Device provisioning and authentication
US-11246032-B1 · Feb 8, 2022 · US
Two-way secure channels with certification by one party
US11595358B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11595358-B2 |
| Application number | US-202117224630-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 7, 2021 |
| Priority date | Apr 7, 2021 |
| Publication date | Feb 28, 2023 |
| Grant date | Feb 28, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to sign a second certificate generated by the second entity, wherein the first request is generated by the second entity using a first credential generated by the second entity; receiving, from the second entity, (i) the first request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: providing, by a first entity of a communication, wherein the first entity provides a certificate authority for the communication, a first signed certificate to a second entity of the communication, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first certificate signing request to sign a second certificate generated by the second entity, wherein the first certificate signing request is generated by the second entity using at least a portion of a first credential generated by the second entity; receiving, by the first entity from the second entity over a two-way channel, (i) the first certificate signing request to sign the second certificate, and (ii) the first signed certificate; and providing, by the first entity, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel; wherein the method is performed by at least one processing device comprising a processor coupled to a memory. 2. The method of claim 1 , wherein the first signed certificate is based at least in part on a private key shared by the first entity and the second entity, and wherein the second signed certificate is based at least in part on a private key of the second entity. 3. The method of claim 1 , wherein the providing the first signed certificate to the second entity further comprises generating a second certificate signing request for the second entity; providing the second certificate signing request to the certificate authority; and obtaining the first signed certificate for the second entity from the certificate authority. 4. The method of claim 1 , wherein the providing the first signed certificate to the second entity further comprises providing one or more of a one-time credential of the second entity, a certificate of the first entity and a network address of the first entity to the second entity. 5. The method of claim 1 , wherein the first signed certificate for the second entity comprises one or more of (i) a revocable certificate, (ii) a limited purpose certificate that may only be used for one or more defined operations, and (iii) a certificate that expires in response to a predefined expiration time or a predefined expiration event. 6. The method of claim 1 , further comprising performing one or more remedial actions in response to detecting an anomalous use of the first signed certificate. 7. The method of claim 1 , wherein the first credential comprises one or more of a public key/private key pair, an authentication token, and a username/password pair. 8. The method of claim 1 , further comprising revoking, by the first entity, the first signed certificate in response to the providing the second signed certificate to the second entity. 9. The method of claim 1 , wherein the first credential is not communicated between the first entity and the second entity. 10. The method of claim 1 , wherein the first entity and the second entity are part of a cluster having a dynamically changing number of members. 11. The method of claim 1 , wherein the first signed certificate is based at least in part on a one-time secret of the second entity and wherein the second certificate is based at least in part on a second secret of the second entity. 12. An apparatus comprising: at least one processing device of a first entity of a communication that provides a certificate authority for the communication, wherein the at least one processing device comprises a processor coupled to a memory; the at least one processing device of the first entity being configured to implement the following steps: providing a first signed certificate to a second entity of the communication, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first certificate signing request to sign a second certificate generated by the second entity, wherein the first certificate signing request is generated by the second entity using at least a portion of a first credential generated by the second entity; receiving, from the second entity over a two-way channel, (i) the first certificate signing request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel. 13. The apparatus of claim 12 , wherein the providing the first signed certificate to the second entity further comprises generating a second certificate signing request for the second entity; providing the second certificate signing request to the certificate authority; and obtaining the first signed certificate for the second entity from the certificate authority. 14. The apparatus of claim 12 , wherein the first signed certificate for the second entity comprises one or more of (i) a revocable certificate, (ii) a limited purpose certificate that may only be used for one or more defined operations, and (iii) a certificate that expires in response to a predefined expiration time or a predefined expiration event. 15. The apparatus of claim 12 , further comprising revoking, by the first entity, the first signed certificate in response to the providing the second signed certificate to the second entity. 16. The apparatus of claim 12 , wherein the first credential is not communicated between the first entity and the second entity. 17. A non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device, of a first entity of a communication that provides a certificate authority for the communication, causes the at least one processing device to perform the following steps: providing, by a first entity of a communication that provides a certificate authority for the communication, a first signed certificate to a second entity of the communication, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first certificate signing request to sign a second certificate generated by the second entity, wherein the first certificate signing request is generated by the second entity using at least a portion of a first credential generated by the second entity; receiving, from the second entity over a two-way channel, (i) the first certificate signing request to sign the second certificate, and (ii) the first signed certificate; and providing, in response to the certificate authority verifying the first signed certificate, a second signed certificate, signed by the certificate authority, to the second entity; wherein one or more additional communications between the first entity and the second entity use the two-way channel. 18. The non-transitory processor-readable storage medium of claim 17 , wherein the first signed certificate for the second entity comprises one or more of (i) a revocable certificate, (ii) a limited purpose certificate that may only be used for one or more defined operations, and (iii) a certificate that expires in response to a predefined expiration time or a predefin
Assignees
Inventors
Classifications
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
- H04L63/04Primary
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11595358B2 cover?
- Two-way secure channels are provided between two parties to a communication with certification being provided by one party. One method comprises providing, by a first entity that provides a certificate authority, a first signed certificate to a second entity, wherein the first signed certificate is signed by the certificate authority and wherein the second entity generates a first request to si…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/04. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 28 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).