CN101099143B - 使用属性证书实现网络设备授权的系统与方法 - Google Patents
使用属性证书实现网络设备授权的系统与方法 Download PDFInfo
- Publication number
- CN101099143B CN101099143B CN2005800161498A CN200580016149A CN101099143B CN 101099143 B CN101099143 B CN 101099143B CN 2005800161498 A CN2005800161498 A CN 2005800161498A CN 200580016149 A CN200580016149 A CN 200580016149A CN 101099143 B CN101099143 B CN 101099143B
- Authority
- CN
- China
- Prior art keywords
- network equipment
- attribute
- attribute certificate
- network
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/163—Interprocessor communication
- G06F15/173—Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (11)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/823,378 | 2004-04-12 | ||
US10/823,378 US7650409B2 (en) | 2004-04-12 | 2004-04-12 | System and method for enabling authorization of a network device using attribute certificates |
PCT/IB2005/000828 WO2005096701A2 (en) | 2004-04-12 | 2005-03-25 | System and method for enabling authorization of a network device using attribute certificates |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101099143A CN101099143A (zh) | 2008-01-02 |
CN101099143B true CN101099143B (zh) | 2012-05-30 |
Family
ID=35061838
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2005800161498A Expired - Fee Related CN101099143B (zh) | 2004-04-12 | 2005-03-25 | 使用属性证书实现网络设备授权的系统与方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US7650409B2 (zh) |
EP (1) | EP1738274A4 (zh) |
KR (1) | KR100894555B1 (zh) |
CN (1) | CN101099143B (zh) |
WO (1) | WO2005096701A2 (zh) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2350971A (en) * | 1999-06-07 | 2000-12-13 | Nokia Mobile Phones Ltd | Security Architecture |
US8271790B2 (en) * | 2004-12-30 | 2012-09-18 | Safend Ltd. | Method and system for securely identifying computer storage devices |
US10764264B2 (en) * | 2005-07-11 | 2020-09-01 | Avaya Inc. | Technique for authenticating network users |
DE102006036107A1 (de) * | 2006-04-11 | 2007-10-18 | Siemens Ag | Verfahren zur Ermittlung einer Aufgabenerlaubnis |
US8132245B2 (en) * | 2006-05-10 | 2012-03-06 | Appia Communications, Inc. | Local area network certification system and method |
US8010784B2 (en) | 2006-10-10 | 2011-08-30 | Adobe Systems Incorporated | Method and apparatus for achieving conformant public key infrastructures |
US7945946B2 (en) * | 2007-02-06 | 2011-05-17 | Red Hat, Inc. | Attribute level access control |
US7984490B2 (en) * | 2007-05-31 | 2011-07-19 | Red Hat, Inc. | Method for issuing attribute certificate from an LDAP entry |
US8046585B2 (en) * | 2007-05-31 | 2011-10-25 | Red Hat, Inc. | Verifying authenticity of an attribute value signature |
US7895441B2 (en) * | 2007-05-31 | 2011-02-22 | Red Hat, Inc. | LDAP grouping for digital signature creation |
US8326353B1 (en) | 2007-06-27 | 2012-12-04 | ENORCOM Corporation | Customizable mobile device |
US8311513B1 (en) | 2007-06-27 | 2012-11-13 | ENORCOM Corporation | Automated mobile system |
US8910234B2 (en) * | 2007-08-21 | 2014-12-09 | Schneider Electric It Corporation | System and method for enforcing network device provisioning policy |
KR100943921B1 (ko) * | 2007-09-04 | 2010-02-24 | 경원대학교 산학협력단 | 그룹 속성 인증서 발급 시스템과 그 그룹 속성 인증서를이용한 라이센스 발급 시스템 및 라이센스 발급 방법 |
