GB2382501A - Secure communication in a telecommunication network - Google Patents
Secure communication in a telecommunication network Download PDFInfo
- Publication number
- GB2382501A GB2382501A GB0128054A GB0128054A GB2382501A GB 2382501 A GB2382501 A GB 2382501A GB 0128054 A GB0128054 A GB 0128054A GB 0128054 A GB0128054 A GB 0128054A GB 2382501 A GB2382501 A GB 2382501A
- Authority
- GB
- United Kingdom
- Prior art keywords
- data
- certifying
- destination
- server
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/062—Pre-authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
A mobile terminal (10), such as a mobile terminal in a cellular telecommunication network, wishing to establish secure wireless telecommunication with a server (12), sends a wireless request (A) to the server for its public key. The server (12) assembles a certificate chain comprising its public key authenticated by one or more certificates from one or more trusted Certificate Authorities. The server (12) transmits the certificate chain by a wired link (E) direct to a revocation server (20) which establishes the current validity of the authenticating certificate in the certificate chain. Upon successful verification, the certificate chain signed by the certificate of the revocation server (20) is transmitted wirelessly (F) to the mobile terminal (10) which then checks the authenticity of the authenticating certificate using root certificates which it holds. There is thus only one wireless communication of the certificate chain to the mobile terminal. In a modification, an intermediate or proxy unit can be provided which receives the certificate chain from the server (12) by a wired link and transmits this, by another wired link, to the revocation server (20). Upon successful verification, the certificate chain, signed by the revocation server's certificate, is transmitted back to the proxy unit which then transmits it wirelessly to the mobile terminal. The use of the proxy unit avoids any alteration to the normal operation of the server (12). Again, there is only one wireless communication of the certificate chain to the mobile terminal.
Description
<Desc/Clms Page number 1>
WIRELESS TELECOMMUNICATION ARRANGEMENTS AND METHODS The invention relates to wireless telecommunication arrangements and methods. Wireless telecommunication arrangements and methods to be described in more detail below, by way of example only, facilitate authentication and verification procedures in wireless telecommunication, such as in the case where wireless telecommunication is to be established between a mobile terminal (for example, a mobile telephone or other mobile subscriber unit) and a server such as may take place in setting up an Internet connection.
The subject-matter provided by the invention is specified in the claims.
Wireless telecommunication arrangements and methods according to the invention will now be described, by way of example only, with reference to the accompanying diagrammatic drawings in which: Figure 1 shows a mobile terminal and a server between which secure wireless communication is to be established; Figure 2 is a diagrammatic representation of the public key (in a public/private key pair) of the server of Figure 1 in the form in which it may be sent to the mobile terminal for use in establishing the secure communication;
<Desc/Clms Page number 2>
Figure 3 corresponds to Figure 2 but shows a modification; Figure 4 is a block diagram showing the mobile terminal and the server and other units taking part in the process of establishing the secure communications in one implementation of the invention; and Figure 5 corresponds to Figure 4 but shows an additional unit used in another implementation of the invention.
Figure 1 shows a mobile terminal 10 which may, for example, be a mobile telephone or similar subscriber unit in a cellular telephone system. Figure 1 also shows a server 12 such as, for example, an application server with which the mobile terminal 10 wishes to establish secure wireless communication.
Although the terminal 10 has been characterised as being"mobile", there may be applications in which it is actually part of fixed equipment but nevertheless communicating wirelessly.
Secure communication between the mobile terminal 10 and the server 12 can be established using a public/private key system. Thus, if the mobile terminal 10 knows the public key of the server 12, it can use this public key to set up encrypted and secure transmission with the server which can only be decrypted by the server (using its own
<Desc/Clms Page number 3>
private key), and/or to verify the origin and integrity of information received from the server, which has been signed by the server (using its own private key). In order for this process to operate, it is necessary for the mobile terminal to know the public key of the server-that is, it is necessary for the server 12 to send its public key to the mobile terminal 10. It is clearly also necessary, of course, for the public key, when transmitted to the mobile terminal 10, to be authenticated in a manner satisfactory to the mobile terminal 10, so that the mobile terminal 10 can be certain that the received public key is indeed the public key of the server 12 and not a public key purporting to come from the server 12 and fraudulently transmitted by a third party. It is therefore known for a public key transmitted in this way to the mobile terminal 10 by the server 12 to be signed by a certificate from a trusted Certification Authority.
