JP5714596B2 - 証明書属性に基づくipセキュリティ証明書交換 - Google Patents

証明書属性に基づくipセキュリティ証明書交換 Download PDF

Info

Publication number
JP5714596B2
JP5714596B2 JP2012538846A JP2012538846A JP5714596B2 JP 5714596 B2 JP5714596 B2 JP 5714596B2 JP 2012538846 A JP2012538846 A JP 2012538846A JP 2012538846 A JP2012538846 A JP 2012538846A JP 5714596 B2 JP5714596 B2 JP 5714596B2
Authority
JP
Japan
Prior art keywords
certificate
endpoint
attributes
security
ipsec
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2012538846A
Other languages
English (en)
Japanese (ja)
Other versions
JP2013511209A5 (https=
JP2013511209A (ja
Inventor
パナシュク アナトリー
パナシュク アナトリー
レンジゴウダ ダルシャン
レンジゴウダ ダルシャン
シュクラ アビシェク
シュクラ アビシェク
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of JP2013511209A publication Critical patent/JP2013511209A/ja
Publication of JP2013511209A5 publication Critical patent/JP2013511209A5/ja
Application granted granted Critical
Publication of JP5714596B2 publication Critical patent/JP5714596B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
JP2012538846A 2009-11-12 2010-10-28 証明書属性に基づくipセキュリティ証明書交換 Expired - Fee Related JP5714596B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/616,789 US9912654B2 (en) 2009-11-12 2009-11-12 IP security certificate exchange based on certificate attributes
US12/616,789 2009-11-12
PCT/US2010/054573 WO2011059774A2 (en) 2009-11-12 2010-10-28 Ip security certificate exchange based on certificate attributes

Publications (3)

Publication Number Publication Date
JP2013511209A JP2013511209A (ja) 2013-03-28
JP2013511209A5 JP2013511209A5 (https=) 2013-11-28
JP5714596B2 true JP5714596B2 (ja) 2015-05-07

Family

ID=43975149

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2012538846A Expired - Fee Related JP5714596B2 (ja) 2009-11-12 2010-10-28 証明書属性に基づくipセキュリティ証明書交換

Country Status (6)

Country Link
US (1) US9912654B2 (https=)
EP (1) EP2499778B1 (https=)
JP (1) JP5714596B2 (https=)
KR (1) KR101791708B1 (https=)
CN (1) CN102612820B (https=)
WO (1) WO2011059774A2 (https=)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102010044518A1 (de) * 2010-09-07 2012-03-08 Siemens Aktiengesellschaft Verfahren zur Zertifikats-basierten Authentisierung
JP5880401B2 (ja) * 2012-11-15 2016-03-09 富士ゼロックス株式会社 通信装置及びプログラム
US20160366124A1 (en) * 2015-06-15 2016-12-15 Qualcomm Incorporated Configuration and authentication of wireless devices
JP6727292B2 (ja) * 2015-08-24 2020-07-22 華為技術有限公司Huawei Technologies Co.,Ltd. セキュリティ認証方法、構成方法、および関連デバイス
JP7208707B2 (ja) * 2017-02-17 2023-01-19 キヤノン株式会社 情報処理装置及びその制御方法とプログラム
WO2019133434A1 (en) * 2017-12-29 2019-07-04 Pensando Systems Inc. Methods and systems for cryptographic identity based network microsegmentation
KR102250081B1 (ko) 2019-02-22 2021-05-10 데이터얼라이언스 주식회사 공개 원장 기반 크리덴셜 자율적 운영 시스템 및 방법
US11783062B2 (en) 2021-02-16 2023-10-10 Microsoft Technology Licensing, Llc Risk-based access to computing environment secrets

