CA2578186A1 - System and method for access control - Google Patents

System and method for access control Download PDF

Info

Publication number
CA2578186A1
CA2578186A1 CA002578186A CA2578186A CA2578186A1 CA 2578186 A1 CA2578186 A1 CA 2578186A1 CA 002578186 A CA002578186 A CA 002578186A CA 2578186 A CA2578186 A CA 2578186A CA 2578186 A1 CA2578186 A1 CA 2578186A1
Authority
CA
Canada
Prior art keywords
identifier
server
gateway
encryption key
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002578186A
Other languages
French (fr)
Other versions
CA2578186C (en
Inventor
Tet Hin Yeap
Dafu Lou
William J. O'brien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BCE Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2578186A1 publication Critical patent/CA2578186A1/en
Application granted granted Critical
Publication of CA2578186C publication Critical patent/CA2578186C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Abstract

A system and method for access control is provided. In one embodiment, a system includes a computing device connected to an access server that controls the ability of the computing device to access to a computing resource, such as the Internet.
The access server connects to an activation server via a network. The activation server is operable to receive a request for to generate a certificate for the computing device from the activation server. The activation server is operable to generate the certificate and embed a unique identifier of the computing device and/or the access server and/or the like inside the certificate. Once generated, the certificate is installed in the computing device. When the computing device initiates a request to access the computing resource, the computing device initially sends the certificate to the access server. If the certificate received by the access server does not include the expected unique identifier(s), then access to the computing resource is prevented and/or restricted. If the key received by the access server includes the expected unique identifier(s), then access to the computing resource is permitted.

Claims (54)

1. In a gateway server, a method of controlling access to a resource comprising:

receiving a digital certificate from a device;
extracting an identifier embedded into said certificate;
determining if said identifier is valid;

