CN1875567B - 凭证的受保护动态提供 - Google Patents

凭证的受保护动态提供 Download PDF

Info

Publication number
CN1875567B
CN1875567B CN2004800326617A CN200480032661A CN1875567B CN 1875567 B CN1875567 B CN 1875567B CN 2004800326617 A CN2004800326617 A CN 2004800326617A CN 200480032661 A CN200480032661 A CN 200480032661A CN 1875567 B CN1875567 B CN 1875567B
Authority
CN
China
Prior art keywords
peer
server
authentication
credentials
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN2004800326617A
Other languages
English (en)
Chinese (zh)
Other versions
CN1875567A (zh
Inventor
南希·卡姆温恩特
马克·克里斯彻尔
艾兰·费恩克尔
周浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Publication of CN1875567A publication Critical patent/CN1875567A/zh
Application granted granted Critical
Publication of CN1875567B publication Critical patent/CN1875567B/zh
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
CN2004800326617A 2003-11-05 2004-10-12 凭证的受保护动态提供 Expired - Lifetime CN1875567B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US10/702,167 US7788480B2 (en) 2003-11-05 2003-11-05 Protected dynamic provisioning of credentials
US10/702,167 2003-11-05
PCT/US2004/033477 WO2005048524A1 (en) 2003-11-05 2004-10-12 Protected dynamic provisioning of credentials

Publications (2)

Publication Number Publication Date
CN1875567A CN1875567A (zh) 2006-12-06
CN1875567B true CN1875567B (zh) 2013-05-15

Family

ID=34551603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2004800326617A Expired - Lifetime CN1875567B (zh) 2003-11-05 2004-10-12 凭证的受保护动态提供

Country Status (7)

Country Link
US (1) US7788480B2 (enExample)
EP (1) EP1692808B1 (enExample)
JP (1) JP4842831B2 (enExample)
CN (1) CN1875567B (enExample)
AU (1) AU2004310323A1 (enExample)
CA (1) CA2543096C (enExample)
WO (1) WO2005048524A1 (enExample)