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5530758A (en) * 1994-06-03 1996-06-25 Motorola, Inc. Operational methods for a secure node in a computer network
US5548646A (en) * 1994-09-15 1996-08-20 Sun Microsystems, Inc. System for signatureless transmission and reception of data packets between computer networks
CA2228687A1 (en) * 1998-02-04 1999-08-04 Brett Howard Secured virtual private networks
US7461250B1 (en) * 1999-07-22 2008-12-02 Rsa Security, Inc. System and method for certificate exchange
GB2357226B (en) * 1999-12-08 2003-07-16 Hewlett Packard Co Security protocol
US20020007346A1 (en) * 2000-06-06 2002-01-17 Xin Qiu Method and apparatus for establishing global trust bridge for multiple trust authorities
US7113996B2 (en) * 2000-07-21 2006-09-26 Sandy Craig Kronenberg Method and system for secured transport and storage of data on a network
US7072870B2 (en) * 2000-09-08 2006-07-04 Identrus, Llc System and method for providing authorization and other services
US6915437B2 (en) * 2000-12-20 2005-07-05 Microsoft Corporation System and method for improved network security
US7073055B1 (en) * 2001-02-22 2006-07-04 3Com Corporation System and method for providing distributed and dynamic network services for remote access server users
US7272714B2 (en) * 2002-05-31 2007-09-18 International Business Machines Corporation Method, apparatus, and program for automated trust zone partitioning
US7185199B2 (en) * 2002-08-30 2007-02-27 Xerox Corporation Apparatus and methods for providing secured communication
US20040093492A1 (en) * 2002-11-13 2004-05-13 Olivier Daude Virtual private network management with certificates
JP4352728B2 (ja) 2003-03-11 2009-10-28 株式会社日立製作所 サーバ装置、端末制御装置及び端末認証方法
AR043588A1 (es) * 2003-03-12 2005-08-03 Nationwide Mutual Insurance Co Metodo para implementar un programa de administracion de riesgos
US7308711B2 (en) 2003-06-06 2007-12-11 Microsoft Corporation Method and framework for integrating a plurality of network policies
US20050086468A1 (en) * 2003-10-17 2005-04-21 Branislav Meandzija Digital certificate related to user terminal hardware in a wireless network
AU2005234051A1 (en) * 2004-04-12 2005-10-27 Intercomputer Corporation Secure messaging system
ZA200508074B (en) 2004-10-14 2007-12-27 Microsoft Corp System and methods for providing network quarantine using ipsec
US20060085850A1 (en) * 2004-10-14 2006-04-20 Microsoft Corporation System and methods for providing network quarantine using IPsec
KR100759489B1 (ko) 2004-11-18 2007-09-18 삼성전자주식회사 이동통신망에서 공개키 기반구조를 이용한 아이피보안터널의 보안 방법 및 장치
US20060174125A1 (en) * 2005-01-31 2006-08-03 Brookner George M Multiple cryptographic key security device
US20080022392A1 (en) * 2006-07-05 2008-01-24 Cisco Technology, Inc. Resolution of attribute overlap on authentication, authorization, and accounting servers
US20090025080A1 (en) * 2006-09-27 2009-01-22 Craig Lund System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
US8429734B2 (en) * 2007-07-31 2013-04-23 Symantec Corporation Method for detecting DNS redirects or fraudulent local certificates for SSL sites in pharming/phishing schemes by remote validation and using a credential manager and recorded certificate attributes
AU2009205675B2 (en) * 2008-01-18 2014-09-25 Identrust, Inc. Binding a digital certificate to multiple trust domains
US20100318788A1 (en) * 2009-06-12 2010-12-16 Alexandro Salvarani Method of managing secure communications
US8250866B2 (en) 2009-07-30 2012-08-28 Ford Global Technologies, Llc EGR extraction immediately downstream pre-turbo catalyst

Also Published As

Publication number Publication date
EP2499778A2 (en) 2012-09-19
EP2499778B1 (en) 2019-08-07
CN102612820B (zh) 2016-03-02
KR20120094926A (ko) 2012-08-27
WO2011059774A2 (en) 2011-05-19
CN102612820A (zh) 2012-07-25
US20110113481A1 (en) 2011-05-12
US9912654B2 (en) 2018-03-06
KR101791708B1 (ko) 2017-11-20
WO2011059774A3 (en) 2011-09-29
JP2013511209A (ja) 2013-03-28
EP2499778A4 (en) 2017-01-04

Similar Documents

Publication Publication Date Title
JP5714596B2 (ja) 証明書属性に基づくipセキュリティ証明書交換
CN109413032B (zh) 一种单点登录方法、计算机可读存储介质及网关
EP1914658B1 (en) Identity controlled data center
US20090199277A1 (en) Credential arrangement in single-sign-on environment
CN101099143B (zh) 使用属性证书实现网络设备授权的系统与方法
CN102752319B (zh) 一种云计算安全访问方法、装置及系统
CN1914881B (zh) 用于在网格计算系统中授权卸载网格作业的方法和系统
US20140289830A1 (en) Method and system of a secure access gateway
KR20100029098A (ko) 비보안 네트워크들을 통한 장치 프로비저닝 및 도메인 조인 에뮬레이션
JP2010525471A (ja) 段階的認証システム
CN102916946B (zh) 接入控制方法及系统
CN101675640A (zh) 认证网关的自发起端到端监控
US20220311777A1 (en) Hardening remote administrator access
JP7784211B2 (ja) コンピューティング・ネットワークへの許可型ブロックチェーン・アクセスのためのシステムおよび方法
WO2022143935A1 (zh) 基于区块链的sdp访问控制方法及系统
CN111628960B (zh) 用于连接至专用网络上的网络服务的方法和装置
CN102546166A (zh) 一种身份认证方法、系统及装置
CN102694789B (zh) 用于场内富客户端的轻量认证
US8935417B2 (en) Method and system for authorization and access control delegation in an on demand grid environment
US8910250B2 (en) User notifications during computing network access
JP5471150B2 (ja) 認証システム、認証装置、およびこれらの制御方法、ならびに制御プログラム
US8185945B1 (en) Systems and methods for selectively requesting certificates during initiation of secure communication sessions
CN101129043A (zh) 用于将客户机连接到网络的方法、系统和程序产品
CN116094852B (zh) 设备的管理方法、管理装置、计算机设备及存储介质
JP7703173B2 (ja) ユーザ認証に基づくパケット分類を用いる船舶ネットワークの差分セキュリティサービス提供方法及び装置

Legal Events

Date Code Title Description
RD03 Notification of appointment of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7423

Effective date: 20130712

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20130719

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20131010

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20131010

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20141015

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20141021

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20150116

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20150210

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20150311

R150 Certificate of patent or registration of utility model

Ref document number: 5714596

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees