METHOD AND APPARATUS FOR AUTOMATING SELECTION OF CERTIFICATE MANAGEMENT POLICIES DURING ISSUANCE OF A CERTIFICATE
First Claim
Patent Images
1. A method comprising;
- receiving, by a Public Key Infrastructure (PKI) device, a certificate signing request from an end entity;
obtaining, by the PKI device, at least one of;
a controlling attribute of at least one PKI device associated with processing of the certificate signing request; and
a controlling attribute associated with the certificate signing request;
obtaining, by the PKI device, an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute;
determining, by the PKI device and based on an obtained EEPO, at least one attribute and at least one value associated with the at least one attribute that is to be included in a certificate; and
issuing, by the PKI device to the end entity, the certificate including the at least one attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
A Public Key Infrastructure (PM) device receives a certificate signing request (CSR) from an end entity. The PKI device obtains at least one of: a controlling attribute of at least one PKI device associated with processing of the certificate signing request and a controlling attribute associated with the CSR. The PKI device obtains an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute. Based on the obtained EEPO, the PKI device determines at least one attribute and at least one value associated with the attribute this is to be included in a certificate and issues, to the end entity, the certificate including the at least one attribute.
6 Citations
20 Claims
-
1. A method comprising;
-
receiving, by a Public Key Infrastructure (PKI) device, a certificate signing request from an end entity; obtaining, by the PKI device, at least one of; a controlling attribute of at least one PKI device associated with processing of the certificate signing request; and a controlling attribute associated with the certificate signing request; obtaining, by the PKI device, an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute; determining, by the PKI device and based on an obtained EEPO, at least one attribute and at least one value associated with the at least one attribute that is to be included in a certificate; and issuing, by the PKI device to the end entity, the certificate including the at least one attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A Public Key Infrastructure (PKI) apparatus comprising:
-
an end entity configured to generate and transmit a certificate signing request; at least one PKI device configured to receive the certificate signing request, the at least one PKI device comprising a certificate policy engine that is configured to; obtain at least one of; a controlling attribute of the at least one PKI device associated with processing of the certificate signing request; and a controlling attribute associated with the certificate signing request; obtain an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute; determine, based on an obtained EEPO, at least one attribute and at least one value associated with the at least attribute that is to be included in a certificate; and issue to the end entity, the certificate including the at least one attribute. - View Dependent Claims (12, 13, 14, 16, 17, 18, 19, 20)
-
-
15. A Public Key Infrastructure (PKI) device comprising:
-
a memory; a transceiver configured to receive a certificate signing request from an end entity; a processor configured to implement a certificate policy engine that performs a set of functions including; obtaining at least one of; a controlling attribute of at least one PKI device associated with processing of the certificate signing request; and a controlling attribute associated with the certificate signing request; obtaining an end entity policy object (EEPO) to be associated with the end entity based on at least one obtained controlling attribute; determining, based on an obtained EEPO, at least one attribute and at least one value associated with the at least one attribute that is to be included in a certificate; and issuing, to the end entity, the certificate including the at least one attribute.
-
Specification