Mobile certificate distribution in a PKI

US 8,792,860 B2
Filed: 09/14/2012
Issued: 07/29/2014
Est. Priority Date: 02/06/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method performed by a certificate authority (CA) device for distributing certificates from the CA device to a first mobile device in a mobile ad hoc network (MANET), the MANET comprising the first mobile device, a second mobile device, and one or more access points (APs) for connecting to a communication network, the CA device capable of communicating with the one or more APs over the communication network, the method comprising:

obtaining information pertaining to the one or more APs of which the first mobile device and the second mobile device are within range;

determining the first mobile device was more recently in communication with the CA device compared to the second mobile device; and

sending a certificate to the one or more APs to enable the first mobile device to obtain the certificate when coming into range with the one or more APs.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing certificate issuance and revocation checks involving mobile devices in a mobile ad-hoc network (MANET). The wireless devices communicate with each other via Bluetooth wireless technology in the MANET, with an access point (AP) to provide connectivity to the Internet. A Certificate authority (CA) distributes certificates and certification revocation lists (CRLs) to the devices via the access point (AP). Each group of devices has the name of the group associated with the certificate and signed by the CA. A device that is out of the radio range of the access point may still connect to the CA to validate a certificate or download the appropriate CRL by having all the devices participate in the MANET.

9 Citations

View as Search Results

19 Claims

1. A method performed by a certificate authority (CA) device for distributing certificates from the CA device to a first mobile device in a mobile ad hoc network (MANET), the MANET comprising the first mobile device, a second mobile device, and one or more access points (APs) for connecting to a communication network, the CA device capable of communicating with the one or more APs over the communication network, the method comprising:
- obtaining information pertaining to the one or more APs of which the first mobile device and the second mobile device are within range;
  
  determining the first mobile device was more recently in communication with the CA device compared to the second mobile device; and
  
  sending a certificate to the one or more APs to enable the first mobile device to obtain the certificate when coming into range with the one or more APs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising, prior to the CA device sending the certificate to the one or more APs for the first mobile device, the CA device detecting that bandwidth is limited for both the first mobile device and the second mobile device.
  - 3. The method of claim 1 further comprising, prior to the CA device sending the certificate to the one or more APs for the first mobile device, the CA device detecting that memory is limited for both the first mobile device and the second mobile device.
  - 4. The method of claim 1 wherein at least one of the first mobile device and the second mobile device are configured to communicate with other mobile devices in the MANET.
  - 5. The method of claim 1 wherein the certificate information comprises a subset of full certificate information and the subset includes changed timing information and a signature.
  - 6. The method of claim 1 wherein the MANET is established at periodic predetermined times.
  - 7. The method of claim 6 wherein a time period for which the certificate is valid is correlated to the periodic predetermined times.
  - 8. The method of claim 1 further comprising:
    - if the CA device receives an acknowledgement that the first mobile device has received the certificate before a certain time, the CA device does not distribute the certificate for a time period subsequent to the certain time.
  - 9. The method of claim 8 wherein the acknowledgement includes a signature of the certificate signed by the first mobile device'"'"'s private key.

10. A non-transitory computer readable medium comprising processor implemented instructions executable by a certificate authority (CA) device for distributing certificates from the CA device to a first mobile device in a mobile ad hoc network (MANET), the MANET comprising the first mobile device, a second mobile device, and one or more access points (APs) for connecting to a communication network, the CA device capable of communicating with the one or more APs over the communication network, the instructions comprising:
- obtaining information pertaining to the one or more APs of which the first mobile device and the second mobile device are within range;
  
  determining the first mobile device was more recently in communication with the CA device compared to the second mobile device; and
  
  sending a certificate to the one or more APs to enable the first mobile device to obtain the certificate when coming into range with the one or more APs.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer readable medium of claim 10 further comprising, prior to the CA device sending the certificate to the one or more APs for the first mobile device, the CA device detecting that bandwidth is limited for both the first mobile device and the second mobile device.
  - 12. The non-transitory computer readable medium of claim 10 further comprising, prior to the CA device sending the certificate to the one or more APs for the first mobile device, the CA device detecting that memory is limited for both the first mobile device and the second mobile device.
  - 13. The non-transitory computer readable medium of claim 10 wherein at least one of the first mobile device and the second mobile device are configured to communicate with other mobile devices in the MANET.
  - 14. The non-transitory computer readable medium of claim 10 wherein the certificate information comprises a subset of full certificate information and the subset includes changed timing information and a signature.
  - 15. The non-transitory computer readable medium of claim 10 wherein the MANET is established at periodic predetermined times.
  - 16. The non-transitory computer readable medium of claim 15 wherein a time period for which the certificate is valid is correlated to the periodic predetermined times.
  - 17. The non-transitory computer readable medium of claim 10 further comprising:
    - if the CA device receives an acknowledgement that the first mobile device has received the certificate before a certain time, the CA device does not distribute the certificate for a time period subsequent to the certain time.
  - 18. The non-transitory computer readable medium of claim 17 wherein the acknowledgement includes a signature of the certificate signed by the first mobile device'"'"'s private key.

19. A certificate authority (CA) device configured to communicate with one more access points (APs) over a communication network in a mobile ad hoc network (MANET), the MANET comprising a first mobile device, a second mobile device, and the one or more APs for connecting to the communication network, the CA device comprising a processor configured to distribute certificates from the CA device to the first mobile device, the processor configure to at least:
- obtain information pertaining to the one or more APs of which the first mobile device and the second mobile device are within range;
  
  determine the first mobile device was more recently in communication with the CA device compared to the second mobile device; and
  
  send a certificate to the one or more APs to enable the first mobile device to obtain the certificate when coming into range with the one or more APs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Willey, William Daniel, Blake-Wilson, Simon
Primary Examiner(s)
Nguyen, Lee

Application Number

US13/620,274
Publication Number

US 20130016840A1
Time in Patent Office

683 Days
Field of Search

455/41.2, 455/41.3, 455410-411, 380/247, 380/270, 713168-172
US Class Current

455/410
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/3268   using certificate validatio...

H04W 12/041   Key generation or derivation

H04W 12/069   using certificates or pre-s...

H04W 4/06   Selective distribution of b...

H04W 84/18   Self-organising networks, e...

Mobile certificate distribution in a PKI

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile certificate distribution in a PKI

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links