Figure 2 diagrammatically shows the server's public key 14 signed at 16 by such a certificate from a trusted Certification Authority and then transmitted to the mobile terminal 10. The mobile terminal 10 will store a root certificate relating to the Certification Authority 16A and will therefore be able to satisfy itself that the certificate which it receives has been signed by a trusted Certification Authority and thereby confirms that the accompanying public key is indeed the public key of the server 12.
The public key 14 may be authenticated not by one but by a chain of two or more certificates from respective trusted Certification Authorities as shown in Figure 3. Thus, certificate 18 is issued by a second Certification Authority 18A which confirms the
<Desc/Clms Page number 4>
authenticity of the public key 19 of Certification Authority 16A-while certificate 16 confirms the authenticity of the public key 14 of the server 12. The"certificate chain" shown in Figure 3 is transmitted to the mobile terminal 10. The mobile terminal 10 in this case needs to have a root certificate corresponding to Certification Authority 18A so that it can authenticate certificate 18. The mobile terminal accepts this certificate as authenticating the public key 19 of Certification Authority 16A, and hence accepts certificate 16 as authenticating the public key 14. This"certificate chain"can clearly be made up of more links between the root certificate stored on the mobile terminal 10 and the public key 14 of the server 12.
In operation, therefore, establishment of secure wireless telecommunication between the mobile terminal 10 and the server is initiated by a request A sent wirelessly by the mobile terminal 10 to the server 12, in response to which the server 12 transmits its public key such as in a certificate chain as described with reference to Figure 3, as shown at B. The mobile terminal 10 then checks the authenticity of the certificate signing the received certificate chain, using the appropriate root certificate which it holds.
However, this process does not provide complete authentication. In particular, it does not provide authentication against the possibility that the certificate purporting to authenticate the server's public key 14 may have been revoked or has expired because its expiry date has been reached. It is therefore known to provide a revocation server 20 to which any of the certificates in the chain from the server 12 may be referred and which can then
<Desc/Clms Page number 5>
check that the certificate authenticating the certificate chain from the server 12 is still valid. The revocation server 20 is arranged to be kept up to date with the current status of authenticating certificates issued by trusted Certification Authorities.
Therefore, the mobile terminal 10, in response to receipt of the certificate chain from the server 12 and having established the authenticity of its signing certificate (e. g. certificate 18 shown in Figure 3), sends the certificate chain (as a whole or in part) to the revocation server 20, by means of the wireless communication link C. Having checked that the authenticating certificate 18 is current and valid, the revocation server 20 then confirms this to the mobile terminal 10 by means of the wireless communication link D, returning the certificate chain now signed by its own public key. Mobile terminal 10 will hold the root certificate for the revocation server 20 and can thus establish the authenticity of the message from the revocation server.
In this way, therefore, the mobile terminal 10 can now be satisfied that it has the properly authenticated public key of a server 12 and can now use this to set up a secure transmission with the server. However, it is apparent from Figure I that this process requires a multiplicity of wireless transmissions which are expensive in time and cost and therefore unsatisfactory.
A first implementation of the invention will now be described with reference to Figure 4 in which items corresponding to Figure 1 are similarly referenced.
<Desc/Clms Page number 6>
The process of setting up secure wireless telecommunication between the mobile terminal
10 and the server 12 is initiated by means of a communication by the terminal 10 to the server 12 over a wireless link A. In response to this communication, the server 12 the server 12 sends a brief acknowledgement to the mobile terminal over a wireless link and then generates a certificate chain, such as shown in Figure 3. However, in accordance with a feature of the invention, the server 12 now sends this certificate chain direct to the revocation server 20 via a communication link E which is advantageously a wired connection (though it may, of course, be a wireless connection). The revocation server 20 now checks the authenticity of the certificate 18 of the certificate chain and ensures that it is current.
