Invention Grant
US08484461B2 Method and apparatus for external organization path length validation within a public key infrastructure (PKI)
有权
公共密钥基础设施(PKI)内外部组织路径长度验证的方法和装置
- Patent Title: Method and apparatus for external organization path length validation within a public key infrastructure (PKI)
- Patent Title (中): 公共密钥基础设施(PKI)内外部组织路径长度验证的方法和装置
-
Application No.: US12241566Application Date: 2008-09-30
-
Publication No.: US08484461B2Publication Date: 2013-07-09
- Inventor: Anthony R. Metke , Donald E. Eastlake, III
- Applicant: Anthony R. Metke , Donald E. Eastlake, III
- Applicant Address: US IL Schaumburg
- Assignee: Motorola Solutions, Inc.
- Current Assignee: Motorola Solutions, Inc.
- Current Assignee Address: US IL Schaumburg
- Main IPC: H04L9/30
- IPC: H04L9/30
Abstract:
A method and apparatus for external organization (EO) path length (EOPL) validation are provided. A relying party node (RPN) stores a current EO path length constraint (EOPLC) value, and an EOPL counter that maintains a count of an actual external organization path length. The RPN obtains a chain of certificates that link a subject node (SN) to its trust anchor, and processes the certificates in the chain. When a certificate has a lower EOPLC than the current EOPLC value, the RPN replaces the current EOPLC value with the lower EOPLC. When the certificate currently being evaluated includes an enabled EO flag, the RPN increments the EOPL counter by one. The EOPL validation fails when the EOPL counter is greater than the current EOPLC value, and is successful when the last remaining certificate in the chain is processed without having the EOPL counter exceed the current EOPLC value.
Public/Granted literature
Information query