if said identifier is determined to be valid, permitting said device to access said resource; and, if said identifier is determined to be invalid, denying said device access to said resource.
2. The method of claim 1 further comprising, if said identifier is determined to be invalid, revoking said digital certificate.
3. The method of claim 1 further comprising determining whether said certificate has been revoked, and, if said certificate has been revoked, denying said device access to said resource.
4. The method of claim 1 wherein said identifier is a gateway identifier associated with said gateway server and said determining step involves comparing said extracted identifier with a local store of said identifier.
5. The method of claim 4 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said gateway server; a hard drive identifier associated with a hard drive local to said gateway server; a unique name of said server assigned to an operating system executing on said server; a name associated with a set of gateway servers.
6. The method of claim 1 wherein said identifier is a device identifier unique to said device.
7. The method of claim 6 wherein said determining step comprises comparing said extracted identifier with a list of one or more valid device identifiers for at least one of the gateway server and the resource.
8. The method of claim 6 wherein said determining step comprises receiving a second device identifier from the device and comparing said extracted identifier with said second device identifier, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier.
9. The method of claim 8 wherein said step of receiving the digital certificate comprises receiving one or more packets from the device and the step of receiving the second device identifier comprises extracting said second device identifier from a header of at least one of the packets.
10. The method of claim 6 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said device; a hard drive identifier associated with a hard drive local to said device; a unique name of said device assigned to an operating system executing on said device.
11. The method of claim 1 wherein said certificate includes a device public encryption key associated with said device and said identifier is a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server, and wherein said determining step comprises determining a validity of said digital signature using a gateway server private encryption key, said identifier being invalid if said digital signature cannot be verified using said gateway server private encryption key.
12. The method of claim 1 wherein said identifier is at least one of: a) a gateway identifier associated with said gateway server; b) a device identifier unique to said device;
and c) a digital signature generated by signing a device public encryption key embedded in said certificate.
13. The method of claim 1 wherein said extracted identifier comprises a plurality of identifiers and wherein said determining step comprises determining if each of said plurality of identifiers is valid.
14.The method of claim 13 wherein said plurality of identifiers comprise a gateway identifier associated with said gateway server and a device identifier unique to said device.
15. The method of claim 14, wherein said step of determining if each of said plurality of identifiers is valid comprises comparing said gateway identifier with a local store of said gateway identifier; and comparing said device identifier with a list of one or more valid device identifiers for at least one of the gateway server and the resource.
16. The method of claim 14 wherein said step of determining if each of said plurality of identifiers is valid comprises comparing said gateway identifier with a local store of said gateway identifier; and receiving a second device identifier from the device and comparing said extracted device identifier with said second device identifier, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier.
17. The method of claim 14, wherein said certificate includes a device public encryption key associated with said device and said plurality of identifiers further comprise a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server; and wherein said step of determining if each of said plurality of identifiers is valid further comprises determining a validity of said digital signature using a gateway server private encryption key, said digital signature being invalid if said digital signature cannot be verified using said gateway server private encryption key.
18. The method of claim 13 wherein said certificate includes a device public encryption key associated with said device and said plurality of identifiers comprise a device identifier unique to said device and a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server; and wherein said step of determining if each of said plurality of identifiers is valid comprises determining if said device identifier is valid; and determining a validity of said digital signature using a gateway server private encryption key, said digital signature being invalid if said digital signature cannot be verified using said gateway server private encryption key.
19. The method of claim 18 wherein the step of determining if said device identifier is valid comprises comparing said device identifier with a list of one or more valid device identifiers for at least one of the gateway server and the resource.
20. The method of claim 18 wherein the step of determining if said device identifier is valid comprises receiving a second device identifier from the device and comparing said extracted device identifier with said second device identifier, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier.
21. The method of claim 1 wherein said resource is selected from the group consisting of at least one of the Internet and a local area network.
22. A gateway server comprising a first interface for connection to a local device and a second interface for connection to a resource, said server further comprising a microcomputer intermediate said interfaces, said microcomputer operable to receive a request for access to said resources from said device, said request including a certificate received from said device, said microcomputer operable to extract an identifier embedded into said certificate and further operable to permit said device to access said resource if said identifier is valid; and to deny said device access to said resource if said identifier is invalid.
23. The server of claim 22 wherein said microcomputer is further operable to revoke said certificate if said identifier is invalid.
24. The server of claim 22 wherein said microcomputer is further operable to determine whether said certificate has been revoked using a certificate revocation list and, if said certificate has been revoked, denying said device access to said resource.
25. The server of claim 22 wherein said identifier is a gateway identifier associated with said gateway server.
26. The server of claim 25 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said gateway server; a hard drive identifier associated with a hard drive local to said gateway server; a unique name of said server assigned to an operating system executing on said server; a name associated with a set of gateway servers.
27. The server of claim 22 wherein said identifier is a device identifier unique to said device.
28. The server of claim 27 wherein the microcomputer is operable to determine a validity of said device identifier using a list of one or more valid device identifiers for at least one of the gateway server and the resource, said identifier being valid if said device identifier is within the list of valid device identifiers.
