专用网络上的网络服务的方法和装置
EP4144062A1 (en) Rogue certificate detection
JP6185934B2 (ja) サーバー・アプリケーションと多数の認証プロバイダーとの統合
CN101129043A (zh) 用于将客户机连接到网络的方法、系统和程序产品
Doddavula et al. Implementation of a Secure Genome Sequence Search Platform on Public Cloud: Leveraging Open Source Solutions
Hicks Configure Windows Server for Always On VPN
HK40030098B (zh) 无线局域网认证方法与无线局域网连接方法

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: MICROSOFT TECHNOLOGY LICENSING LLC

Free format text: FORMER OWNER: MICROSOFT CORP.

Effective date: 20150717

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20150717

Address after: Washington State

Applicant after: MICROSOFT TECHNOLOGY LICENSING, LLC

Address before: Washington State

Applicant before: Microsoft Corp.

C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160302

CF01 Termination of patent right due to non-payment of annual fee