SYSTEM AND METHOD FOR VALIDATING SCEP CERTIFICATE ENROLLMENT REQUESTS
摘要
A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
申请公布号
EP2954638(A1)
申请公布日期
2015.12.16
申请号
EP20130874296
申请日期
2013.03.28
申请人
CERTIFIED SECURITY SOLUTIONS, INC.
发明人
GALEHOUSE, GARY, A.;HARRIS, WAYNE, A.;SHORTER, EDWARD, R.;TAMBASCIO, KEVIN, M.