US8826034B1 (en) * | 2007-09-28 | 2014-09-02 | Symantec Corporation | Selective revocation of heuristic exemption for content with digital signatures |
US8621561B2 (en) * | 2008-01-04 | 2013-12-31 | Microsoft Corporation | Selective authorization based on authentication input attributes |
US10146926B2 (en) * | 2008-07-18 | 2018-12-04 | Microsoft Technology Licensing, Llc | Differentiated authentication for compartmentalized computing resources |
JP2011191940A (ja) * | 2010-03-12 | 2011-09-29 | Canon Inc | 検証装置、ジョブチケット検証方法、およびプログラム |
DE102010044518A1 (de) * | 2010-09-07 | 2012-03-08 | Siemens Aktiengesellschaft | Verfahren zur Zertifikats-basierten Authentisierung |
US10642849B2 (en) | 2010-10-25 | 2020-05-05 | Schneider Electric It Corporation | Methods and systems for providing improved access to data and measurements in a management system |
US9762578B2 (en) | 2010-10-25 | 2017-09-12 | Schneider Electric It Corporation | Methods and systems for establishing secure authenticated bidirectional server communication using automated credential reservation |
US8707026B2 (en) * | 2011-07-13 | 2014-04-22 | International Business Machines Corporation | Apparatus for certificate-based cookie security |
US8769651B2 (en) * | 2012-09-19 | 2014-07-01 | Secureauth Corporation | Mobile multifactor single-sign-on authentication |
CN103796342B (zh) * | 2014-01-24 | 2017-02-15 | 北京奇虎科技有限公司 | 属性信息的显示系统和路由器 |
CN106250727A (zh) * | 2016-08-16 | 2016-12-21 | 深圳市冠旭电子股份有限公司 | 一种软件保护方法及装置 |
CN109690543B (zh) * | 2016-09-26 | 2021-04-09 | 华为技术有限公司 | 安全认证方法、集成电路及系统 |
KR102367738B1 (ko) * | 2016-11-09 | 2022-02-25 | 한국전자기술연구원 | 가상 리소스의 그룹 멤버 유효성 검증 방법 |
EP3663956A1 (de) * | 2018-12-03 | 2020-06-10 | Steen Harbach AG | Mikrocontroller |
JP7215342B2 (ja) * | 2019-06-06 | 2023-01-31 | 富士通株式会社 | 通信プログラム、通信方法、および、通信装置 |
US20230239286A1 (en) * | 2022-01-26 | 2023-07-27 | Microsoft Technology Licensing, Llc | Dynamic attachment of secure properties to machine identity with digital certificates |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ATE313203T1 (de) * | 1997-06-25 | 2005-12-15 | Inforonics Inc | Vorrichtung und verfahren zur identifizierung von klienten die an netzwer-sites zugreifen |
US6199113B1 (en) * | 1998-04-15 | 2001-03-06 | Sun Microsystems, Inc. | Apparatus and method for providing trusted network security |
US6453353B1 (en) * | 1998-07-10 | 2002-09-17 | Entrust, Inc. | Role-based navigation of information resources |
US6847995B1 (en) * | 2000-03-30 | 2005-01-25 | United Devices, Inc. | Security architecture for distributed processing systems and associated method |
US7092987B2 (en) * | 2001-02-13 | 2006-08-15 | Educational Testing Service | Remote computer capabilities querying and certification |
US20020144108A1 (en) * | 2001-03-29 | 2002-10-03 | International Business Machines Corporation | Method and system for public-key-based secure authentication to distributed legacy applications |
US6986047B2 (en) * | 2001-05-10 | 2006-01-10 | International Business Machines Corporation | Method and apparatus for serving content from a semi-trusted server |
US8484333B2 (en) * | 2001-08-22 | 2013-07-09 | Aol Inc. | Single universal authentication system for internet services |
EP1505765A4 (en) * | 2002-06-07 | 2006-10-04 | Sony Corp | DATA PROCESSING SYSTEM, DATA PROCESSING DEVICE, DATA PROCESSING METHOD AND COMPUTER PROGRAM |