29. The server of claim 27 wherein the microcomputer is operable to determine a validity of said device identifier using a second device identifier received from said device, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier.
30. The method of claim 29 wherein the microcomputer is operable to extract said second device identifier from a header of at least one packet received from said device.
31. The server of claim 27 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said device; a hard drive identifier associated with a hard drive local to said device; a unique name of said server assigned to an operating system executing on said device.
32. The server of claim 22 wherein said certificate includes a device public encryption key associated with said device and said identifier is a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server, and wherein said microcomputer is operable to determine a validity of said digital signature using a gateway server private encryption key, said identifier being invalid if said digital signature cannot be verified using said gateway server private encryption key.
33. The server of claim 22 wherein said identifier is at least one of: a) a gateway identifier associated with said gateway server; b) a device identifier unique to said device;
and c) a digital signature generated by signing a device public encryption key embedded in said certificate.
34. The server of claim 22 wherein said identifier comprises a plurality of identifiers and wherein said microcomputer is operable to permit said device to access said resource if each of said plurality of identifiers is valid.
35. The server of claim 34 wherein said plurality of identifiers comprise a gateway identifier associated with said gateway server and a device identifier unique to said device.
36. The server of claim 35 wherein said microcomputer is operable to determine a validity of said gateway identifier using a local store of said gateway identifier, said gateway identifier being valid if said gateway identifier is equivalent to said local store of said gateway identifier; and said microcomputer is operable to determine a validity of said device identifier using a list of one or more valid device identifiers for at least one of the gateway server and the resource, said device identifier being valid if said device identifier is within the list of valid device identifiers.
37. The server of claim 35 wherein said microcomputer is operable to determine a validity of said gateway identifier using a local store of said gateway identifier, said gateway identifier being valid if said gateway identifier is equivalent to said local store of said gateway identifier; and said microcomputer is operable to determine a validity of said device identifier using a second device identifier received from said device, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier.
38. The server of claim 35 wherein said certificate includes a device public encryption key associated with said device and said plurality of identifiers further comprise a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server; and wherein said microcomputer is operable to determine a validity of said digital signature using a gateway server private encryption key, said digital signature being invalid if said digital signature cannot be verified using said gateway server private encryption key.
39. The server of claim 34 wherein said certificate includes a device public encryption key associated with said device and said plurality of identifiers comprise a device identifier unique to said device and a digital signature generated by signing said device public encryption key with a gateway server public encryption key associated with said server.
40. The server of claim 39 wherein said microcomputer is operable to determine a validity of said device identifier using a list of one or more valid device identifiers for at least one of the gateway server and the resource, said device identifier being valid if said device identifier is within the list of valid device identifiers; and said microcomputer is operable to determine a validity of said digital signature using a gateway server private encryption key, said digital signature being invalid if said digital signature cannot be verified using said gateway server private encryption key.
41. The server of claim 39 wherein said microcomputer is operable to determine a validity of said device identifier using a second device identifier received from said device, said device identifier being valid if said extracted device identifier is equivalent to said second device identifier; and said microcomputer is operable to determine a validity of said digital signature using a gateway server private encryption key, said digital signature being invalid if said digital signature cannot be verified using said gateway server private encryption key.
42. The server of claim 22 wherein said resource is selected from the group consisting of at least one of the Internet and a local area network.
43. A digital certificate for use on a client device, said digital certificate including an identifier embedded therein, said identifier being extractable by a server to which said device can connect such that said server can permit or deny access to a resource connected to said server based on a validity of said identifier.
44. The certificate of claim 43 wherein said identifier is an identifier associated with said server.
45. The certificate of claim 44 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said gateway server; a hard drive identifier associated with a hard drive local to said gateway server; a unique name of said server assigned to an operating system executing on said server; a name associated with a set of gateway servers.
46. The certificate of claim 43 wherein said identifier is a device identifier unique to said device.
47.The certificate of claim 46 wherein said identifier is selected from the group consisting of a serial number associated with a central processing unit of said device; a hard drive identifier associated with a hard drive local to said device; a unique name of said server assigned to an operating system executing on said device.
48. The certificate of claim 43 wherein said certificate includes a device public encryption key associated with said device and said identifier is a digital signature generated by signing said device public encryption key with a server public encryption key associated with said server, and wherein said server is operable to determine said validity of said digital signature using a gateway server private encryption key, said identifier being invalid if said digital signature cannot be verified using said server private encryption key.
49. The certificate of claim 43 wherein said identifier is at least one identifier selected from the group consisting of: a) a gateway identifier associated with said gateway server;
b) a device identifier unique to said device; and c) a digital signature generated by signing a device public encryption key embedded in said certificate.
50. The certificate of claim 43 wherein said identifier is a plurality of identifiers selected from the group consisting of: a) a gateway identifier associated with said gateway server; b) a device identifier unique to said device; and c) a digital signature generated by signing a device public encryption key embedded in said certificate.
51. The certificate of claim 43 wherein said resource is selected from the group consisting of at least one of the Internet and a local area network.
52. A method of generating a digital certificate for use on a client device comprising:

