402 results about "Root certificate" patented technology

A public key authorization infrastructure includes a client program accessible by a user and an application program. A certificate authority issues a long-term certificate that binds a public key of the user to long-term identification information related to the user. A directory stores the issued long-term certificate and short-term authorization information related to the user. A credentials server issues a short-term certificate to the client. The short-term certificate binds the public key to the long-term identification information and to the short-term authorization information. The client presents the short-term certificate to the application program for authorization and demonstrates that the user has knowledge of a private key corresponding to the public key in the short-term certificate. The short-term certificate includes an expiration date, and is not subject to revocation.

In a communication system wherein a device and a client communicate data with each other through a network, the device holds a root certificate including a public key in a pair of the public key and a private key and signed with the public key. When data is sent, a certificate creator creates a second certificate including the root certificate designated as a certificate authority at a higher level and signed with the root certificate, and the second certificate is sent to the client. In the client, the root certificate has been stored beforehand, and a verifier verifies the signature of the second certificate with the root certificate.

A system for using a certificate authority to first provide a customer with a digital certificate, and then having a relying party that receives that digital certificate access a status authority (the certificate authority or its designated agent) to receive a reissued certificate on that certificate. The reissued certificate has a much shorter validity period, which ensures that the information is timely. Moreover, the certificate may serve as a receipt, including an accumulated record of the signatures (digital certificates) and policy applied throughout the financial transaction. As a result, each transfer of the transaction forms a digitally-signed chain of evidence recording each step of the transaction and policy applied thereto, whereby risk may be assumed and charged for appropriately and in accordance with the risk purchaser's policy.

A transaction network contains a networked certificate authority, by which one or more virtual certificates may be remotely defined and stored, such as by an issuer user through a issuer web portal interface. An acquirer user, through an acquirer web portal interface, may acquire one or more virtual certificates, which contain a public key portion, as well as a corresponding private key, which is established at the time of acquisition, and is stored at the certificate authority. At a redemption location associated with an acquired certificate, the acquirer (or an alternate recipient of an acquired certificate to whom the acquirer has communicated the established private key), submits the certificate information, along with the established private key, to redeem the certificate.

Certificate information associated with a received certificate, such as a Secure Sockets Layer (SSL) certificate is stored in a trusted local cache and/or in one or more remote trusted sources, such as a single remote trusted source and/or a trusted peer network. When a site certificate is received on a host computer system, certificate information associated with the received site certificate is obtained and compared with the stored certificate information to determine whether or not the site certificate indicates malicious activity, such as a malicious DNS redirection or a fraudulent local certificate. When a site certificate is not found indicative of malicious activity, the site certificate is released. Alternatively, when a site certificates is found indicative of malicious activity protective action is taken. In some embodiments, a user's log-in credentials are automatically obtained from a trusted local cache and automatically submitted to a web site.

Systems and methods for facilitating electronic commerce by securely providing certificate-related and other services including certificate validation and warranty. In a preferred embodiment, these services are provided within the context of a four-corner trust model. The four-corner model comprises a buyer, or subscribing customer, and a seller, or relying customer, who engage in an on-line transaction. The buyer is a customer of a first financial institution, or issuing participant. The issuing participant operates a certificate authority and issues the buyer a hardware token including a private key and a digital certificate signed by the issuing participant. The seller is a customer of a second financial institution, or relying participant. The relying participant operates a certificate authority and issues the seller a hardware token including a private key and a digital certificate signed by the relying participant. The system also includes a root certificate authority that operates a certificate authority that issues digital certificates to the issuing and relying participants. At the time of a transaction, the buyer creates a hash of the transaction data, signs the hash, and transmits the transaction data, the signature, and its digital certificate to the seller. The seller may then request system services via a connection with its financial institution, the relying participant. The system services may include a certificate status check service and a warranty service. The certificate status check service allows the relying customer to validate the subscribing customer's certificate. The warranty service allows the relying customer to receive a collateral-backed warranty that the subscribing customer's certificate is valid. Each participant and the root entity is provided with a transaction coordinator for combining services and operations into a single transaction having the qualities of atomicity, consistency, isolation, and durability. The transaction coordinator provides a single consistent interface for certificate-status messages and requests, as well as messages and requests relating to other services.

