专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20040268152A1 Computer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys 有权
标题翻译：基于计算机的动态安全非缓存交付安全凭证，如数字签名的证书或密钥
公开(公告)号：US20040268152A1
公开(公告)日：2004-12-30
申请号：US10875606
申请日：2004-06-25
申请人： WRQ, Inc.
发明人： Sharon Xia , Eduardo Munoz , Dan Brombaugh
IPC分类号： H04L009/00
CPC分类号： H04L63/0281 , H04L63/0442 , H04L63/0823 , H04L63/12 , H04L63/126 , H04L63/166
摘要： The technology herein can be used to dynamically deploy secure credentials including but not limited to digital certificates in a secure manner to provide higher levels of security and control than in some other previous arrangements. In one exemplary non-limiting illustrative arrangement, a management server acts as a repository for a plurality of user certificates corresponding to a plurality of users. When a user wishes to access a remote computer such as a secure-enabled host requiring a secure credential, her computer sends a request message to the management server. The management server may perform its own validity checking (e.g., based on password protection, directory information including user authorization, or a variety of other techniques). Once the management server is satisfied that the requesting user is authorized to access the secure host or other remote computer, the management server sends the user the necessary secure credential in a manner that is on demand (in other words, at the time the client certificate or key pair is needed to complete the connection to another server and not before); is secure during transmission; and is provided in a manner which prevents the client from using the client certificate or key pair to commence a new session to the SSL or SSH hosts after the User's session with server A has ended. In one example arrangement, the user's computer does not persistently store the secure credential but rather maintains the secure credential in volatile memory such as for example random access memory or other memory that will be reliable erased (e.g., by overwriting with other information).
摘要翻译：本技术中的技术可用于以安全的方式动态部署安全凭证，包括但不限于数字证书，以提供比一些其他先前安排更高级别的安全性和控制性。在一个示例性的非限制性说明性布置中，管理服务器充当与多个用户对应的多个用户证书的存储库。当用户希望访问诸如需要安全凭证的安全启用主机的远程计算机时，她的计算机向管理服务器发送请求消息。管理服务器可以执行其自己的有效性检查（例如，基于密码保护，包括用户授权的目录信息或各种其他技术）。一旦管理服务器确信请求用户被授权访问安全主机或其他远程计算机，则管理服务器以按需的方式向用户发送必要的安全凭证（换句话说，当客户端证书或密钥对来完成与其他服务器的连接，而不是之前）; 在传输过程中是安全的; 并且以与在服务器A的用户会话结束之后防止客户端使用客户端证书或密钥对开始到SSL或SSH主机的新会话的方式提供。在一个示例性布置中，用户的计算机不会持续存储安全凭证，而是将安全凭证维护在易失性存储器中，例如随机存取存储器或将被可靠擦除的其他存储器（例如，通过用其它信息重写）。

IPRDB

热门服务

关于我们

友情链接

联系方式