PROVISIONING AND MANAGING CERTIFICATES FOR ACCESSING SECURE SERVICES IN NETWORK

US 20140215207A1
Filed: 01/31/2013
Published: 07/31/2014
Est. Priority Date: 01/31/2013
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning and managing certificates in a network, the method comprising:

generating a signing certificate by a network device based on a root certificate of the network device;

signing a client-device certificate for a client device based on the signing certificate of the network device; and

providing the signed client-device certificate to the client device, wherein the client-device certificate allows the client device to access a secure service provided by the network device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for provisioning and managing of certificates in a network are described. In one implementation, a signing certificate is generated by a network device based on a root certificate of the network device. Based on the signing certificate of the network device, a client-device certificate is signed for a client device. The signed client-device certificate is provided to the client device for allowing the client device to access a secure service provided by the network device.

11 Citations

View as Search Results

15 Claims

1. A method for provisioning and managing certificates in a network, the method comprising:
- generating a signing certificate by a network device based on a root certificate of the network device;
  
  signing a client-device certificate for a client device based on the signing certificate of the network device; and
  
  providing the signed client-device certificate to the client device, wherein the client-device certificate allows the client device to access a secure service provided by the network device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, wherein the signing of the client-device certificate is based on an administrator approval of a certificate signing request received from the client device.
  - 3. The method as claimed in claim 1 further comprising:
    - receiving the client-device certificate, signed by the network device, from the client device;
      
      determining, by the network device, whether the client-device certificate is valid, wherein the determining is based on information associated with the client-device certificates signed by the network device; and
      
      allowing access of the secure service to the client device based on the determining.
  - 4. The method as claimed in claim 1 further comprising:
    - revoking the client-device certificate for the client device by the network device.
  - 5. The method as claimed in claim 4, wherein the revoking further comprises:
    - removing information associated with the client-device certificate, revoked by the network device, stored in the network device.
  - 6. The method as claimed in claim 4, wherein the revoking further comprises:
    - informing the client device about revocation of the client-device certificate.

7. A network device providing a secure service in a network, the network device comprising:
- a processor; and
  
  a certificate authority coupled to the processor to;
  
  generate a signing certificate based on a root certificate of the network device;
  
  receive, from a client device, a certificate signing request comprising a client-device certificate to be signed by the network device; and
  
  sign the client-device certificate based on the signing certificate of the network device; and
  
  a communication module coupled to the processor to;
  
  provide the client-device certificate, signed by the certificate authority, to the client device, wherein the client-device certificate is provided to allow the client device to access the secure service.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The network device as claimed in claim 7 further comprising an administrator coupled to the processor to:
    - revoke the client-device certificate for the client device, signed by the network device.
  - 9. The network device as claimed in claim 7, wherein the certificate authority stores certificate identifying information associated with the client-device certificate, signed by the network device, in the network device.
  - 10. The network device as claimed in claim 9, wherein the certificate identifying information associated with the client-device certificate comprises date of signing of the client-device certificate, serial number of the client-device certificate and identification attribute of the client device.
  - 11. The network device as claimed in claim 9, wherein the certificate authority determines validity of the client-device certificate received from the client device for accessing the secure service, the validity is determined based on the certificate identifying information stored in the network device.
  - 12. The network device as claimed in claim 11, wherein the communication module establishes an application SSL connection of the network device with the client device based on the client-device certificate received from the client device, and the communication module allows accessing of the secure service to the client device, over the application SSL connection, based on the validity of the client-device certificate.
  - 13. The network device as claimed in claim 7, wherein the certificate authority incorporates a network device identifier in the client-device certificate signed by the network device.

14. A non-transitory computer-readable medium comprising instructions executable by a processor to:
- generate a signing certificate in a network device based on a root certificate of the network device;
  
  receive a certificate signing request in the network device from a client device over an encrypted SSL connection, the certificate signing request comprises a client-device certificate to be signed;
  
  sign the client-device certificate in the network device, the client-device certificate is signed based on the signing certificate of the network device; and
  
  provide the client-device certificate, signed in the network device, to the client device over the encrypted SSL connection, wherein the client-device certificate is provided for allowing the client device to access a secure service provided by the network device.
- View Dependent Claims (15)
- - 15. The non-transitory computer-readable medium as claimed in claim 14 comprising instructions executable by the processor to:
    - revoke the client-device certificate provided by the network device for the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Datta, Kaushik, Mills, Craig J.

Granted Patent

US 9,325,697 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/10 for controlling access to d...

PROVISIONING AND MANAGING CERTIFICATES FOR ACCESSING SECURE SERVICES IN NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

PROVISIONING AND MANAGING CERTIFICATES FOR ACCESSING SECURE SERVICES IN NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links