Certification will be performed without the use of any external certification organizations in an organization such as an enterprise. A server and a plurality of clients are connected via a network to thereby constitute a certification system for the entire enterprise. A public secondary memory in the server holds a server name, a certificate list, a temporary registrant list and the like. The certificate list includes individual and group certificates, and the certificate includes specifying information on a certification target, a public key and signature by an responsible person of a group, to which the certification target belongs. The group responsible person signs the public key of the group member and specifying information by using the information on a registrant list to generate a certificate.

The invention provides a method for authenticating a point of sail (POS) file and a method for maintaining an authentication certificate. During the POS file authentication, a two-level certificate management-based POS digital signature scheme is adopted, wherein the first-level certificate is a root certificate and the second-level certificate is a working certificate; the root certificate can authenticate the legality of the working certificate, but cannot authenticate the legality of an application program; and the working certificate can authenticate the legality of downloaded POS software. A POS acquirer head office applies the root certificate and the working certificate from certificate authority (CA), provides a POS acquirer root certificate public key to a terminal manufacturer, performs digital signature to generate a root certificate public key file, returns the root certificate public key file to the head office and then issues the root certificate public key file to each branch office; each POS acquirer branch office receives the root certificate public key file transmitted by the head office; and the POS acquirer head office performs digital signature on a working certificate public key by a root certificate private key to generate a working certificate public key file and issue the working certificate public key file to each branch office. The method for authenticating the POS file and the method for maintaining the authentication certificate have the advantages of contributing to the update and the maintenance of the certificate per se and guaranteeing the authenticity of application software.

Certain embodiments of the present invention provide a method for replacing a cryptographic key including receiving a key replacement message for replacing the cryptographic key, decrypting at least part of the key replacement message using at least part of the cryptographic key, reading from the key replacement message at least part of at least a first replacement cryptographic key or at least a first replacement cryptographic key precursor value that is used to derive a first replacement cryptographic key, and replacing the cryptographic key with at least part of the first replacement cryptographic key. The key replacement message includes encrypted data. The encrypted data having been encrypted using at least part of at least a third cryptographic key. Decrypting the encrypted data using at least part of the cryptographic key. The decrypting being associated with verifying a digital signature.

The invention describes a method and system for verifying the link between a public key and a server's identity as claimed in the server's certificate without relying on the trustworthiness of the root certificate of the server's certificate chain. The system establishes a secure socket layer type connection between a client and a server, wherein the server transmits information including the server's public key to the client while establishing the connection. Next, a first information is sent from the client to the server. The client and the server create an identical authentication key using a shared secret known to the server and the client. Next, the server transmits a first encrypted message to the client, wherein the first encrypted message includes the server's public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client and to establish the trustworthiness of the server's public key and thereby the entire SSL connection. The client then transmits a second encrypted message to the server, wherein the second encrypted message is the first information encrypted with the authentication key. Finally, the server then decrypts the second encrypted message and verifies the correctness of the decrypted second encrypted message to authenticate the client.

The present invention provides a mobile terminal, a resource access control system for a mobile terminal, and a resource access control method in a mobile terminal which can flexibly change resources that can be accessed by an application. An application manager 118 of a mobile terminal 101 transmits an identifier of a root certificate of an application to a server 102 at predetermined timing, e.g., when the application is started, to thereby retrieve a corresponding resource list from a resource database 122. The corresponding resource list is added to an access database 115, or the contents of the access database 115 are updated with the corresponding resource list. Access to resources specified by the resource list is permitted. When the resource list is changed, the contents of the resource list may be transmitted from the server 102 to the mobile terminal 101 by a push type notification.

