Apparatus and method for providing multiple security credentials

US 10,063,382 B1
Filed: 09/28/2017
Issued: 08/28/2018
Est. Priority Date: 09/28/2017
Status: Expired due to Fees

×

Create Patent Alert

District Court Events

PTAB Events

ITC Events

Federal Circuit Events

RPX Reports

Alert Frequency

Daily (M-F)

Weekly

^*Certain alert events are not available for your current subscription level. Upgrade

Cancel
- Alert
- Pin

	Alert Frequency
	Daily (M-F)
	Weekly

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for determining a credential authority, the method comprising:

receiving at a multi-certificate authority (CA) apparatus an electronic enrollment request from a requestor electronic device for security credentials, the requestor electronic device being selected from the group consisting of;

an industrial machine, a computing device, and a vehicle;

at an electronic control circuit at the multi-CA apparatus, selecting an initial credential authority based upon a first predetermined criteria;

communicating by the multi-CA apparatus with the initial credentials authority and, based upon the communicating, determining at the electronic control circuit whether the initial credential authority is available, wherein the communicating occurs utilizing a first plug-in apparatus, the first plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with the initial credentials authority;

wherein a data structure is stored in a data storage device, the data structure including a ranked list of potential credentials authorities, and the first predetermined criteria relates to the position of the initial credentials authority within the list of potential credentials authorities;

when the initial credentials authority is available, obtaining the security credentials from the initial credentials authority and transmitting the security credentials to the requestor electronic device;

when the initial credentials authority is not available, choosing a back-up credentials authority based upon a second predetermined criteria;

wherein the second predetermined criteria is the position of the back-up credentials authority within the list of potential credentials authorities;

communicating by the multi-CA apparatus with the backup credentials authority and, based upon the communicating, determining at the electronic control circuit whether the back-up credential authority is available, wherein the communicating occurs utilizing a second plug-in apparatus, the second plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with the back-up credentials authority;

when the back-up credentials authority is available, obtaining the security credentials from the back-up credentials authority and transmitting the security credentials to the requestor electronic device;

when the back-up credentials authority is not available and at the electronic control circuit, attempting to identify a next available back-up credentials authority on the list until the list is exhausted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A request is received from a requestor for security credentials. An initial credential authority is selected based upon a first predetermined criteria. When the initial credentials authority is not available, a back-up credentials authority is chosen based upon a second predetermined criteria. The security credentials are obtained from the back-up certificate authority. The security credentials are transmitted to the requestor.

Citations

12 Claims

1. A method for determining a credential authority, the method comprising:
- receiving at a multi-certificate authority (CA) apparatus an electronic enrollment request from a requestor electronic device for security credentials, the requestor electronic device being selected from the group consisting of;
  
  an industrial machine, a computing device, and a vehicle;
  
  at an electronic control circuit at the multi-CA apparatus, selecting an initial credential authority based upon a first predetermined criteria;
  
  communicating by the multi-CA apparatus with the initial credentials authority and, based upon the communicating, determining at the electronic control circuit whether the initial credential authority is available, wherein the communicating occurs utilizing a first plug-in apparatus, the first plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with the initial credentials authority;
  
  wherein a data structure is stored in a data storage device, the data structure including a ranked list of potential credentials authorities, and the first predetermined criteria relates to the position of the initial credentials authority within the list of potential credentials authorities;
  
  when the initial credentials authority is available, obtaining the security credentials from the initial credentials authority and transmitting the security credentials to the requestor electronic device;
  
  when the initial credentials authority is not available, choosing a back-up credentials authority based upon a second predetermined criteria;
  
  wherein the second predetermined criteria is the position of the back-up credentials authority within the list of potential credentials authorities;
  
  communicating by the multi-CA apparatus with the backup credentials authority and, based upon the communicating, determining at the electronic control circuit whether the back-up credential authority is available, wherein the communicating occurs utilizing a second plug-in apparatus, the second plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with the back-up credentials authority;
  
  when the back-up credentials authority is available, obtaining the security credentials from the back-up credentials authority and transmitting the security credentials to the requestor electronic device;
  
  when the back-up credentials authority is not available and at the electronic control circuit, attempting to identify a next available back-up credentials authority on the list until the list is exhausted.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the requestor electronic device is an industrial machine that is disposed at an industrial site.
  - 3. The method of claim 1, wherein the security credentials comprise a PKI certificate.
  - 4. The method of claim 1, wherein the method is executed at the cloud.
  - 5. The method of claim 1, wherein the method is executed at a remote industrial site.
  - 6. The method of claim 1, wherein the initial credentials authority and the back-up credentials authority are certificate authorities.

7. A multi-Credentials Authority (CA) apparatus that is configured to determine a credentials authority, the multi-CA apparatus comprising:
- an electronic interface with an input and an output, the interface being configured to receive an electronic enrollment request from a requestor electronic device for security credentials at the input, the requestor electronic device being selected from the group consisting of;
  
  an industrial machine, a computing device, and a vehicle;
  
  a data storage device, the data storage device being configured to store a data structure that includes a ranked list of potential credentials authorities;
  
  a first plug-in apparatus, the first plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with the initial credentials authority;
  
  a second plug-in apparatus, the second plug-in apparatus being a software program that allows the multi-CA apparatus to communicate with a back-up credentials authority;
  
  an electronic control circuit coupled to the electronic interface and the data storage device, the electronic control circuit being configured to select the initial credential authority from the list based upon a first predetermined criteria, the first predetermined criteria relating to the position of an initial credentials authority within the list of potential credentials authorities, the electronic control circuit further configured to communicate with the initial credentials authority via the interface and, based upon the communicating, determine whether the initial credential authority is available, wherein the communicating occurs utilizing the first plug-in apparatus, the electronic control circuit further configured to, when the initial credentials authority is available, obtain the security credentials from the initial credentials authority and transmit the security credentials to the requestor electronic device via the output, the electronic control circuit further configured to, when the initial credentials authority is not available, choose the back-up credentials authority from the list based upon a second predetermined criteria, wherein the second predetermined criteria is the position of the back-up credentials authority within the list of potential credentials authorities, the electronic control circuit further configured to communicate with the backup credentials authority and, based upon the communicating, determine whether the back-up credential authority is available, the electronic control circuit further configured to, when the back-up credentials authority is available, obtain the security credentials from the back-up credentials authority and transmit the security credentials to the requestor electronic device via the output, the control circuit further configured to, when the back-up credentials authority is not available, attempt to identify a next-available back-up credentials authority on the list until the list is exhausted.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The multi-CA apparatus of claim 7, wherein the requestor electronic device is an industrial machine that is disposed at an industrial site.
  - 9. The multi-CA apparatus of claim 7, wherein the security credentials comprise a PKI certificate.
  - 10. The multi-CA apparatus of claim 7, wherein the multi-CA apparatus is disposed at the cloud.
  - 11. The multi-CA apparatus of claim 7, wherein the multi-CA apparatus is disposed at a remote industrial site.
  - 12. The multi-CA apparatus of claim 7, wherein the initial credentials authority and the back-up credentials authority are certificate authorities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Mehta, Arun, Ranganath, Gowtham, Chu, Leo, Kshirsagar, Atul
Primary Examiner(s)
Dada, Beemnet

Application Number

US15/718,534
Time in Patent Office

334 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/006   involving public key infras...

H04L 9/321   involving a third party or ...

H04L 9/3268   using certificate validatio...

Apparatus and method for providing multiple security credentials

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for providing multiple security credentials

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links