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7237117B2 (en) 2001-03-16 2007-06-26 Kenneth P. Weiss Universal secure registry
US20050120213A1 (en) * 2003-12-01 2005-06-02 Cisco Technology, Inc. System and method for provisioning and authenticating via a network
EP2239240A1 (de) * 2004-06-21 2010-10-13 Sika Technology AG Zementmahlhilfsmittel
US8146142B2 (en) * 2004-09-03 2012-03-27 Intel Corporation Device introduction and access control framework
US7356539B2 (en) 2005-04-04 2008-04-08 Research In Motion Limited Policy proxy
US7673330B2 (en) * 2006-01-05 2010-03-02 Microsoft Corporation Ad-hoc creation of group based on contextual information
US8001055B2 (en) * 2006-02-21 2011-08-16 Weiss Kenneth P Method, system and apparatus for secure access, payment and identification
US8234220B2 (en) 2007-02-21 2012-07-31 Weiss Kenneth P Universal secure registry
US11227676B2 (en) 2006-02-21 2022-01-18 Universal Secure Registry, Llc Universal secure registry
WO2008004174A2 (en) * 2006-07-06 2008-01-10 Koninklijke Philips Electronics N.V. Establishing a secure authenticated channel
US8341411B2 (en) 2006-08-16 2012-12-25 Research In Motion Limited Enabling use of a certificate stored in a smart card
JP2010507295A (ja) * 2006-10-17 2010-03-04 アベガ システムズ ピーティーワイ リミテッド メディアワイヤレスネットワークの設定及び接続
US8781441B1 (en) * 2007-02-08 2014-07-15 Sprint Communications Company L.P. Decision environment for devices that fail authentication
US8447977B2 (en) 2008-12-09 2013-05-21 Canon Kabushiki Kaisha Authenticating a device with a server over a network
US8756690B2 (en) * 2009-09-30 2014-06-17 Symbol Technologies, Inc. Extensible authentication protocol attack detection systems and methods
US20110197267A1 (en) * 2010-02-05 2011-08-11 Vivianne Gravel Secure authentication system and method
CA2696037A1 (en) 2010-03-15 2011-09-15 Research In Motion Limited Advertisement and dynamic configuration of wlan prioritization states
EP2383955B1 (en) 2010-04-29 2019-10-30 BlackBerry Limited Assignment and distribution of access credentials to mobile communication devices
US8929346B2 (en) 2010-05-14 2015-01-06 Blackberry Limited Advertisement and distribution of notifications in a wireless local area network (WLAN)
US8442024B2 (en) 2010-05-14 2013-05-14 Research In Motion Limited Advertisement and distribution of notifications in a wireless local area network (WLAN)
US8458279B2 (en) * 2010-05-14 2013-06-04 Research In Motion Limited Advertisement and distribution of notifications using extensible authentication protocol (EAP) methods
US8681769B2 (en) 2010-05-14 2014-03-25 Blackberry Limited Incorporation of a notification in a network name
WO2012037479A1 (en) 2010-09-17 2012-03-22 Universal Secure Registry, Llc Apparatus, system and method employing a wireless user-device
US8818906B1 (en) * 2010-10-05 2014-08-26 Jpmorgan Chase Bank, N.A. Systems and methods for performing authentication of a customer interacting with a banking platform
US9203617B2 (en) * 2011-08-17 2015-12-01 Vixs Systems, Inc. Secure provisioning of integrated circuits at various states of deployment, methods thereof
US8750180B2 (en) 2011-09-16 2014-06-10 Blackberry Limited Discovering network information available via wireless networks
US8942221B2 (en) 2011-11-10 2015-01-27 Blackberry Limited Caching network discovery responses in wireless networks
US9204299B2 (en) 2012-05-11 2015-12-01 Blackberry Limited Extended service set transitions in wireless networks
US10812964B2 (en) 2012-07-12 2020-10-20 Blackberry Limited Address assignment for initial authentication
US9137621B2 (en) 2012-07-13 2015-09-15 Blackberry Limited Wireless network service transaction protocol
US9301127B2 (en) 2013-02-06 2016-03-29 Blackberry Limited Persistent network negotiation for peer to peer devices
US8782774B1 (en) * 2013-03-07 2014-07-15 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
US9203832B2 (en) 2013-03-12 2015-12-01 Cable Television Laboratories, Inc. DTCP certificate authentication over TLS protocol
US9628400B2 (en) 2013-07-24 2017-04-18 Cisco Technology, Inc. Interest forwarding for interactive client anonymity
JP6850530B2 (ja) * 2014-10-20 2021-03-31 タタ コンサルタンシー サービシズ リミテッドTATA Consultancy Services Limited セキュアセッションの確立と暗号化データ交換のためのコンピュータ利用システム及びコンピュータ利用方法
WO2016106535A1 (zh) * 2014-12-28 2016-07-07 高剑青 蜂窝网络系统
US10129220B2 (en) 2015-06-13 2018-11-13 Avocado Systems Inc. Application and data protection tag
US10270810B2 (en) 2015-06-14 2019-04-23 Avocado Systems Inc. Data socket descriptor based policies for application and data behavior and security
US10397277B2 (en) 2015-06-14 2019-08-27 Avocado Systems Inc. Dynamic data socket descriptor mirroring mechanism and use for security analytics
US10193889B2 (en) 2015-06-14 2019-01-29 Avocado Systems Inc. Data socket descriptor attributes for application discovery in data centers
US10148697B2 (en) 2015-06-16 2018-12-04 Avocado Systems Inc. Unified host based security exchange between heterogeneous end point security agents
US10193930B2 (en) 2015-06-29 2019-01-29 Avocado Systems Inc. Application security capability exchange via the application and data protection layer
US10356068B2 (en) * 2015-07-14 2019-07-16 Avocado Systems Inc. Security key generator module for security sensitive applications
US10354070B2 (en) 2015-08-22 2019-07-16 Avocado Systems Inc. Thread level access control to socket descriptors and end-to-end thread level policies for thread protection
US10581620B2 (en) 2016-11-14 2020-03-03 Integrity Security Services Llc Scalable certificate management system architectures
US10503881B2 (en) * 2016-11-14 2019-12-10 Integrity Security Services Llc Secure provisioning and management of devices
US10972455B2 (en) * 2018-04-24 2021-04-06 International Business Machines Corporation Secure authentication in TLS sessions
US10764029B1 (en) 2019-04-02 2020-09-01 Carey Patrick Atkins Asymmetric Encryption Algorithm
JP7315825B2 (ja) * 2019-06-14 2023-07-27 ダイキン工業株式会社 機器管理システムおよび認証方法
WO2021102023A1 (en) * 2019-11-19 2021-05-27 Arris Enterprises Llc Transmission of secure information in a content distribution network
US10903990B1 (en) 2020-03-11 2021-01-26 Cloudflare, Inc. Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint
EP4278638B1 (en) 2021-07-29 2025-07-02 Samsung Electronics Co., Ltd. Method and system for securely handling re-connection of client devices to a wireless network
US12488081B2 (en) * 2023-10-25 2025-12-02 Blackberry Limited Communicating credentials between two operating systems

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1440155A (zh) * 2002-02-23 2003-09-03 三星电子株式会社 在通信网络中访问虚拟专用网络业务的安全系统及方法