An ID vault computer control program detects when a user's browser navigates to a third-party website that requires a user ID and password. If it hasn't done so already, it automatically requests a decryption key for a local encrypted vault file from a network server by supplying a personal identification number (PIN) from the user through the input device, a copy of the GUID, and a signature of GUID using a private key for the root certificate. If a decryption key is returned from the network server, the local encrypted vault file is unlocked and automatically supplies a corresponding user ID and password to log-on to the third-party website without the user.

The invention discloses a medical data platform based on the block chain technology. The medical data platform comprises a terminal, a server module, a data storage module and a block chain network. The terminal exchanges data with the data storage module and the block chain network through the server module. The server module comprises a communication server, an intermediate certificate server and a root certificate server and is used for processing data interaction between the modules and allocating certificates to the block chain network nodes. The data storage module comprises a medical information system and a distributed image database and is used for data storage. The block chain network comprises multiple institutional accounting nodes and multiple consensus nodes. The accounting nodes perform mutual data synchronization. The medical data platform based on the block chain technology has the advantages that the existing medical information is stored in the block chain shared account book so that all the medical institutions can share the medical information related to the patients, and the privacy protection function of the medical data can be realized by using the encryption algorithm and thus sharing of the medical data can be facilitated and the security of the sensitive information can also be protected.

Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. Proactive remediation is enabled to delete or disable root certificates in trusted operating system root certificate stores or in trusted browser root certificate stores by a web security agent installed at distributed endpoints. This removes the need for additional hardware or synchronous remote access over the protected endpoints.

The invention provides a digital identity verification method based on block chains. The method comprises the following steps: when an application party certificate generating instruction is received,obtaining a first random number, so that an application server generates an application party certificate by using the first random number; obtaining the application party certificate and a securityfactor, and verifying whether the application party certificate is effective according to a public key in an application party root certificate; if so, generating a wallet certificate by using the security factor; after an input password is received, obtaining a second random number, calculating a summary value according to the second random number and the password, and verifying whether the summary value is correct; and if so, singing transaction information and the security factor by using a private key in purse service, so that the application server verifies whether the wallet certificateis legal and effective by using the signature. By adoption of the random numbers, the signature and various certificates, high-security digital identity verification between block chains is achieved.The invention further provides a digital identity verification apparatus and system based on block chains, which have the above beneficial effects.

An embodiment of the present invention relates to a method for deploying a blockchain network, a client device and a BssA server. The method comprises a step of receiving a first instruction for deploying the blockchain network at the client device, wherein the blockchain network at least includes a blockchain organization with at least one blockchain node, and the client device is coupled to theBaaS server in a communicated mode, a step of responding to the first instruction, generating a root certificate of the blockchain organization and a corresponding first private key, and generating anode private key of the at least one blockchain node, a step of generating a root certificate of the at least one blockchain node based on the root certificate, the first private key and the node private key, and a step of sending the root certificate, the node certificate and the node private key to the BaaS server and storing the first private key and the node private key into a local memory coupled to the client device.

Update firmware is stored as one binary file. The binary file includes firmware data necessary for operating a controller unit and root certificate data necessary for a printer apparatus to establish secure communication with a content server. Specific information in the root certificate data is extracted from the update firmware, and the extracted specific information is used to update a management table of the root certificate provided in a RAM. With this configuration, it is possible for an information processing apparatus to reliably acquire and update the root certificate data without greatly changing the original functional configuration.

An infrastructure is provided for managing the distribution of digital certificates for network security in wireless backhaul networks. In embodiments, a root certificate management system (root CMS) processes requests for digital certificates, issues root certificates, automatically authenticates surrogate certificate management systems (sur-CMSs), and automatically processes certificate requests and issues certificate bundles to sur-CMSs that are successfully authenticated. The infrastructure includes sur-CMSs to which are assigned base stations within respective regions. Each sur-CMS automatically authenticates its own base stations and automatically processes certificate requests and issues certificate bundles to base stations that are successfully authenticated. A certificate bundle issued to a base station includes a digital certificate, signed by the issuing sur-CMS, of a public key of such base station, and at least one further digital certificate, including a self-signed certificate of the root CMS.