Assuming that the verification process carried out by the revocation server 20 produces a satisfactory result, the revocation server signifies this accordingly direct to the mobile terminal 10 by signing the certificate chain with its own certificate and transmitting this to the mobile terminal 10 via a wireless link E. Instead, the revocation server could transmit the so-signed certificate chain back to the server 12 by means of a wired link and the server 12 would then transmit the signed certificate to the mobile terminal 10 via a wireless link corresponding to the link E. The mobile terminal 10 can now verify the authenticity of the received certificate chain using the revocation server's root certificate which it holds, and is now satisfied that the public key of the server 12 which it has received is correctly authenticated and current. In this way, therefore, there is only one wireless communication of the certificate chain from the application server 12 (via the
<Desc/Clms Page number 7>
wireless link F)-as compared with the three wireless communications over the wireless links B, C and D of Figure 1.
Figure 5 shows a second implementation of the invention. Again, parts corresponding to parts in the other Figures are similarly referenced. In the implementation shown in Figure 5, however, an additional unit or server is provided in the form of an intermediate or "proxy"server 22. The proxy server 22 may be (though is not necessarily) part of the wireless telecommunications network within which the mobile terminal 10 is operative.
The proxy server 22 is linked by wired communication links to the application server 12 and the revocation server 20 as will be described in more detail below (though one or both of these links could be wireless if desired).
In operation, the mobile terminal 10 sends a request to the server 12 for its public key via a wireless link A. In response, the server 12 assembles its certificate chain (such as shown in Figure 2 or 3) and sends this to the proxy server 22 by a wired link G. At the same time, it may send an acknowledgement to the mobile terminal 10 via a wireless link B. Instead, the acknowledgement on the wireless link B may be sent to the mobile terminal 10 from the proxy server 22.
In response to receipt of the certificate chain from the server 12, the proxy server 22 sends the certificate chain to the revocation server 20 by means of a link H which is preferably a wired link, requesting the revocation server to check the validity of the certificate
<Desc/Clms Page number 8>
signing the certificate chain.
When the revocation server 20 has completed its validity checks, it informs the proxy server 22 accordingly by means of a wired link I. In response, the proxy server 22 now sends the certificate chain from the server 12, but duly signed by the revocation server 20, to the mobile terminal 10 by means of a wireless link J. Using the root certificates which it stores, the mobile terminal 10 can now check and confirm the authenticity of the public key from the server 12. Alternatively it would be possible for the revocation server 20 to send the signed certificate chain directly to the mobile terminal 10.
Again, the implementation shown in Figure 4 requires only one wireless transmission of the certificate chain (on link J)-like the implementation in Figure 4-instead of the three such wireless communications shown in Figure 1.
The implementation shown in Figure 5 is advantageous over that shown in Figure 4 in that the use of the proxy server 22 avoids any need for the operation of the server 12 to be modified. The carrying into practice of the implementation shown in Figure 4 obviously requires the cooperation of the server 12 (which must communicate direct with the revocation server 20 instead of with the mobile terminal 10), and the cooperation of all other similar servers with which the mobile terminal may wish to establish secure communication. In practice, it may be very difficult to achieve such cooperation which may require the agreement of many different service providers. In the case of the
<Desc/Clms Page number 9>
implementation shown in Figure 5, however, the proxy server 22 can be part of and under the control of the network within which the mobile terminal 10 is operative.
Nevertheless, there may be circumstances when the implementation shown in Figure 4 is suitable.
Although the implementations of the invention have been described with reference to mobile terminals and servers, they can in general be applied to any case where authentication of a public key has to be carried out using wireless communication.
Claims (40)
1. A method of authenticating predetermined data to be transmitted wirelessly from a data source to a destination, comprising the steps of combining the predetermined data with certifying data for authenticating the predetermined data, carrying out a validity check on the certifying data to establish its current validity, and wirelessly transmitting the predetermined data with the certifying data and the result of the validity check to the destination, the validity check being carried out before the predetermined data and the certifying data are transmitted to the destination.
