Invention Grant
US08745378B1 System and method for validating SCEP certificate enrollment requests
有权
用于验证SCEP证书注册请求的系统和方法
- Patent Title: System and method for validating SCEP certificate enrollment requests
- Patent Title (中): 用于验证SCEP证书注册请求的系统和方法
-
Application No.: US13762890Application Date: 2013-02-08
-
Publication No.: US08745378B1Publication Date: 2014-06-03
- Inventor: Gary A. Galehouse , Wayne A. Harris , Edward R. Shorter , Kevin M. Tambascio
- Applicant: Gary A. Galehouse , Wayne A. Harris , Edward R. Shorter , Kevin M. Tambascio
- Applicant Address: US OH Cleveland
- Assignee: Certified Security Solutions, Inc.
- Current Assignee: Certified Security Solutions, Inc.
- Current Assignee Address: US OH Cleveland
- Agency: Porter, Wright, Morris & Arthur, LLP
- Main IPC: H04L29/06
- IPC: H04L29/06
Abstract:
A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
Information query