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) * 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
US7334127B2 (en) * 1995-04-21 2008-02-19 Certicom Corp. Key agreement and transport protocol
US5689565A (en) * 1995-06-29 1997-11-18 Microsoft Corporation Cryptography system and method for providing cryptographic services for a computer application
US6397056B1 (en) * 1999-04-30 2002-05-28 Telefonaktiebolaget L M Ericsson (Publ) System and method for reducing network signaling load in a radio telecommunications network
US20040049585A1 (en) * 2000-04-14 2004-03-11 Microsoft Corporation SERVER SIDE CONFIGURATION OF CLIENT IPSec LIFETIME SECURITY PARAMETERS
US6785713B1 (en) * 2000-05-08 2004-08-31 Citrix Systems, Inc. Method and apparatus for communicating among a network of servers utilizing a transport mechanism
JP2002141895A (ja) * 2000-11-01 2002-05-17 Sony Corp コンテンツ配信システムおよびコンテンツ配信方法
US6934389B2 (en) * 2001-03-02 2005-08-23 Ati International Srl Method and apparatus for providing bus-encrypted copy protection key to an unsecured bus
US20020157024A1 (en) * 2001-04-06 2002-10-24 Aki Yokote Intelligent security association management server for mobile IP networks
US7529933B2 (en) * 2002-05-30 2009-05-05 Microsoft Corporation TLS tunneling
US7221757B2 (en) * 2002-08-15 2007-05-22 Opentv, Inc. Method and system for accelerated data encryption
US7275156B2 (en) * 2002-08-30 2007-09-25 Xerox Corporation Method and apparatus for establishing and using a secure credential infrastructure
GB0221674D0 (en) * 2002-09-18 2002-10-30 Nokia Corp Linked authentication protocols
US7779152B2 (en) * 2003-01-24 2010-08-17 Nokia Corporation Establishing communication tunnels
US20040268126A1 (en) * 2003-06-24 2004-12-30 Dogan Mithat C. Shared secret generation for symmetric key cryptography
US7299354B2 (en) * 2003-09-30 2007-11-20 Intel Corporation Method to authenticate clients and hosts to provide secure network boot

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1440155A (zh) * 2002-02-23 2003-09-03 三星电子株式会社 在通信网络中访问虚拟专用网络业务的安全系统及方法

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Paul Funk,Simon Blake-Wilson.EAP Tunneled TLS Authentication Protocol.draft-ietf-pppext-eap-ttls-02.2002,第3页中的2节,第7页-第20页4.3-10.3节,第22-23页中的12节,第29页最后一段.
Paul Funk,Simon Blake-Wilson.EAP Tunneled TLS Authentication Protocol.draft-ietf-pppext-eap-ttls-02.2002,第3页中的2节,第7页-第20页4.3-10.3节,第22-23页中的12节,第29页最后一段. *
Steven M. Bellovin,Michael Merritt.Encrypted Key Exchange:Password-BasedProtocolsSecure Against Dictionary Attacks.IEEE.1992,第72-84页.
Steven M. Bellovin,Michael Merritt.Encrypted Key Exchange:Password-BasedProtocolsSecure Against Dictionary Attacks.IEEE.1992,第72-84页. *

Also Published As

Publication number Publication date
EP1692808B1 (en) 2014-01-15
CN1875567A (zh) 2006-12-06
US7788480B2 (en) 2010-08-31
CA2543096C (en) 2013-01-08
JP2007511167A (ja) 2007-04-26
AU2004310323A1 (en) 2005-05-26
US20050097362A1 (en) 2005-05-05
EP1692808A1 (en) 2006-08-23
CA2543096A1 (en) 2005-05-26
JP4842831B2 (ja) 2011-12-21
WO2005048524A1 (en) 2005-05-26

Similar Documents

Publication Publication Date Title
CN1875567B (zh) 凭证的受保护动态提供
CN1883176B (zh) 用于经由网络进行供给和认证的系统和方法
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
JP4847322B2 (ja) 二重要素認証されたキー交換方法及びこれを利用した認証方法とその方法を含むプログラムが貯蔵された記録媒体
JP2007511167A5 (enExample)
US7644275B2 (en) Pass-thru for client authentication
CN101459506A (zh) 密钥协商方法、用于密钥协商的系统、客户端及服务器
Baek et al. A Survey of WPA and 802.11 i RSN Authentication Protocols
CN114760034A (zh) 一种身份鉴别方法和装置
CN110784305B (zh) 基于不经意伪随机函数和签密的单点登录认证方法
EP3340530B1 (en) Transport layer security (tls) based method to generate and use a unique persistent node identity, and corresponding client and server
Dey et al. An efficient dynamic key based eap authentication framework for future ieee 802.1 x wireless lans
Liu et al. Extensible authentication protocols for IEEE standards 802.11 and 802.16
Zhou et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1
CN120675819B (zh) 一种基于quic协议的分布式节点统一身份认证方法及系统
CN120729634B (zh) 一种基于量子密钥的电力系统数字终端二次鉴权认证方法、设备及介质
Rai et al. Strong password based EAP-TLS authentication protocol for WiMAX
KR102345093B1 (ko) 무선 인터넷의 보안 세션 제어 시스템 및 보안 세션 제어 방법
Cam-Winget et al. Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
Cheng et al. Id: A mandatory field in ike
Protocol Network Working Group N. Cam-Winget Internet-Draft D. McGrew Intended status: Informational J. Salowey Expires: March 9, 2008 H. Zhou Cisco Systems
Cam-Winget et al. RFC 5422: Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST)
Hanna et al. EMU Working Group H. Zhou Internet-Draft N. Cam-Winget Intended status: Standards Track J. Salowey Expires: January 16, 2014 Cisco Systems
Zhou et al. RFC 7170: Tunnel Extensible Authentication Protocol (TEAP) Version 1
Navarro-Arribas GIS 05: SSH & TLS

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20130515

CX01 Expiry of patent term