Security certificate management
First Claim
1. A method for initiating a secure link between a mobile platform system operated by a mobile platform operator and a remote system without manual intervention, said method comprising:
- generating and digitally signing a static certificate using information concerning an identity of the mobile platform operator;
issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform;
automatically generating a dynamic certificate utilizing the OCS and information concerning an identity of the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate;
transmitting the dynamic certificate to at least one central computer system (CCS) located remotely from the mobile platform over a communications link between the OCS and the CCS;
verifying that the dynamic certificate is from a trusted source utilizing the CCS, thereby initiating a secure link between the OCS and the CCS;
generating and sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;
wherein said issuing the static certificate to the OCS comprises encoding the static certificate into a configuration file; and
wherein said issuing the static certificate further comprises executing a first portion of an authentication software application (ASA1) stored in the OCS upon turning on the OCS to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for establishing a mutually authenticated secure link between a mobile platform system and a remote system is provided. An onboard computer system (OCS) generates a dynamic certificate and digitally signs the dynamic certificate with a static certificate. The dynamic certificate is transmitted to a remote central computer system (CCS). The CCS verifies that the dynamic certificate is from a trusted source and sends a return dynamic certificate electronically signed with the static certificate to the OCS. The OCS verifies the return dynamic certificate is from the CCS, thereby establishing a mutually authenticated secure link between the OCS and the CCS.
26 Citations
12 Claims
-
1. A method for initiating a secure link between a mobile platform system operated by a mobile platform operator and a remote system without manual intervention, said method comprising:
-
generating and digitally signing a static certificate using information concerning an identity of the mobile platform operator; issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform; automatically generating a dynamic certificate utilizing the OCS and information concerning an identity of the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate; transmitting the dynamic certificate to at least one central computer system (CCS) located remotely from the mobile platform over a communications link between the OCS and the CCS; verifying that the dynamic certificate is from a trusted source utilizing the CCS, thereby initiating a secure link between the OCS and the CCS; generating and sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS; wherein said issuing the static certificate to the OCS comprises encoding the static certificate into a configuration file; and wherein said issuing the static certificate further comprises executing a first portion of an authentication software application (ASA1) stored in the OCS upon turning on the OCS to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing a mutually authenticated secure link between a mobile platform system operated by a mobile platform operator, and a remote system, said method comprising:
-
generating and digitally signing a static certificate using information identifying the mobile platform operator; storing the static certificate in an electronic storage device (ESD) of at least one central computer system (CCS) located remotely from the mobile platform; issuing the static certificate to at least one onboard computer system (OCS) of the mobile platform; automatically generating a dynamic certificate utilizing the OCS and information identifying the OCS and an identity of the mobile platform that the OCS is being used on, and digitally signing the dynamic certificate with the static certificate; transmitting the dynamic certificate to the CCS over a communications link initiated between the OCS and the CCS; verifying, utilizing the CCS, that the dynamic certificate is from a trusted source;
sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS;verifying, utilizing the OCS, that the return dynamic certificate is from the CCS, thereby establishing a mutually authenticated link between the OCS and the CCS; wherein the method further comprises sending a return dynamic certificate electronically signed with the static certificate from the CCS to the OCS; wherein said issuing the static certificate comprises; encoding the static certificate into a configuration file; loading the configuration file including the static certificate into the OCS; and wherein said loading the configuration file comprises executing a first portion of a first portion of an authentication software application (ASA1) to delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file in the OCS upon turning on the OCS. - View Dependent Claims (8, 9, 12)
-
-
10. A system for establishing a mutually authenticated secure communications link between a mobile platform operated by a mobile platform operator, and a remote computer network, said system comprising:
-
a static certificate including information concerning the mobile platform operator, created by a computer system of the mobile platform operator; at least one onboard computer system (OCS) of the mobile platform including a OCS processor adapted to execute a first portion of an authentication software application (ASA1) stored in the OCS; and at least one central computer system (CCS) located remotely from the mobile platform adapted to wirelessly communicate with the OCS, the CCS including a CCS processor adapted to execute a second portion of the authentication software application (ASA2) stored in the CCS; wherein the execution of the ASA1 is adapted to; automatically generate and digitally sign a dynamic certificate with the static certificate created by the mobile platform operator computer system and issued by the CCS, the dynamic certificate being created using information concerning the identity of the OCS and an identity of the mobile platform on which the OCS is being used; and automatically transmit the dynamic certificate to the CCS via a wireless communication link between the OCS and the CCS; and wherein the execution of the ASA1 is adapted to; store the static certificate in an electronic storage device (ESD) of the CCS; issue the static certificate to OCS; verify that the dynamic certificate is signed with the static certificate;
send a return dynamic certificate electronically signed with the static certificate to the OCS to establish a mutually authenticated link between the OCS and the CCS;wherein to issue the static certificate to the OCS, execution of the ASA2 is further adapted to encode the static certificate into a configuration file; and wherein to generate and digitally sign a dynamic certificate, execution of the ASA1 is further adapted to automatically delete preexisting pertinent authorization, authentication and static certificate data stored in the OCS, and load the configuration file into the OCS upon turning on the OCS. - View Dependent Claims (11)
-
Specification