| 发明名称 | Derived certificate based on changing identity | ||
| 摘要 | A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner. The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device. | ||
| 申请公布号 | US9313033(B2) | 申请公布日期 | 2016.04.12 |
| 申请号 | US201414340280 | 申请日期 | 2014.07.24 |
| 申请人 | BLACKBERRY LIMITED | 发明人 | Brown Michael Stephen;Tapuska David Francis |
| 分类号 | H04L9/32;H04L29/06 | 主分类号 | H04L9/32 |
| 代理机构 | Integral Intellectual Property Inc. | 代理人 | Integral Intellectual Property Inc. ;Paton Miriam;Scouten Amy |
| 主权项 | 1. A non-transitory computer-readable medium storing instructions for enabling a certificate authority service, and when the instructions are executed by a processor of a first device, cause the processor to: create for the first device a root certificate binding an identity of the first device to a long-term public key of the first device, the root certificate indicating that the root certificate is available for verifying digital signatures of derived certificates, wherein the root certificate is digitally signed using a long-term private key of the first device; generate a short-term public/private key pair consisting of a short-term public key of the first device and a short-term private key of the first device; and create for the first device a derived certificate binding at least one of one or more short-term identities acquired by a network module of the first device to the short-term public key of the first device, wherein the one or more short-term identities comprise one or more network addresses, and wherein the derived certificate is digitally signed using the long-term private key of the first device; and wherein the computer-readable medium further stores code which, when executed by the processor, causes the first device to: make the root certificate available to a second device in any trusted manner via any one of one or more communication interfaces of the first device; and send the derived certificate to the second device via any one of the one or more communication interfaces. | ||
| 地址 | Waterloo CA | ||