Mobile certificate distribution in a PKI
First Claim
1. A method of distributing certificates to a plurality of mobile devices capable of communicating directly with each other comprising:
- attempting to establish a mobile ad hoc network (MANET) between said plurality of mobile devices at periodic predetermined times; and
if said MANET can be established such that at least one of said plurality of mobile devices in said MANET is capable of obtaining certificates, distributing a certificate through said MANET to one or more of said plurality of mobile devices.
7 Assignments
0 Petitions
Accused Products
Abstract
A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.
39 Citations
20 Claims
-
1. A method of distributing certificates to a plurality of mobile devices capable of communicating directly with each other comprising:
-
attempting to establish a mobile ad hoc network (MANET) between said plurality of mobile devices at periodic predetermined times; and if said MANET can be established such that at least one of said plurality of mobile devices in said MANET is capable of obtaining certificates, distributing a certificate through said MANET to one or more of said plurality of mobile devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of distributing certificates in a mobile ad-hoc network (MANET), said MANET having an access point for connecting to a communication network and comprising a plurality of mobile devices to be connected to said communication network through said access point, said method comprising
retrieving at said access point, a plurality of certificates associated with respective ones of said plurality of mobile devices; -
storing said plurality of certificates at said access point; and upon establishing said MANET, forwarding said certificates through said MANET to said respective ones of said plurality of mobile devices. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of securely setting a time source in a first mobile device capable of communicating with a second mobile device, said method comprising said first mobile device:
-
establishing a shared secret with said second device using certificates; storing said shared secret in a non-volatile memory; authenticating said second device using said shared secret; and obtaining a time from said second device to enable said time source to be set. - View Dependent Claims (17, 18)
-
-
19. A method of a first mobile device validating a second mobile device, wherein said first and second mobile devices are capable of communicating with each other, said method comprising:
-
said first mobile device obtaining a certificate from said second device; said first mobile device determining if said certificate has expired; if said certificate has not expired, said first mobile device using said certificate to validate said second mobile device; and if said certificate has expired, said first mobile device obtaining another certificate for said second mobile device using a pointer provided by said second mobile device and validating said second mobile device using said another certificate.
-
-
20. A method of distributing certificates when a first mobile device is unable to retrieve a certificate at a first time due to a lack of connectivity to a network, said method comprising:
-
if said certificate has not been obtained by a second time, said first mobile device requesting assistance of other devices; having a second device from said other devices which has connectivity to said network request said certificate on behalf of said first device; upon obtaining said certificate, said second device reestablishing communication with said first device; and said second device sending said certificate to said first device.
-
Specification