Security certificate management

US 7,827,400 B2
Filed: 07/28/2005
Issued: 11/02/2010
Est. Priority Date: 07/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method for initiating a secure link between a mobile platform system operated by a mobile platform operator and a remote system without manual intervention, said method comprising:

generating and digitally signing a static certificate using information concerning an identity of the mobile platform operator;

issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform;

automatically generating a dynamic certificate utilizing the OCS and information concerning an identity of the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate;

transmitting the dynamic certificate to at least one central computer system (CCS) located remotely from the mobile platform over a communications link between the OCS and the CCS;

verifying that the dynamic certificate is from a trusted source utilizing the CCS, thereby initiating a secure link between the OCS and the CCS;

generating and sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;

wherein said issuing the static certificate to the OCS comprises encoding the static certificate into a configuration file; and

wherein said issuing the static certificate further comprises executing a first portion of an authentication software application (ASA1) stored in the OCS upon turning on the OCS to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for establishing a mutually authenticated secure link between a mobile platform system and a remote system is provided. An onboard computer system (OCS) generates a dynamic certificate and digitally signs the dynamic certificate with a static certificate. The dynamic certificate is transmitted to a remote central computer system (CCS). The CCS verifies that the dynamic certificate is from a trusted source and sends a return dynamic certificate electronically signed with the static certificate to the OCS. The OCS verifies the return dynamic certificate is from the CCS, thereby establishing a mutually authenticated secure link between the OCS and the CCS.

26 Citations

View as Search Results

12 Claims

1. A method for initiating a secure link between a mobile platform system operated by a mobile platform operator and a remote system without manual intervention, said method comprising:
- generating and digitally signing a static certificate using information concerning an identity of the mobile platform operator;
  
  issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform;
  
  automatically generating a dynamic certificate utilizing the OCS and information concerning an identity of the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate;
  
  transmitting the dynamic certificate to at least one central computer system (CCS) located remotely from the mobile platform over a communications link between the OCS and the CCS;
  
  verifying that the dynamic certificate is from a trusted source utilizing the CCS, thereby initiating a secure link between the OCS and the CCS;
  
  generating and sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;
  
  wherein said issuing the static certificate to the OCS comprises encoding the static certificate into a configuration file; and
  
  wherein said issuing the static certificate further comprises executing a first portion of an authentication software application (ASA1) stored in the OCS upon turning on the OCS to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said generating the dynamic certificate comprises:
    - configuring the CCS to communicate with the OCS using the OCS identification information.
  - 3. The method of claim 1, wherein said generating the dynamic certificate comprises:
    - automatically providing an electronic signature for the dynamic certificate using the static certificate; and
      
      automatically storing the dynamic certificate in the OCS.
  - 4. The method of claim 1, wherein said verifying that the dynamic certificate is from a trusted source comprises executing a second portion of an authentication software application (ASA2) stored in the CCS to verify that the dynamic certificate was digitally signed with the static certificate.
  - 5. The method of claim 1, wherein the method further comprises verifying that the return dynamic certificate is from the CCS, utilizing the OCS, thereby establishing a mutually authenticated secure link between the OCS and the CCS.
  - 6. The method of claim 5, wherein the method further comprises utilizing the mutually authenticated secure link as a virtual private network (VPN) for communication between the mobile platform and the CCS.

7. A method for establishing a mutually authenticated secure link between a mobile platform system operated by a mobile platform operator, and a remote system, said method comprising:
- generating and digitally signing a static certificate using information identifying the mobile platform operator;
  
  storing the static certificate in an electronic storage device (ESD) of at least one central computer system (CCS) located remotely from the mobile platform;
  
  issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform;
  
  automatically generating a dynamic certificate utilizing the OCS and information identifying the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate;
  
  transmitting the dynamic certificate to the CCS over a communications link initiated between the OCS and the CCS;
  
  verifying, utilizing the CCS, that the dynamic certificate is from a trusted source;
  
  sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;
  
  verifying, utilizing the OCS, that the return dynamic certificate is from the CCS, thereby establishing a mutually authenticated link between the OCS and the CCS;
  
  wherein the method further comprises sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;
  
  wherein said issuing the static certificate comprises;
  
  encoding the static certificate into a configuration file;
  
  loading the configuration file including the static certificate into the OCS; and
  
  wherein said loading the configuration file comprises executing a first portion of a first portion of an authentication software application (ASA1) to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file in the OCS upon turning on the OCS.
- View Dependent Claims (8, 9, 12)
- - 8. The method of claim 7, wherein said generating the dynamic certificate comprises:
    - automatically obtaining the OCS identification information and including the OCS identification information in the dynamic certificate; and
      
      storing the dynamic certificate in the OCS.
  - 9. The method of claim 7, wherein said verifying that the dynamic certificate is from a trusted source comprises execution of a second portion of an authentication software application (ASA2) stored in the CCS to verify that the dynamic certificate was digitally signed with the static certificate.
  - 12. The system of claim 9, wherein said execution of the ASA1 is further adapted to:
    - verify that the return dynamic certificate is signed with the static certificate, thereby establishing the mutually authenticated secure link between the OCS and the CCS, wherein the mutually authenticated secure link provides a virtual private network (VPN) for communication between the mobile platform and the CCS.

10. A system for establishing a mutually authenticated secure communications link between a mobile platform operated by a mobile platform operator, and a remote computer network, said system comprising:
- a static certificate including information concerning the mobile platform operator, created by a computer system of the mobile platform operator;
  
  at least one onboard computer system (OCS) of the mobile platform including a OCS processor adapted to execute a first portion of an authentication software application (ASA1) stored in the OCS; and
  
  at least one central computer system (CCS) located remotely from the mobile platform adapted to wirelessly communicate with the OCS, the CCS including a CCS processor adapted to execute a second portion of the authentication software application (ASA2) stored in the CCS;
  
  wherein the execution of the ASA1 is adapted to;
  
  automatically generate and digitally sign a dynamic certificate with the static certificate created by the mobile platform operator computer system and issued by the CCS, the dynamic certificate being created using information concerning the identity of the OCS and an identity of the mobile platform on which the OCS is being used; and
  
  automatically transmit the dynamic certificate to the CCS via a wireless communication link between the OCS and the CCS; and
  
  wherein the execution of the ASA1 is adapted to;
  
  store the static certificate in an electronic storage device (ESD) of the CCS;
  
  issue the static certificate to OCS;
  
  verify that the dynamic certificate is signed with the static certificate;
  
  send a return dynamic certificate electronically signed with the static certificate to the OCS to establish a mutually authenticated link between the OCS and the CCS;
  
  wherein to issue the static certificate to the OCS, execution of the ASA2 is further adapted to encode the static certificate into a configuration file; and
  
  wherein to generate and digitally sign a dynamic certificate, execution of the ASA1 is further adapted to automatically delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS upon turning on the OCS.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein said execution of the ASA1 is further adapted to verify that the return dynamic certificate is signed with the static certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Cloutier, John M, Smith, Denise M, Loving, Kent, Pollock, Bruce, Savage, David E, Allen, David L
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Mehedi; Morshed

Application Number

US11/191,622
Publication Number

US 20070028095A1
Time in Patent Office

1,923 Days
Field of Search

726/2, 713/176, 713/156, 380/270
US Class Current

713/156
CPC Class Codes

G06F 21/33 using certificates

H04L 63/0869 for achieving mutual authen...

Security certificate management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Security certificate management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links