36 results about "Self-signed certificate" patented technology

Disclosed is a method in which a portable device processor may generate an application-level certificate for an application installed on the portable device. The processor may, for example, insert an application name in a package name field of a self-signed device-level certificate of the portable device to generate an application-level self-signed certificate. A request to authenticate the application may be forwarded to the controller. The request may include the application-level certificate. The portable device processor may receive a request to form a secure communication channel between the portable device and the controller based on the authenticated application-level certificate. A controller may respond to a portable device request for services by authenticating an application-level certificate provided by the portable device so requested services may be securely provided to the portable device.

An infrastructure is provided for managing the distribution of digital certificates for network security in wireless backhaul networks. In embodiments, a root certificate management system (root CMS) processes requests for digital certificates, issues root certificates, automatically authenticates surrogate certificate management systems (sur-CMSs), and automatically processes certificate requests and issues certificate bundles to sur-CMSs that are successfully authenticated. The infrastructure includes sur-CMSs to which are assigned base stations within respective regions. Each sur-CMS automatically authenticates its own base stations and automatically processes certificate requests and issues certificate bundles to base stations that are successfully authenticated. A certificate bundle issued to a base station includes a digital certificate, signed by the issuing sur-CMS, of a public key of such base station, and at least one further digital certificate, including a self-signed certificate of the root CMS.

The invention provides a secure mobile communication architecture with dynamic two-way authentication and an implementation method thereof. In the secure mobile communication architecture, a client terminal and a server-side implement two-way authentication, the server-side adopts an SSL self-signed certificate, and the authentication to the server-side by the client terminal is finished through authentication to the SSL certificate of the server; the authentication to the client terminal by the server-side is finished through management of identity access authority provided by an asymmetric key pair and a PKI technology; and communication between the client terminal and the server-side adopts an SSL security authentication protocol so as to guarantee the data security in the communication process. By adopting the secure mobile communication architecture with dynamic two-way authentication for carrying out mobile communication, the implementation way is simple, counterfeiting, hacker attack and man-in-the-middle attack threats in the common mobile communication mechanism are eliminated, and the security of communication between the mobile client terminal and the server-side is greatly increased.

The present invention provides systems and methods to automatically install and trust a self-signed (e.g., untrusted) web site certificate on one or more web clients local to the network. In addition, the systems and methods provide for automatic installation of the self-signed certificate and/or a signed (e.g., trusted) certificate on a web server, and automatic configuration to enable an authentication and/or encryption mechanism (e.g., SSL encryption) with at least a portion of the web site. Conventionally, certificate installation, configuration and trusting are achieved manually, which can be time consuming and prone to errors such as trusting a fictitious certificate, for example. The systems and methods of the present invention provide a novel approach to mitigate manual web site certificate installation (e.g., trusted and untrusted) and trusting, web client interruption via untrusted web site warning notifications, and domain web site redirection to a fictitious web site.

In embodiments, an authentication server interfaces between a user device with a self-signed certificate and a verifying computer that accepts a user name and password. The user device generates a self-signed certificate signed by a private key on the user device. The self-signed certificate is transmitted to a verifying party computer over a network. The verifying party stores the self-signed certificate with user identification data. The user migrates trust to another device by providing the root certificate and intermediate certificate as a certificate chain to a second device, which then adds a new intermediate certificate to create a longer certificate chain with the same root certificate. In subsequent communications, the verifying party receives a certificate chain including the self-signed certificate from the second user device, and matches that with the user identification data stored in a database.

A gateway (GW) in a wireless communication system, according to the present invention, generates self-signed certificate information, allocates the self-signed certificate information to at least one device, transmits a registration request message for requesting registration of the at least one device to a server if a certificate channel with the at least one device is generated on the basis of the self-signed certificate information, and transmits certificate information for the at least one device to the at least one device if the certificate information for the at least one device is received from the server.

The invention provides an ad hoc network mode security association establishment method which is applied to a requester terminal and an authenticator terminal containing a self-signed certification authority. The method comprises the following steps: the requester terminal obtains a self-signed certificate issued by the self-signed certification authority from the authenticator terminal through an open system link established between the requester terminal and the authenticator and the preset name and password of a user; and the requester terminal uses the self-signed certificate to establish security association with the authenticator terminal. The invention further provides a terminal containing a self-signed certification authority. The invention does not need two rounds of five-time handshake processes to negotiate two groups of unicast keys and multicast keys, reduces the handshake processes of establishing security association, accelerates the security association establishment speed and reduces the terminal power consumption.

An exemplary method of managing secure communications between nodes includes receiving a public key of a node associated with a certification authority. A root node certificate is provided to the node responsive to the received public key. The root node certificate indicates that the received public key belongs to the node. A root self-signed certificate corresponding to a public key of the certification authority is also provided to the node.

The embodiment of the invention discloses an identity calibration method. The method comprises the steps of: obtaining a first certificate of a terminal by a server, and performing identity calibration for the first certificate, wherein the first certificate is a self-signature certificate of the terminal; when the identity calibration for the first certificate is failed by the server, sending certificate information to the terminal by the server; generating a second certificate by the server; establishing communication connection between the second certificate and the terminal by the server.The embodiment of the invention further discloses an identity calibration device. The embodiment of the invention provides the method, when the terminal employs the self-signature certificate to perform identity calibration, a new signature certificate passing the authentication of the server is sent to the terminal, and the terminal and the server can use the new signature certificate for communication so as to improve the safety of the identity calibration and reduce the risk of information leakage.

Techniques are presented herein for authenticating local process to a web service, both executing on a common host computer server. The local process may present a self-signed certificate to the web service. In response, the web service may identify a file system directory on the first computer server containing a file storing the self-signed certificate. If the subject information identifying the owner of the process matches file system metadata indicating an owner of the file, then the web service may consider the process as being authenticated to the web service.

A device (110, 120) receives (S202) a password from a user, obtains (S204) a public key for a cryptographic algorithm for the device, obtains (S206) a password verifier by applying a one-way function to a combination of a unique identifier, the password and the public key, generates (S208) the certificate comprising the unique identifier, the public key and the password verifier, signs (S21 0) the certificate using a private key corresponding to the public key thereby obtaining a self-signed certificate, and outputs the self-signed certificate. Also provided is the device.

Endpoints, such as Session Initial Protocol enabled telephones, are capable of being public network (e.g., Internet) devices and, as such, require security measures to protect the endpoints and components on a private network they may be attached to, such as a call center. By providing a self-signed certificate into an endpoint with hardcoded certificate authorities (CAs) that enable the phone to call a trusted location, namely a Device Enrollment Service (DES) having a verifiable record of the endpoint that, on endpoint startup, authentication actions may be performed and, is successful, the endpoint is permitted to “point to” other services that may allow the endpoint to be redirected or otherwise use a particular private network, such as that of a customer.