38 results about "Proxy certificate" patented technology

A method of managing reliance in an electronic transaction system includes a certification authority issuing a primary certificate to a subscriber and forwarding to a reliance server, information about the issued primary certificate. The reliance server maintains the forwarded information about issued primary certificate. The subscriber forms a transaction and then provides the transaction to a relying party. The transaction includes the primary certificate or a reference thereto. The relying party sends to the reliance server a request for assurance based on the transaction received from the subscriber. The reliance server determines whether to provide the requested assurance based on the information about the issued primary certificate and on the requested assurance. Based on the determining, the reliance server issues to the relying party a secondary certificate providing the assurance to the relying party.

A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access.

A license-management system and method is provided. A method of issuing a proxy certificate includes transmitting a proxy-certificate-issuance-request message to a license server in order for the local license manager to acquire an authority to issue a license by a local license manager; enabling the license server to verify the proxy-certificate-issuance-request message; if the proxy-certificate-issuance-request message is valid, transmitting a proxy certificate to the local license manager by the license server, the proxy certificate including information regarding the authority to issue a license; and verifying the proxy certificate by the local license manager.

An infrastructure is provided for managing the distribution of digital certificates for network security in wireless backhaul networks. In embodiments, a root certificate management system (root CMS) processes requests for digital certificates, issues root certificates, automatically authenticates surrogate certificate management systems (sur-CMSs), and automatically processes certificate requests and issues certificate bundles to sur-CMSs that are successfully authenticated. The infrastructure includes sur-CMSs to which are assigned base stations within respective regions. Each sur-CMS automatically authenticates its own base stations and automatically processes certificate requests and issues certificate bundles to base stations that are successfully authenticated. A certificate bundle issued to a base station includes a digital certificate, signed by the issuing sur-CMS, of a public key of such base station, and at least one further digital certificate, including a self-signed certificate of the root CMS.

The invention provides an ID-based proxy blind signature system of an incredible private key generator and a method. The system comprises the key generator used for calculating the key according to the obtained key data so as to utilize the signature of the key on a message m to verify the reliability of the message m; a proxy certificate generation part used for generating the key data used by a signer according to the private data of the user and transmitting the key data to the private key generator to calculate the private key SA of the signer and constructing a certificate m Omega and signaling on the certificate m Omega by the private key, so that a proxy certificate W A-B is obtained; and a proxy signature part used for selecting proxy private data to generate corresponding private data and sending the private data to the private key generator to calculate a proxy private key SB and obtaining a proxy signature key according to the private key SB and a proxy public key W A-B, and constructing a premise according the proxy signature key and the proxy certificate W A-B, thereby leading the signature algorithm to satisfying the performances of non-forgery and non-repudiation.

A mechanism for mutual authorization of a secondary resource in a grid of resource computers is provided. When a primary resource attempts to offload a grid computing job to a secondary resource, the primary resource sends a proxy certificate request to the user machine. Responsive to a proxy certificate request, the user machine performs authorization with the secondary resource. If authorization with the secondary resource is successful, the user machine generates and returns a valid proxy certificate. The primary resource then performs mutual authentication with the secondary resource. If the authorization with the secondary resource fails, the user machine generates and returns an invalid proxy certificate. Mutual authentication between the primary resource and the secondary resource will fail due to the invalid proxy certificate. The primary resource then selects another secondary resource and repeats the process until a resource is found that passes the mutual authorization with the user machine.

The invention provides a method, a system and a device for safely accessing cross-resource pool resources based on a federal center, and federal center equipment. The method comprises the following steps of: receiving a first resource request message sent by a local user in a first resource domain; analyzing the first resource request message, and sending a federal attribute proxy certificate request message which carries identity information of the local user to the federal center equipment when the first resource request message points to a second resource domain; receiving a response message which carries a federal attribute proxy certificate and is returned by the federal center equipment after the identity information of the local user passes verification, wherein the federal attribute proxy certificate is allocated to the local user by the federal center; sending a second resource request message which carries the federal attribute proxy certificate to the second resource domain; and receiving a service provision notification message returned by the second resource domain after the second resource domain verifies the second resource request message and the second resource request message passes verification. Through the technical scheme, cross-resource domain resources can be called.

The invention provides a public key algorithm and SSL (security socket layer) protocol based method of optimizing security of a multi-cluster Hadoop system. The method includes the steps of authenticating identity of a user when the user logs in to a master node; allowing the master node to submit a request to a CA (certificate authority) server to acquire a proxy certificate; allowing the master node to create a slave node list and determine identity of the master node; allowing bidirectional authentication between the master node and slave nodes; allowing the multi-cluster Hadoop system to execute a task submitted by the user; stopping the user from submitting tasks. The method has the advantages that user authentication and network attack protection are effectively achieved for the Hadoop system running across multiple cluster environments, the defect of the original security mechanism of the single-cluster Hadoop system running in the multiple cluster environments is made up, and the network attack protection with the original security mechanism of the single-cluster Hadoop system forms complete security protection for the multi-cluster Hadoop system.

