Authenticating a node in a communication network

摘要

A method and apparatus for authenticating a first node's identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node's identity can be authenticated but if the certificates do not match, then the first node's identity cannot be authenticated. The results of the comparison are then sent to the second node.

主权项

1. A method of determining a reputation score for a digital certificate offered by a remote computer node in a computer communication network, the method comprising:
at a client computer node in the computer communication network,
receiving from the remote computer node the digital certificate, via a network interface to which the client is connected;comparing data relating to the received certificate with further data stored in a certificates database stored at the client node, that further data comprising data relating to one or more certificates offered by said remote node via one or more different network interfaces, wherein the comparing comprises comparing data identifying the network interface(s) via which each of the certificates is offered; anddetermining a reputation score for the received certificate based on the comparison, and determining whether to trust the received certificate using the reputation score.