Data structure for use as a positive list in a device, method for updating a positive list and device
First Claim
1. A device comprising:
- an update unit including a processor, anda memory;
wherein the update unit provides a data structure for use as a positive list in the device,wherein the memory stores the positive list;
wherein the positive list includes an entry for each permitted communication partner of the device each entry having;
a first identifier that explicitly identifies a permitted communication partner;
a value of a predetermined certificate field that identifies a certificate as explicitly associated with the permitted communication partner; and
a respective check value from at least one certificate of the permitted communication partner that explicitly identifies the at least one certificate;
wherein the data structure at least temporarily contains the respective check value of the at least one certificate of the permitted communication partner and a new check value of a new certificate of the permitted communication partner such that both the new certificate and the at least one certificate of the permitted communication partner are identifiable as valid certificates, wherein the new check value explicitly identifies the new certificate;
wherein an updated check value is transmitted to the device via a connection authenticated using the at least one certificate, and the new check value is transmitted via a connection authenticated using the new certificate, and the new certificate is identified in the positive list only if the new check value or a third check value derived from the new check value matches the updated check value.
1 Assignment
0 Petitions
Accused Products
Abstract
A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.
-
Citations
20 Claims
-
1. A device comprising:
-
an update unit including a processor, and a memory; wherein the update unit provides a data structure for use as a positive list in the device, wherein the memory stores the positive list; wherein the positive list includes an entry for each permitted communication partner of the device each entry having; a first identifier that explicitly identifies a permitted communication partner; a value of a predetermined certificate field that identifies a certificate as explicitly associated with the permitted communication partner; and a respective check value from at least one certificate of the permitted communication partner that explicitly identifies the at least one certificate; wherein the data structure at least temporarily contains the respective check value of the at least one certificate of the permitted communication partner and a new check value of a new certificate of the permitted communication partner such that both the new certificate and the at least one certificate of the permitted communication partner are identifiable as valid certificates, wherein the new check value explicitly identifies the new certificate; wherein an updated check value is transmitted to the device via a connection authenticated using the at least one certificate, and the new check value is transmitted via a connection authenticated using the new certificate, and the new certificate is identified in the positive list only if the new check value or a third check value derived from the new check value matches the updated check value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14)
-
-
8. A method for updating a positive list for certificates from permitted communication partners of a device, comprising:
-
providing, by the device, a data structure for use as a positive list, the positive list including an entry for each permitted communication partner of the device, each entry having; a first identifier that explicitly identifies a permitted communication partner; a value of a predetermined certificate field that identifies a certificate as explicitly associated with the permitted communication partner; and a respective check value from at least one certificate of the permitted communication partner that explicitly identifies the at least one certificate; receiving, by the device, a new certificate from a communication partner; checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate; and including a new check value, which explicitly identifies the new certificate, in the positive list when the positive list has an entry having the identifier of the communication partner and the value of a predetermined certificate field from the new certificate wherein an updated check value is transmitted to the device via a connection authenticated using the at least one certificate, and the new check value is transmitted via a connection authenticated using the new certificate, and the new certificate is identified in the positive list only if the new check value or a third check value derived from the new check value matches the updated check value. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
providing a data structure for use as a positive list in a device, the positive list including an entry for a first permitted communication partner of the device, wherein the entry includes; a first identifier that explicitly identifies the first permitted communication partner; a value of a predetermined certificate field that identifies a first certificate as explicitly associated with the first permitted communication partner; and a first check value from the first certificate of the first permitted communication partner that explicitly identifies the first certificate; receiving, by the device, a second certificate from the first permitted communication partner; checking, by the device, whether the positive list has an entry having an identifier of the first permitted communication partner and a value of the predetermined certificate field that identifies the second certificate as explicitly associated with the first permitted communication partner; including a second check value in the entry when the positive list has an entry having an identifier of the first permitted communication partner and a value of the predetermined certificate field that identifies the second certificate as explicitly associated with the first permitted communication partner, wherein the second check value explicitly identifies the second certificate; and removing the first check value after a predetermined period of time, wherein an updated check value is transmitted to the device via a connection authenticated using the first certificate, and the second check value is transmitted via a connection authenticated using the second certificate, and the second certificate is identified in the positive list only if the second check value or a third check value derived from the second check value matches the updated check value.
-
Specification