2. A method according to claim 1, in which the validity checking step is carried out by a verification entity separate from the data source, and in which the data source transmits the certifying data to that entity for carrying out the validity check.
3. A method according to claim 2, in which the data source sends the certifying data to the said entity by a wired link.
4. A method according to claim 2 or 3, in which the data source sends the predetermined data combined with the certifying data to the verification entity, and the the combination is transmitted wirelessly to the destination together with verifying data which verifies the successful completion of the validity check.
<Desc/Clms Page number 11>
5. A method according to claim 2, in which the data source sends the certifying data to the verification entity via intermediate means which is provided for that purpose and is separate from and receives the certifying data from the data source.
6. A method according to claim 5, in which the intermediate means receives the certifying data from the data source by a wired link.
7. A method according to claim 5 or 6, in which the intermediate means transmits the certifying data to the verification entity by a wired link.
8. A method according to any one of claims 5 to 7, in which the data source sends the predetermined data combined with the certifying data to the verification entity via the intermediate means, the said entity adds verifying data to the combination which verifies the successful completion of the validity check, and the combination with the verifying data is wirelessly transmitted to the destination.
9. A method according to claim 8, in which the said entity transmits the combination back to the intermediate means together with the verifying data, and the combination with the verifying data is wirelessly transmitted to the destination by the intermediate means.
10. A method according to claim 8, in which the combination with the verifying data is wirelessly transmitted to the destination by the verification entity.
<Desc/Clms Page number 12>
11. A method according to claim 4,8, 9 or 10, in which the destination carries out an authentication check on the certifying data and the verifying data.
12. A method according to claim 11, in which the predetermined data comprises public key data and the certifying data comprises a certificate from a trusted Certification Authority relevant to the public key data and the data source.
13. A method according to claim 11, in which the predetermined data comprises public key data and the certifying data comprises a certificate from a trusted Certification Authority relevant to the public key data and the data source, and in which the verifying data is a certificate issued by a trusted Certification Authority relevant to the verifying data and the verification entity.
14. A method according to claim 12 or 13, in which the destination checks the authenticity of the certifying data by means of a relevant root certificate.
15. A method according to claim 13, in which the destination checks the authenticity of the verification data by means of a relevant root certificate.
16. A method according to any one of claims 2 to 15, in which the verification entity is a revocation server.
<Desc/Clms Page number 13>
17. A method according to any preceding claim, in which the destination is a mobile terminal in a wireless telecommunications network.
18. A method according to any preceding claim, in which the data source is a server forming part of the internet.
19. An arrangement for authenticating predetermined data to be transmitted wirelessly from a data source to a destination, comprising means in the data source for combining the predetermined data with certifying data for authenticating the predetermined data, verification means for carrying out a validity check on the certifying data to establish its current validity, and means for wirelessly transmitting the predetermined data with the certifying data and the result of the validity check to the destination, the validity check being carried out before the predetermined data and the certifying data are transmitted to the destination.
20. An arrangement according to claim 19, in which the data source transmits the certifying data to the verification means for carrying out the validity check.
21. An arrangement according to claim 20, in which the data source sends the certifying data to the verification means by a wired link.
22. An arrangement according to claim 20 or 21, in which the data source sends the
<Desc/Clms Page number 14>
predetermined data combined with the certifying data to the verification means and the verification means transmits the combination wirelessly to the destination together with verifying data which verifies the successful completion of the validity check.
23. An arrangement according to claim 20 or 21, in which the data source sends the predetermined data combined with the certifying data to the verification means, the verification means transmits the combination back to the data source together with verifying data which verifies the successful completion of the validity check, and the data source wirelessly transmits the combination to the destination together with the verifying data.
24. An arrangement according to claim 20, including intermediate means which transmits the certifying data to the verification means and which is separate from and receives the certifying data from the data source.
25. An arrangement according to claim 24, in which the intermediate means receives the certifying data from the data source by a wired link.
26. An arrangement according to claim 24 or 25, in which the intermediate means transmits the certifying data to the verification entity by a wired link.
