System and method for installing trust anchors in an endpoint
First Claim
1. A method of updating a certificate trust list on a first endpoint, comprising:
- receiving an initial certificate trust list at the first endpoint, the initial certificate trust list comprising authentication data for at least a second endpoint;
receiving information at the first endpoint, the information signed with a digital signature;
initiating authentication of the digital signature against the authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint; and
after successful authentication, updating the initial certificate trust list with the information to yield an updated certificate trust list.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the present invention, a method of updating a certificate trust list on a first endpoint includes receiving an initial certificate trust list at the first endpoint. The initial certificate trust list includes authentication data for at least a second endpoint. Digitally signed information is received at the first endpoint and authentication is initiated against the authentication data for the at least a second endpoint. The authentication occurs only if the digital signature is complementary to the authentication data for the at least a second endpoint. After successful authentication, the initial certificate trust list is updated with the information to yield an updated certificate trust list.
41 Citations
20 Claims
-
1. A method of updating a certificate trust list on a first endpoint, comprising:
-
receiving an initial certificate trust list at the first endpoint, the initial certificate trust list comprising authentication data for at least a second endpoint;
receiving information at the first endpoint, the information signed with a digital signature;
initiating authentication of the digital signature against the authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint; and
after successful authentication, updating the initial certificate trust list with the information to yield an updated certificate trust list. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of updating a certificate trust list on a first endpoint, comprising:
-
digitally signing information with a digital signature of a second endpoint;
transmitting the information to the first endpoint wherein;
the first endpoint comprises an initial certificate trust list comprising authentication data for the second endpoint;
the first endpoint authenticates the digital signature with the authentication data for the second endpoint; and
after successful authentication, the first endpoint updates the initial certificate trust list with the information to yield an updated certificate trust list.
-
-
7. A system for updating a certificate trust list on a first endpoint, the system comprising:
-
a communication medium, operable to transmit information to the first endpoint, the information signed with a digital signature of at least a second endpoint; and
the first endpoint comprising;
memory operable to store a certificate trust list, the certificate trust list comprising authentication data corresponding to at least a second endpoint; and
logic encoded in media, operable to;
initiate authentication of the digital signature against authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint, and after successful authentication, update the initial certificate trust list with the information to yield an updated certificate trust list.
-
-
8. Logic encoded in media such that when executed is operable to:
-
digitally sign information with a digital signature of a second endpoint; and
transmit the information to the first endpoint wherein;
the first endpoint comprises an initial certificate trust list comprising authentication data for the second endpoint;
the first endpoint authenticates the digital signature with the authentication data for the second endpoint; and
after successful authentication, the first endpoint updates the initial certificate trust list with the information to yield an updated certificate trust list.
-
-
9. An apparatus comprising:
-
means for digitally signing information with a digital signature of a second endpoint; and
means for transmitting the information to the first endpoint wherein;
the first endpoint comprises an initial certificate trust list comprising authentication data for the second endpoint;
the first endpoint authenticates the digital signature with the authentication data for the second endpoint; and
after successful authentication, the first endpoint updates the initial certificate trust list with the information to yield an updated certificate trust list.
-
-
10. Logic encoded in media such that when executed is operable to:
-
receive an initial certificate trust list at a first endpoint, the initial certificate trust list comprising authentication data for at least a second endpoint;
receive information at the first endpoint, the information signed with a digital signature;
initiate authentication of the digital signature against authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint; and
after successful authentication, update the initial certificate trust list with the information to yield an updated certificate trust list. - View Dependent Claims (11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
means for receiving an initial certificate trust list at the first endpoint, the initial certificate trust list comprising authentication data for at least a second endpoint;
means for receiving information at the first endpoint, the information signed with a digital signature;
means for initiating authentication of the digital signature against the authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint; and
after successful authentication, means for updating the initial certificate trust list with the information to yield an updated certificate trust list. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method of updating a certificate trust list on a first endpoint, comprising:
-
receiving an initial certificate trust list at the first endpoint, the initial certificate trust list comprising authentication data for at least a second endpoint;
receiving information at the first endpoint, the information signed with a digital signature;
initiating authentication of the digital signature against the authentication data for the at least a second endpoint, the authentication occurring only if the digital signature is complementary to the authentication data for the at least a second endpoint;
verifying that the at least a second endpoint has a privilege of an administrator; and
after successful authentication and verification, updating the initial certificate trust list with the information to yield an updated certificate trust list.
-
Specification