WO2012100352A1 - Controlled security domains - Google Patents
Controlled security domains Download PDFInfo
- Publication number
- WO2012100352A1 WO2012100352A1 PCT/CA2012/050043 CA2012050043W WO2012100352A1 WO 2012100352 A1 WO2012100352 A1 WO 2012100352A1 CA 2012050043 W CA2012050043 W CA 2012050043W WO 2012100352 A1 WO2012100352 A1 WO 2012100352A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- security
- domain
- token
- series
- subscriber
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/006—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Definitions
- the present disclosure relates to a system and methods for controlling security domains within an untrusted environment.
- an "untrusted environment” shall be understood to mean any communications or networking environment in which it is possible for attackers to modify messages, delete messages or even add or replay messages.
- the public Internet is a common example of an untrusted environment, since it is not possible to prohibit attackers from modifying, deleting, adding or replaying messages.
- Cable and Satellite television distribution networks can also be untrusted, to the extent that, once set- top receiver/decoder units are distributed to end-users, they can be "hacked" to enable unauthorized access to programming content.
- the task of updating keys is simplified, somewhat, by the fact that a user must connect to a secure (trusted) resource at some time.
- a secure (trusted) resource For example, in a VPN, a remote user must log onto a secure server in order to access the services of the VPN.
- the user's set-top receiver/decoder unit In Cable and Satellite television distribution networks, the user's set-top receiver/decoder unit must be connected to a secure content server in order to receive programming content. In either case, the connection to the secure resource provides a means by which the age of the security token(s) stored on the user's remote device can be determined, and updated tokens distributed as required.
- an aspect of the present invention provides a security domain control method includes defining a sequential series of security domains; designating one of the security domains as a current domain; generating a plurality of security tokens under the current security domain, each security token being configured to enable a party to exchange cryptographically secured messages with another party that is holding any one of: a token generated under the current security domain; a token generated under at least one next security domain in the series; and a token generated under at least one previous security domain in the series; and subsequently designating a next one of the security domains in the series as a current domain.
- FIG. 1 is a block diagram showing a secure system implementing methods in accordance with a representative embodiment of the present invention
- FIG. 2 is a block diagram illustrating possible message exchange transactions in the system of FIG. 1 ;
- FIG. 3 is a message flow diagram illustrating a message exchange transaction in the system of FIG. 1 ;
- FIG. 4 is a block diagram illustrating possible message exchange transactions in a system according to a second embodiment of the present invention.
- an expiry date associated with security tokens can not be enforced in an untrusted environment, because there is no real-time clock associated with a security token that can be trusted. It would not be acceptable to trust the date and time reference of an uncontrolled terminal (eg. a subscriber's communications device) because of the ease with which such a date and time reference can be modified by a hacker.
- an uncontrolled terminal eg. a subscriber's communications device
- a service provider generates security tokens in accordance with a sequential series of security domains.
- Each security domain may be referenced by a domain ID which identifies its location within the series. It is anticipated that each security domain may comprise a respective Certification Authority (CA) for keys issued within that security domain, and respective cryptographic features (including algorithms), either of which may be the same or different from those of other security domains within the series.
- CA Certification Authority
- Each security token issued under a given security domain is configured to enable a party to exchange trusted messages with another party who has a security token issued under the same security domain or either of at least the two neighboring security domains within the series.
- the service provider can implement new security domains as and when they deem to be appropriate.
- the parties receiving tokens issued under the current security domain are able to exchange trusted messages with parties holding tokens issued under the current domain, the immediately previous domain, and the next domain in the series.
- This provides interoperability between successive security domains, while at the same time ensuring that the usefulness of tokens issued under older domains progressively diminishes, because parties holding older tokens cannot exchange secure messages with holders of tokens being issued under the current domain.
- each party has an incentive to update their token(s) to the current security domain to avoid obsolescence and consequent inability to exchange messaging with other parties in the secure system.
- tokens may be generated and downloaded to subscribers' communications devices, using methods known in the art.
- the subscribers' token(s) may be updated from time to time, for example when the subscriber uses their token to log into a secure server.
- tokens may be embedded within physical devices (eg. smart cards, etc.) which are then distributed to users.
- a service provider may provide a service whereby a subscriber can update the token(s) embedded within their device, or alternatively enable a user to exchange an old device for a new one.
- Figs 1 and 2 illustrate a secure system implementing aspects of the present invention. It will be noted that the illustrated system is based on public key cryptography, but those practiced in the art will understand that the same principles can be applied for the use of symmetric algorithms.
- a secure system comprises a host server (in this case maintained by a service provider) and a plurality of subscribers (four of which are illustrated), each of which are connected for communications through an un-trusted data network, such as the public internet.
- the host server maintains a sequential series of security domains, one of which is designated as the "current domain".
- each security domain is referenced by a respective domain series ID, and includes a designated Certification Authority (CA) for that security domain, and a Public Key (PK) issued by the designated certification authority for that security domain.
- CA Certification Authority
- PK Public Key
- each security domain in the series could have a different Certification Authority, if desired.
- the Public Key (PK) issued by the designated certification authority for each security domain in the series must be unique, at least among the security domains in the series.
- a new token is issued under the designated Current Domain, and includes: a respective unique token ID; respective Secret and Public Keys (SKx and PKx) unique to that token; a token public key certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain as well as each of the immediately preceding and succeeding security domains in the series.
- the token ID may include the domain series ID under which the token has been issued.
- the public keys [PK(nx)] may be stored in the form of public key certificates.
- Figs 1 and 2 four representative subscribers (A-D) are illustrated, of which only Subscriber D holds a token issued under the presently designated Current Domain (n4).
- Each of Subscribers A-C hold older tokens which were issued when respective earlier domains of the series were designated as the current domain.
- Subscriber A has received a token issued under security domain "n1 ", which includes the domain series ID (n1 ); a certificate [Pka by CA(n1 )] issued by the CA of security domain n1 ; and the public keys [PK(nO), PK(n1 ), PK(n2)] of security domain n1 as well as of security domains nO and n2.
- Subscriber B has received a token issued under security domain "n2", which includes the domain series ID (n2); a certificate [Pkb by CA(n2)] issued by the CA of security domain n2; and the public keys [PK(n1 ), PK(n2), PK(n3)] of security domain n2 as well as of security domains n1 and n3.
- Subscriber C has received a token issued under security domain "n3", which includes the domain series ID (n3); a certificate [Pkc by CA(n3)] issued by the CA of security domain n3; and the public keys [PK(n2), PK(n3), ⁇ ( ⁇ 4)] of security domain n3 as well as of security domains n2 and n4.
- Subscriber D has received a token issued under security domain "n4" (the designated Current Domain, which includes the domain series ID (n4); a certificate [Pkd by CA(n4)] issued by the CA of security domain n4; and the public keys [PK(n3), PK(n4), PK(n5)] of security domain n4 as well as of security domains n3 and n5.
- security domain "n" the designated Current Domain, which includes the domain series ID (n4); a certificate [Pkd by CA(n4)] issued by the CA of security domain n4; and the public keys [PK(n3), PK(n4), PK(n5)] of security domain n4 as well as of security domains n3 and n5.
- Subscribers A and B can exchange messages, because the overlapping sets of CA public keys in each token enables Subscriber A's n1 -domain token to validate messages received from Subscriber B, and Subscriber B's n2-domain token can validate messages received from Subscriber A.
- Subscriber B can exchange messages with both Subscriber A and Subscriber C, again because of the overlapping sets of CA public keys in each subscribers' token.
- Subscriber C can exchange messages with both Subscriber B and Subscriber D.
- Subscriber B is unable to exchange messages with Subscriber D
- Subscriber A is unable to exchange messages with either Subscriber C or Subscriber D.
- tokens issued under older security domains become progressively less useful, and are ultimately made obsolete.
- Fig 3 illustrates a possible message exchange scenario between Subscribers A and B.
- Subscriber A's communications device sends a challenge message containing an indication of the Domain Series ID of subscriber A's token.
- the Domain Series ID may comprise part of the Subscriber A's token ID, but this is not essential.
- Subscriber B's communications device can check the set of public keys contained in its token to determine whether or not it has a public key for Subscriber A's security domain (n1 ).
- the result of this verification check is "yes", so Subscriber B's communications device returns a corresponding Ack(OK) message to Subscriber A.
- Subscriber A's communications device can use its token to generate and send a cryptographically secured message, including Subscriber A's certificate to Subscribers B.
- Subscriber B's communications device can use its token to obtain the public key (PK(n1 )] of Subscriber A's security domain and verify the certificate contained in the received message.
- the token ID can be designed to include the domain series ID of the domain under which the token was issued.
- the token ID may be formatted as a 15-bit data field, of which the first 1 1 bits uniquely identify the token, and the trailing 4 bits comprise the domain series ID.
- Other suitable formats will be readily apparent to those of ordinary skill in the art , and may be used as desired.
- Embedding the domain series ID into the token ID in this manner offers an advantage in that it is not necessary for the receiving party (subscriber B in the above example) to send a challenge message to the sending party, as described above with reference to FIG 3. All that is required is that the sending party know the token ID of the intended recipient. This information may be passed to the sending party by any of a variety of means, and so avoids the need for a real time connection between the two parties, implicit in a challenge/response transaction.
- Fig 4 illustrates an alternative embodiment in which each new token issued under a given Current Domain includes: respective Secret and Public Keys (SKx and PKx) unique to that token; a certificate issued by the designated CA for that security domain; and the Public Keys [PK(nx)] of the current security domain, the next security domain and both of the previous two security domains.
- Subscriber C's token includes the domain series ID (n3); a certificate [Pkc by CA(n3)] issued by the CA of security domain n3 as in the embodiment of Figs 1 and 2; but now has four public keys [PK(n1 ), PK(n2), PK(n3), PK(n4)] of security domains n1 -n4.
- Subscriber D's token has the domain series ID (n4); a certificate [Pkd by CA(n4)] issued by the CA of security domain n4, as in the embodiment of Figs 1 and 2; but now has four public keys [PK(n2), PK(n3), PK(n4), PK(n5)] of security domains n2-n5.
- Subscriber A is able to send messages to Subscriber C because Subscriber C's token includes the Public Key [PK(n1 )] of Subscriber A's security domain, but Subscriber A is not able to receive messages from of Subscriber C, because Subscriber A's token does not contain the Public Key [PK(n3)] of Subscriber C's security domain and so cannot recognize Subscriber C's certificate.
- Subscriber B is able to send messages to Subscriber D, but cannot receive messages from Subscriber D.
- This arrangement is useful in that it provides a more progressive degradation in the usefulness of older tokens, because parties holding older tokens experience a reduced ability to communicate with parties holding tokens issued under the current security domain, rather than being cut off completely.
- a user's security token(s) may be updated by replacing their old token(s) with a new token issued under the current security domain.
- a service provider may choose to update security tokens under the current domain; that is, without implementing the next security domain in the series. For example, when a subscriber logs into a secure server, the user's security token may be modified by adding or deleting CA public keys, and thereby alter the ability of the user to exchange trusted messaging with users holding tokens issued under other security domains.
- the firmware controlling the processor 10 may be configured to pass token updates to other tokens.
- a user's security token may be updated or modified without changing the security domain.
- the processor's firmware may operate to communicate information regarding the change to other tokens having the same domain series ID, for example in an encrypted field embedded within content transfer messages.
- the processor 10 may decrypt the field to extract the token change information, and, if appropriate, update the content of its own token accordingly.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2012210978A AU2012210978B2 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
KR1020137020013A KR101690093B1 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
CA2824696A CA2824696A1 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
CN201280006590.8A CN103416020B (en) | 2011-01-28 | 2012-01-27 | Controlled security domain |
JP2013550716A JP6175600B2 (en) | 2011-01-28 | 2012-01-27 | Security domain control method |
EP12738926.0A EP2668737A4 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161437147P | 2011-01-28 | 2011-01-28 | |
US61/437,147 | 2011-01-28 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012100352A1 true WO2012100352A1 (en) | 2012-08-02 |
Family
ID=46580160
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2012/050043 WO2012100352A1 (en) | 2011-01-28 | 2012-01-27 | Controlled security domains |
Country Status (8)
Country | Link |
---|---|
US (1) | US8699710B2 (en) |
EP (1) | EP2668737A4 (en) |
JP (1) | JP6175600B2 (en) |
KR (1) | KR101690093B1 (en) |
CN (1) | CN103416020B (en) |
AU (1) | AU2012210978B2 (en) |
CA (1) | CA2824696A1 (en) |
WO (1) | WO2012100352A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013144719A1 (en) * | 2012-03-26 | 2013-10-03 | Assa Abloy Ab | Field revisions for a personal security device |
US10897360B2 (en) * | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using clean room provisioning |
US11838284B2 (en) * | 2020-02-03 | 2023-12-05 | T-Mobile Usa, Inc. | Cross-domain proof-of-possession |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020071563A1 (en) * | 2000-12-12 | 2002-06-13 | Kurn David Michael | Method and apparatus for cryptographic key rollover during operation |
US20040098589A1 (en) * | 2002-11-14 | 2004-05-20 | Identicrypt, Inc. | Identity-based encryption system |
US7065210B1 (en) * | 1999-01-25 | 2006-06-20 | Murata Kikai Kabushiki Kaisha | Secret key generation method, encryption method, cryptographic communications method, common key generator, cryptographic communications system, and recording media |
EP1798932A2 (en) | 2005-12-13 | 2007-06-20 | Hitachi, Ltd. | Data communication method and data communication system |
US7620187B1 (en) * | 2005-03-30 | 2009-11-17 | Rockwell Collins, Inc. | Method and apparatus for ad hoc cryptographic key transfer |
US20100122081A1 (en) | 2008-11-12 | 2010-05-13 | Sato Akane | Method of validation public key certificate and validation server |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020062451A1 (en) * | 1998-09-01 | 2002-05-23 | Scheidt Edward M. | System and method of providing communication security |
US7103784B1 (en) * | 2000-05-05 | 2006-09-05 | Microsoft Corporation | Group types for administration of networks |
US20020031230A1 (en) * | 2000-08-15 | 2002-03-14 | Sweet William B. | Method and apparatus for a web-based application service model for security management |
JP3588042B2 (en) * | 2000-08-30 | 2004-11-10 | 株式会社日立製作所 | Certificate validity checking method and device |
JP2001242785A (en) * | 2001-04-20 | 2001-09-07 | Ntt Data Corp | Digital signature system |
US7568218B2 (en) * | 2002-10-31 | 2009-07-28 | Microsoft Corporation | Selective cross-realm authentication |
JP2004166154A (en) * | 2002-11-15 | 2004-06-10 | Nec Corp | Key control system for multicast distribution |
US20040123152A1 (en) * | 2002-12-18 | 2004-06-24 | Eric Le Saint | Uniform framework for security tokens |
ATE494693T1 (en) * | 2003-04-16 | 2011-01-15 | Ericsson Telefon Ab L M | AUTHENTICATION PROCEDURE |
JP3894181B2 (en) * | 2003-10-10 | 2007-03-14 | 株式会社日立製作所 | Method and apparatus for speeding up public key certificate verification |
WO2005038818A1 (en) * | 2003-10-14 | 2005-04-28 | Telefonaktiebolaget Lm Ericsson (Publ) | Efficient management of cryptographic key generations |
US20060053285A1 (en) | 2004-07-29 | 2006-03-09 | Kimmel Gerald D | Object access level |
US7130998B2 (en) * | 2004-10-14 | 2006-10-31 | Palo Alto Research Center, Inc. | Using a portable security token to facilitate cross-certification between certification authorities |
US20060218628A1 (en) * | 2005-03-22 | 2006-09-28 | Hinton Heather M | Method and system for enhanced federated single logout |
US7788484B2 (en) * | 2005-11-30 | 2010-08-31 | Microsoft Corporation | Using hierarchical identity based cryptography for authenticating outbound mail |
CN100546245C (en) * | 2006-01-11 | 2009-09-30 | 西安电子科技大学 | Stride the network authentication and the method for distributing key of security domain |
JP4270219B2 (en) * | 2006-03-31 | 2009-05-27 | ブラザー工業株式会社 | COMMUNICATION SYSTEM, SERVER DEVICE, AND PROGRAM |
US8538028B2 (en) * | 2006-11-20 | 2013-09-17 | Toposis Corporation | System and method for secure electronic communication services |
EP1976220A1 (en) * | 2007-03-30 | 2008-10-01 | British Telecommunications Public Limited Company | Computer network |
JP4594962B2 (en) * | 2007-06-04 | 2010-12-08 | 株式会社日立製作所 | Verification server, program, and verification method |
US8037298B2 (en) * | 2008-01-31 | 2011-10-11 | Park Avenue Capital LLC | System and method for providing security via a top level domain |
JP5077186B2 (en) * | 2008-10-17 | 2012-11-21 | 富士通株式会社 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM |
US8990562B2 (en) * | 2010-10-08 | 2015-03-24 | Microsoft Technology Licensing, Llc | Secure deployment of provable identity for dynamic application environments |
-
2012
- 2012-01-27 CN CN201280006590.8A patent/CN103416020B/en not_active Expired - Fee Related
- 2012-01-27 US US13/360,337 patent/US8699710B2/en not_active Expired - Fee Related
- 2012-01-27 EP EP12738926.0A patent/EP2668737A4/en not_active Withdrawn
- 2012-01-27 KR KR1020137020013A patent/KR101690093B1/en active IP Right Grant
- 2012-01-27 JP JP2013550716A patent/JP6175600B2/en not_active Expired - Fee Related
- 2012-01-27 WO PCT/CA2012/050043 patent/WO2012100352A1/en active Application Filing
- 2012-01-27 CA CA2824696A patent/CA2824696A1/en not_active Abandoned
- 2012-01-27 AU AU2012210978A patent/AU2012210978B2/en not_active Ceased
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7065210B1 (en) * | 1999-01-25 | 2006-06-20 | Murata Kikai Kabushiki Kaisha | Secret key generation method, encryption method, cryptographic communications method, common key generator, cryptographic communications system, and recording media |
US20020071563A1 (en) * | 2000-12-12 | 2002-06-13 | Kurn David Michael | Method and apparatus for cryptographic key rollover during operation |
US20040098589A1 (en) * | 2002-11-14 | 2004-05-20 | Identicrypt, Inc. | Identity-based encryption system |
US7620187B1 (en) * | 2005-03-30 | 2009-11-17 | Rockwell Collins, Inc. | Method and apparatus for ad hoc cryptographic key transfer |
EP1798932A2 (en) | 2005-12-13 | 2007-06-20 | Hitachi, Ltd. | Data communication method and data communication system |
US20100122081A1 (en) | 2008-11-12 | 2010-05-13 | Sato Akane | Method of validation public key certificate and validation server |
Non-Patent Citations (1)
Title |
---|
See also references of EP2668737A4 * |
Also Published As
Publication number | Publication date |
---|---|
AU2012210978B2 (en) | 2015-11-26 |
US20120257751A1 (en) | 2012-10-11 |
CN103416020A (en) | 2013-11-27 |
CA2824696A1 (en) | 2012-08-02 |
EP2668737A1 (en) | 2013-12-04 |
EP2668737A4 (en) | 2016-01-06 |
KR101690093B1 (en) | 2016-12-27 |
KR20140004703A (en) | 2014-01-13 |
CN103416020B (en) | 2015-12-23 |
US8699710B2 (en) | 2014-04-15 |
JP6175600B2 (en) | 2017-08-09 |
JP2014504120A (en) | 2014-02-13 |
AU2012210978A1 (en) | 2013-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7231526B2 (en) | System and method for validating a network session | |
CN113691560B (en) | Data transmission method, method for controlling data use, and cryptographic device | |
US20200320178A1 (en) | Digital rights management authorization token pairing | |
US12003634B2 (en) | Systems and methods for encrypted content management | |
US11652633B2 (en) | System and method for securely transmitting non-PKI encrypted messages | |
CN108476134B (en) | Method and apparatus for utilizing scrambled services | |
CN110852745A (en) | Block chain distributed dynamic network key automatic updating method | |
CN109525565B (en) | Defense method and system for short message interception attack | |
US8006249B2 (en) | Method of implementing a state tracking mechanism in a communications session between a server and a client system | |
KR101839048B1 (en) | End-to-End Security Platform of Internet of Things | |
US20120155647A1 (en) | Cryptographic devices & methods | |
US8699710B2 (en) | Controlled security domains | |
KR102413497B1 (en) | Systems and methods for secure electronic data transmission | |
US11570008B2 (en) | Pseudonym credential configuration method and apparatus | |
CN112906032A (en) | File secure transmission method, system and medium based on CP-ABE and block chain | |
Kraxberger et al. | Trusted identity management for overlay networks | |
Madhuri et al. | Data Migration Techniques in Cloud | |
CN104901932A (en) | Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology | |
CN118214587A (en) | Mail secure communication method, device, equipment and medium | |
Bai et al. | Security mechanism for the interactive satellite remote education system based on dtn | |
CA2706147C (en) | Downloadable security based on certificate status | |
Nagasuresh et al. | Defense against Illegal Use of Single Sign on Mechanism for Distributed Network Services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12738926 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012738926 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2824696 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2013550716 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20137020013 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2012210978 Country of ref document: AU Date of ref document: 20120127 Kind code of ref document: A |