27. An arrangement according to any one of claims 24 to 26, in which the data source
<Desc/Clms Page number 15>
sends the predetermined data combined with the certifying data to the verification means via the intermediate means, the verification means transmits the combination back to the intermediate means together with verifying data which verifies the successful completion of the validity check, and the intermediate means wirelessly transmits the combination with the verifying data to the destination.
28. An arrangement according to any one of claims 24 to 26, in which the data source sends the predetermined data combined with the certifying data to the verification means via the intermediate means and the verification means adds verifying data to the combination which verifies the successful completion of the validity check and wirelessly transmits the combination with the verifying data to the destination.
29. An arrangement according to claim 22,23, 26 or 27, in which the destination carries out an authentication check on the certifying data and the verifying data.
30. An arrangement according to claim 29, in which the predetermined data comprises public key data and the certifying data comprises a certificate from a trusted Certification Authority relevant to the public key data and the data source.
31. An arrangement according to claim 29, in which the predetermined data comprises public key data and the certifying data comprises a certificate from a trusted Certification Authority relevant to the public key data and the data source, and in which the verifying
<Desc/Clms Page number 16>
data is a certificate issued by a trusted Certification Authority relevant to the verifying data and the verification entity.
32. An arrangement according to claim 30 or 31, in which the destination checks the authenticity of the certifying data by means of a relevant root certificate.
33. An arrangement according to claim 31, in which the destination checks the authenticity of the verification data by means of a relevant root certificate.
34. An arrangement according to any one of claims 19 to 33, in which the verification means is a revocation server.
35. An arrangement according to any one of claims 19 to 34, in which the destination is a mobile terminal in a wireless telecommunications network.
36. An arrangement according to any one of claims 19 to 35, in which the data source is a server forming part of the internet.
37. A method of wirelessly authenticating public key data, substantially as described with reference to Figure 4 of the accompanying drawings.
38. A method of wirelessly authenticating public key data, substantially as described
<Desc/Clms Page number 17>
with reference to Figure 5 of the accompanying drawings.
39. An arrangement for wirelessly authenticating public key data, substantially as described with reference to Figure 4 of the accompanying drawings.
40. An arrangement for wirelessly authenticating public key data, substantially as described with reference to Figure 5 of the accompanying drawings.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0128054A GB2382501B (en) | 2001-11-22 | 2001-11-22 | Wireless telecommunication arrangements and methods |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0128054A GB2382501B (en) | 2001-11-22 | 2001-11-22 | Wireless telecommunication arrangements and methods |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0128054D0 GB0128054D0 (en) | 2002-01-16 |
| GB2382501A true GB2382501A (en) | 2003-05-28 |
| GB2382501B GB2382501B (en) | 2005-11-23 |
Family
ID=9926290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0128054A Expired - Fee Related GB2382501B (en) | 2001-11-22 | 2001-11-22 | Wireless telecommunication arrangements and methods |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2382501B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2407000A (en) * | 2003-10-09 | 2005-04-13 | Motorola Inc | Method of performing encrypted communication in a wireless communication system |
| US7461250B1 (en) * | 1999-07-22 | 2008-12-02 | Rsa Security, Inc. | System and method for certificate exchange |
| US8788802B2 (en) | 2005-09-29 | 2014-07-22 | Qualcomm Incorporated | Constrained cryptographic keys |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5687235A (en) * | 1995-10-26 | 1997-11-11 | Novell, Inc. | Certificate revocation performance optimization |
| US5699431A (en) * | 1995-11-13 | 1997-12-16 | Northern Telecom Limited | Method for efficient management of certificate revocation lists and update information |
| WO2000046950A1 (en) * | 1999-02-03 | 2000-08-10 | Sun Microsystems, Inc. | Authentication system and process |
| WO2001008351A1 (en) * | 1999-07-22 | 2001-02-01 | Rsa Security Inc. | System and method for certificate exchange |
| EP1096446A2 (en) * | 1999-11-01 | 2001-05-02 | Citicorp Development Center, Inc. | Method and system for secure communication between a self-service financial transaction terminal and a remote operator interface |
-
2001
- 2001-11-22 GB GB0128054A patent/GB2382501B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5687235A (en) * | 1995-10-26 | 1997-11-11 | Novell, Inc. | Certificate revocation performance optimization |
| US5699431A (en) * | 1995-11-13 | 1997-12-16 | Northern Telecom Limited | Method for efficient management of certificate revocation lists and update information |
| WO2000046950A1 (en) * | 1999-02-03 | 2000-08-10 | Sun Microsystems, Inc. | Authentication system and process |
| WO2001008351A1 (en) * | 1999-07-22 | 2001-02-01 | Rsa Security Inc. | System and method for certificate exchange |
| EP1096446A2 (en) * | 1999-11-01 | 2001-05-02 | Citicorp Development Center, Inc. | Method and system for secure communication between a self-service financial transaction terminal and a remote operator interface |
Non-Patent Citations (1)
| Title |
|---|
| Computer Security Applications 2000, 16th Annual Conference, 11-15 Dec. 2000, IEEE, pp120-127, Park J.S. and Sandhu R., "Binding identities and attributes using digitally signed certificates", see sections 2.1, 2.5 and 4.3 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7461250B1 (en) * | 1999-07-22 | 2008-12-02 | Rsa Security, Inc. | System and method for certificate exchange |
| GB2407000A (en) * | 2003-10-09 | 2005-04-13 | Motorola Inc | Method of performing encrypted communication in a wireless communication system |
| GB2407000B (en) * | 2003-10-09 | 2006-02-08 | Motorola Inc | Communication system communication unit and method for performing encrypted communication |
| US8788802B2 (en) | 2005-09-29 | 2014-07-22 | Qualcomm Incorporated | Constrained cryptographic keys |
Also Published As
| Publication number | Publication date |
|---|---|
| GB0128054D0 (en) | 2002-01-16 |
| GB2382501B (en) | 2005-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| FI117181B (en) | A method and system for identifying a user's identity | |
| CN108650227B (en) | Handshaking method and system based on datagram secure transmission protocol | |
| EP1249095B1 (en) | Method for issuing an electronic identity | |
| EP1540878B1 (en) | Linked authentication protocols | |
| AU777383B2 (en) | Authentication enforcement using decryption and authentication in a single transaction in a secure microprocessor | |
| US7742605B2 (en) | Method and system for authentification of a mobile user via a gateway | |
| US7542569B1 (en) | Security of data connections | |
| US8762710B2 (en) | Method and system for updating and using digital certificates | |
| EP1443795B1 (en) | Generating asymmetric keys in a telecommunications system | |
| EP2078371B1 (en) | Method and system for using pkcs registration on mobile environment | |
| CN104683359B (en) | A kind of safe channel establishing method and its data guard method and escape way key update method | |
| CN103905384B (en) | The implementation method of session handshake between built-in terminal based on secure digital certificate | |
| EP2254304B1 (en) | System and method for provisioning device certificates | |
| US20030163700A1 (en) | Method and system for user generated keys and certificates | |
| US20020056039A1 (en) | System for providing certification confirming agency service using double electronic signature | |
| CN1842993B (en) | Providing credentials | |
| KR20100071107A (en) | Entity bi-directional identificator method and system based on trustable third party | |
| MXPA01011969A (en) | Method and apparatus for initializing secure communications among, and for exclusively pairing wireless devices. | |
| IL162011A (en) | Use of a public key pair in the terminal for authentication and authorisation of the telecommunication user with the network operator and business partners | |
| CN1437375A (en) | Confirmation method for safe mobile e-business platform digital certificate | |
| CN108259486B (en) | End-to-end key exchange method based on certificate | |
| JP2007181123A (en) | Digital certificate exchange method, terminal device, and program | |
| US8130953B2 (en) | Security protection for data communication | |
| EP1961149B1 (en) | Method for securely associating data with http and https sessions | |
| CN116318997A (en) | Bidirectional identity authentication method between terminal and gateway |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20171122 |