JP3791464B2 (ja) * | 2002-06-07 | 2006-06-28 | ソニー株式会社 | アクセス権限管理システム、中継サーバ、および方法、並びにコンピュータ・プログラム |
GB2394803A (en) * | 2002-10-31 | 2004-05-05 | Hewlett Packard Co | Management of security key distribution using an ancestral hierarchy |
US7353533B2 (en) * | 2002-12-18 | 2008-04-01 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
-
2004
- 2004-04-12 US US10/823,378 patent/US7650409B2/en not_active Expired - Fee Related
-
2005
- 2005-03-25 CN CN2005800161498A patent/CN101099143B/zh not_active Expired - Fee Related
- 2005-03-25 WO PCT/IB2005/000828 patent/WO2005096701A2/en active Application Filing
- 2005-03-25 EP EP05718311.3A patent/EP1738274A4/en not_active Withdrawn
- 2005-03-25 KR KR1020067023786A patent/KR100894555B1/ko active IP Right Grant
Also Published As
Publication number | Publication date |
---|---|
US7650409B2 (en) | 2010-01-19 |
US20050228886A1 (en) | 2005-10-13 |
WO2005096701A2 (en) | 2005-10-20 |
EP1738274A2 (en) | 2007-01-03 |
WO2005096701A3 (en) | 2007-04-05 |
KR20070032650A (ko) | 2007-03-22 |
EP1738274A4 (en) | 2016-03-23 |
CN101099143A (zh) | 2008-01-02 |
KR100894555B1 (ko) | 2009-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101099143B (zh) | 使用属性证书实现网络设备授权的系统与方法 | |
KR101534890B1 (ko) | 신뢰된 장치별 인증 | |
JP6004408B2 (ja) | 安全移動体フレームワーク | |
JP5260634B2 (ja) | 段階的認証システム | |
US8973122B2 (en) | Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method | |
EP1933522B1 (en) | Method and system for authentication | |
CN101227468B (zh) | 用于认证用户到网络的方法、设备和系统 | |
US20090300168A1 (en) | Device-specific identity | |
JP2013509065A (ja) | 無線ネットワークへのアクセス権を管理するための装置及び方法 | |
Berbecaru et al. | Providing login and Wi-Fi access services with the eIDAS network: A practical approach | |
CN109150787A (zh) | 一种权限获取方法、装置、设备和存储介质 | |
CN1601954B (zh) | 不中断服务地横跨安全边界移动主体 | |
CN102972005B (zh) | 交付认证方法 | |
KR20070009490A (ko) | 아이피 주소 기반 사용자 인증 시스템 및 방법 | |
KR100590698B1 (ko) | 동일 id를 이용한 다중 로그인을 방지하기 위한 인증 방법, 시스템 및 서버 | |
JP2003132030A (ja) | 情報処理装置および方法、記録媒体、並びにプログラム | |
KR102461050B1 (ko) | 클라우드서버에서 수행되는 사용자단말기에 대한 통신 보안 방법 | |
CAMERONI | Providing Login and Wi-Fi Access Services With the eIDAS Network: A Practical Approach | |
CN107925653B (zh) | 用于安全传输其中数据的电信系统以及与该电信系统相关联的设备 | |
KR101066729B1 (ko) | 네트워크 위치의 하위 위치에 대한 사용자의 인증을 위한 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
ASS | Succession or assignment of patent right |
Owner name: NOKIA AND SIEMENS NETWORKS CO., LTD. Free format text: FORMER OWNER: NOKIA NETWORKS OY Effective date: 20080801 |
|
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20080801 Address after: Espoo, Finland Applicant after: Nokia Siemens Networks Ltd. Address before: Espoo, Finland Applicant before: NOKIA Corp. Effective date of registration: 20080801 Address after: Espoo, Finland Applicant after: NOKIA Corp. Address before: Texas, USA Applicant before: NOKIA Corp. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee |
Owner name: NOKIA SIEMENS NETWORKS OY Free format text: FORMER NAME: NOKIA SIEMENS NETWORK CO., LTD. |
|
CP01 | Change in the name or title of a patent holder |
Address after: Espoo, Finland Patentee after: NOKIA SOLUTIONS AND NETWORKS OY Address before: Espoo, Finland Patentee before: Nokia Siemens Networks Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120530 Termination date: 20200325 |