The invention relates to an HTTPS connection verification method and device. The method comprises the following steps: when an HTTPS connection request is initiated to a website, a certificate of the website is obtained; the certificate and other father certificates of the certificate except for a root certificate are verified; if verifications of the certificate and the other father certificates are passed, whether the root certificate is in a preset approval certificate library is judged; if the root certificate is in the preset approval certificate library, the certificate verifications are passed, HTTPS connection is continued; if the root certificate is not in the preset approval certificate library, the certificate, the root certificate and a uniform resource locator of the website accessed by the HTTPS connection are verified, whether the certificate, the root certificate and the uniform resource locator of the website accessed by the HTTPS connection are in a preconfigured certificate verification set; if the certificate, the root certificate and the uniform resource locator of the website accessed by the HTTPS connection are in the preconfigured certificate verification set, the certificate verifications are passed, and the HTTPS connection is continued; and, if the certificate, the root certificate and the uniform resource locator of the website accessed by the HTTPS connection are not in the preconfigured certificate verification set, the process is ended. The HTTPS connection verification method and device do not need to install the root certificate, prevent a system from a threat, and improve safety of the system.

The invention discloses a protective treatment method for trust certificate faced service. Wherein, the user terminal builds a security communication channel with network server and uploads agent certificate and cipher and security parameter all generated by it self; the server generates and enciphers agent trust certificate to preserve with security parameter; the terminal visits the certificate library and provides cipher; the server checks and validates the cipher, if pass, generates a new agent trust certificate to send to terminal. This invention fuses trust certificate into WSRF frame, and enhances flexibility for protection.

The invention discloses a communication method and a communication system in an IaaS system, based on a public key infrastructure (PKI). The method comprises the steps as follows: a proxy side in the IaaS system generates a public and private key pair, stores a private key locally, and sends a public key to a proxied side; the proxied side signs and issues the public key sent by the proxy side according to the private key corresponding to a legal certificate stored by itself, generates a proxy certificate and returns the proxy certificate to the proxied side; and the proxy performs a corresponding operation as proxy for the proxied side according to the proxy certificate within a preset life cycle. According to the method and the system provided by the invention, the proxy side can carry the proxy certificate with specific legal validity sent by the proxied side to perform the proxy operation, and legality and security of the proxy operation in the IaaS system are ensured.

The invention provides an Internet data collection method and system based on a man-in-the-middle. The method comprises the steps that a man-in-the-middle proxy certificate is installed to webpage information collection equipment, a man-in-the-middle of the webpage information collection equipment is established, and when the webpage information collection equipment accesses webpage information inthe Internet, the man-in-the-middle proxy certificate acts on all network traffic of the webpage information collection equipment; the man-in-the-middle acquires an collection task accommodating a URL regular expression of a to-be-acquired webpage, captures traffic conforming to the URL regular expression in all network traffic as intermediate traffic, injects the collection task into an HTML page of the intermediate traffic to obtain a to-be-analyzed page, and stores the to-be-analyzed page into a first database; and the analysis module distributes the to-be-analyzed page to the analyzer instance for analysis according to the URL information of the to-be-analyzed page in the first database, acquires a webpage collection result accommodating the structured data from the analyzer instanceand stores the webpage collection result into the second database. According to the invention, data collection of all applications which provide information by integrating browser kernel functions canbe supported.

The present invention discloses an implementation scheme of a two-factor login manner capable of opening and closing freely. The two-factor login refers to login based on a user name/password and a personal certificate. The two-factor login manner is able to open and close freely. The personal certificate is realized by using a keytool of Java JDK. The process is as follows: firstly, a trusted certificate bank is generated according to a command; then a personal certificate is generated, and the trusted certificate is exported from the personal certificate; and finally, the trusted certificate is imported into the certificate bank. Authentication of the certificate can be performed by a user, and the authentication of the certificate can be started and closed freely.

A certificate chain electronic agent certificate system carries out identity verification, biological verification and certificate verification on enterprise managers through a multi-center verification module, and verification records are stored through a multi-center storage module. A manager initiates a request for generating an electronic agent certificate or an electronic franchischer certificate at an electronic agent certificate terminal; the electronic agent certificate server receives the request. An authorized enterprise electronic certificate ID and an authorized enterprise electronic certificate ID are acquired through a multi-certificate center module. The electronic certificate ID of the enterprise is authorized. A unique enterprise electronic agent certificate or an enterprise electronic franchise certificate is generated by combining an encryption algorithm with a combination mode of a random number according to the ID and the authorization information of the authorizedenterprise electronic certificate, a verifier can verify the authenticity of the electronic agent certificate and verify the identity information of a certificate holder in real time, and the phenomenon that the agent certificate is forged and tampered is eradicated.