Invention Grant
- Patent Title: Policy-based security certificate filtering
- Patent Title (中): 基于策略的安全证书过滤
-
Application No.: US13111907Application Date: 2011-05-19
-
Publication No.: US08458768B2Publication Date: 2013-06-04
- Inventor: Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
- Applicant: Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agent Marcia L. Doubet
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
Public/Granted literature
- US20110219442A1 Policy-Based Security Certificate Filtering Public/Granted day:2011-09-08
Information query
