Provisioning and managing certificates for accessing secure services in network
First Claim
Patent Images
1. A method for provisioning and managing certificates in a network, the method comprising:
- generating a signing certificate by a network device based on a root certificate of the network device;
signing a client-device certificate for a client device based on the signing certificate of the network device; and
providing the signed client-device certificate to the client device, wherein the client-device certificate allows the client device to access a secure service provided by the network device;
wherein the signed client-device certificate is specifically associated with the network device and does not allow the client device to access a secure service provided by another network device, andthe signed client-device certificate includes a first Media Access Control (MAC) address, wherein if a second MAC address used by a client device requesting access to a secure service does not match the first MAC address, a connection between the network device and the client device is terminated.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for provisioning and managing of certificates in a network are described. In one implementation, a signing certificate is generated by a network device based on a root certificate of the network device. Based on the signing certificate of the network device, a client-device certificate is signed for a client device. The signed client-device certificate is provided to the client device for allowing the client device to access a secure service provided by the network device.
19 Citations
20 Claims
-
1. A method for provisioning and managing certificates in a network, the method comprising:
-
generating a signing certificate by a network device based on a root certificate of the network device; signing a client-device certificate for a client device based on the signing certificate of the network device; and providing the signed client-device certificate to the client device, wherein the client-device certificate allows the client device to access a secure service provided by the network device; wherein the signed client-device certificate is specifically associated with the network device and does not allow the client device to access a secure service provided by another network device, and the signed client-device certificate includes a first Media Access Control (MAC) address, wherein if a second MAC address used by a client device requesting access to a secure service does not match the first MAC address, a connection between the network device and the client device is terminated. - View Dependent Claims (2, 3, 4, 5, 6, 18)
-
-
7. A network device providing a secure service in a network, the network device comprising:
-
a processor; and a certificate authority coupled to the processor to; generate a signing certificate based on a root certificate of the network device; receive, from a client device, a certificate signing request comprising a client-device certificate to be signed by the network device; sign the client-device certificate based on the signing certificate of the network device; store, in the network device, information relating to said client-device certificate in a certificate generation list of client device certificates signed by the network device; store, in another network location, a copy of the certificate generation list; and when a determination is made to revoke the client-device certificate, revoke the client-device certificate for the client device, signed by the network device, by removing information relating to the client-device certificate from the certificate generation list stored in the network device and from the copy of the certificate generation list stored in another network location; and sending notification of the revocation to the client device; and a communication module coupled to the processor to; provide the client-device certificate, signed by the certificate authority, to the client device, wherein the client-device certificate is provided to allow the client device to access the secure service, wherein failure to provide a client-device certificate that appears on the certificate generation list results in denial of access to the secure service. - View Dependent Claims (8, 9, 10, 11, 12, 17, 19, 20)
-
-
13. A non-transitory computer-readable medium comprising instructions executable by a processor to:
-
generate a signing certificate in a network device based on a root certificate of the network device; receive a certificate signing request in the network device from a client device over an encrypted SSL connection, the certificate signing request comprises a client-device certificate to be signed; sign the client-device certificate in the network device, the client-device certificate is signed based on the signing certificate of the network device; store information relating to the signed client-device certificate in a certificate generation list in the network device; and provide the client-device certificate, signed in the network device, to the client device over the encrypted SSL connection, wherein the client-device certificate is provided for allowing the client device to access a secure service provided by the network device; wherein the client device possesses a plurality of certificates for different devices on the network, each certificate allowing access to a different network device, wherein revocation of one certificate does not result in the revocation of other certificates held by the client device. - View Dependent Claims (14, 15, 16)
-
Specification