System and method for validating SCEP certificate enrollment requests

Invention Grant

US08832432B2 System and method for validating SCEP certificate enrollment requests 有权

Please log in to see more content

Patent Title: System and method for validating SCEP certificate enrollment requests
Application No.: US13965841

Application Date: 2013-08-13
Publication No.: US08832432B2

Publication Date: 2014-09-09
Inventor: Gary A. Galehouse , Wayne A. Harris , Edward R. Shorter , Kevin M. Tambascio
Applicant: Gary A. Galehouse , Wayne A. Harris , Edward R. Shorter , Kevin M. Tambascio
Applicant Address: US OH Cleveland
Assignee: Certified Security Solutions, Inc.
Current Assignee: Certified Security Solutions, Inc.
Current Assignee Address: US OH Cleveland
Agency: Porter, Wright, Morris & Arthur, LLP
Main IPC: H04L29/06
IPC: H04L29/06

System and method for validating SCEP certificate enrollment requests

Abstract:

A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.

Public/Granted literature

US20130332726A1 SYSTEM AND METHOD FOR VALIDATING SCEP CERTIFICATE ENROLLMENT REQUESTS Public/Granted day:2013-12-12

Information query

Espacenet