receiving at least one unique identifier;

generating a digital certificate payload;

embedding said at least one unique identifier and said payload into a certificate.
53. The method of claim 52 wherein said unique identifier is at least one identifier selected from the group consisting of: a) a gateway identifier associated with said gateway server; b) a device identifier unique to said device; and c) a digital signature generated by signing a device public encryption key embedded in said certificate.
54. A computer readable media containing a set of programming instructions for use in a gateway server, said instructions including a method of controlling access to a resource comprising:

receiving a digital certificate from a device;

extracting an identifier embedded into said certificate;

determining if said identifier is valid;

if said identifier is determined to be valid, permitting said device to access said resource; and, if said identifier is determined to be invalid, denying said device access to said resource.
CA2578186A 2004-10-12 2004-10-12 System and method for access control Active CA2578186C (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2004/001821 WO2006039771A1 (en) 2004-10-12 2004-10-12 System and method for access control

Publications (2)

Publication Number Publication Date
CA2578186A1 true CA2578186A1 (en) 2006-04-20
CA2578186C CA2578186C (en) 2012-07-10

Family

ID=36147983

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2578186A Active CA2578186C (en) 2004-10-12 2004-10-12 System and method for access control

Country Status (3)

Country Link
US (1) US7904952B2 (en)
CA (1) CA2578186C (en)
WO (1) WO2006039771A1 (en)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4250100B2 (en) * 2004-02-23 2009-04-08 大日本印刷株式会社 Computer system
US8245280B2 (en) 2005-02-11 2012-08-14 Samsung Electronics Co., Ltd. System and method for user access control to content in a network
US20080262863A1 (en) * 2005-03-11 2008-10-23 Tracesecurity, Inc. Integrated, Rules-Based Security Compliance And Gateway System
US8452961B2 (en) * 2006-03-07 2013-05-28 Samsung Electronics Co., Ltd. Method and system for authentication between electronic devices with minimal user intervention
DE102006011402A1 (en) * 2006-03-11 2007-09-13 Bayer Innovation Gmbh Method and apparatus for safe processing of sensitive information
US8510812B2 (en) 2006-03-15 2013-08-13 Fortinet, Inc. Computerized system and method for deployment of management tunnels
US7827275B2 (en) 2006-06-08 2010-11-02 Samsung Electronics Co., Ltd. Method and system for remotely accessing devices in a network
US20070288487A1 (en) * 2006-06-08 2007-12-13 Samsung Electronics Co., Ltd. Method and system for access control to consumer electronics devices in a network
US8527770B2 (en) 2006-07-20 2013-09-03 Research In Motion Limited System and method for provisioning device certificates
US8635461B2 (en) * 2007-05-22 2014-01-21 International Business Machines Corporation Retrieval and display of encryption labels from an encryption key manager certificate ID attached to key certificate
WO2009079734A1 (en) 2007-12-20 2009-07-02 Bce Inc. Contact-less tag with signature, and applications thereof
US9479339B2 (en) * 2008-02-29 2016-10-25 Blackberry Limited Methods and apparatus for use in obtaining a digital certificate for a mobile communication device
US10015158B2 (en) * 2008-02-29 2018-07-03 Blackberry Limited Methods and apparatus for use in enabling a mobile communication device with a digital certificate
US8812701B2 (en) * 2008-05-21 2014-08-19 Uniloc Luxembourg, S.A. Device and method for secured communication
US8116749B2 (en) 2008-09-08 2012-02-14 Proctor Jr James Arthur Protocol for anonymous wireless communication
US20120102322A1 (en) 2008-12-18 2012-04-26 O'brien William G Processing of communication device signatures for use in securing nomadic electronic transactions
CA2747553C (en) 2008-12-18 2016-06-07 Sean Maclean Murray Validation method and system for use in securing nomadic electronic transactions
US9047450B2 (en) * 2009-06-19 2015-06-02 Deviceauthority, Inc. Identification of embedded system devices
US9047458B2 (en) * 2009-06-19 2015-06-02 Deviceauthority, Inc. Network access protection
US8621203B2 (en) * 2009-06-22 2013-12-31 Nokia Corporation Method and apparatus for authenticating a mobile device
US20100333213A1 (en) * 2009-06-24 2010-12-30 Craig Stephen Etchegoyen Systems and Methods for Determining Authorization to Operate Licensed Software Based on a Client Device Fingerprint
US8213907B2 (en) 2009-07-08 2012-07-03 Uniloc Luxembourg S. A. System and method for secured mobile communication
US8726407B2 (en) * 2009-10-16 2014-05-13 Deviceauthority, Inc. Authentication of computing and communications hardware
US20110093503A1 (en) * 2009-10-19 2011-04-21 Etchegoyen Craig S Computer Hardware Identity Tracking Using Characteristic Parameter-Derived Data
US9082128B2 (en) * 2009-10-19 2015-07-14 Uniloc Luxembourg S.A. System and method for tracking and scoring user activities
USRE47020E1 (en) * 2010-11-12 2018-08-28 Sony Mobile Communications Inc. Certificate based access control in open mobile alliance device management
US8739258B2 (en) * 2010-11-12 2014-05-27 Sony Corporation Certificate based access control in open mobile alliance device management
AU2011100168B4 (en) * 2011-02-09 2011-06-30 Device Authority Ltd Device-bound certificate authentication
DE102011015711A1 (en) * 2011-03-31 2012-10-04 Giesecke & Devrient Gmbh Update a disk application
AU2011101295B4 (en) 2011-06-13 2012-08-02 Device Authority Ltd Hardware identity in multi-factor authentication layer
US9270471B2 (en) * 2011-08-10 2016-02-23 Microsoft Technology Licensing, Llc Client-client-server authentication
AU2011101297B4 (en) 2011-08-15 2012-06-14 Uniloc Usa, Inc. Remote recognition of an association between remote devices
US8838982B2 (en) 2011-09-21 2014-09-16 Visa International Service Association Systems and methods to secure user identification
US9203819B2 (en) * 2012-01-18 2015-12-01 OneID Inc. Methods and systems for pairing devices
GB2500720A (en) * 2012-03-30 2013-10-02 Nec Corp Providing security information to establish secure communications over a device-to-device (D2D) communication link
JP2014174560A (en) * 2013-03-05 2014-09-22 Canon Inc Information processing device, server and control method therefor, and program and storage medium
US9143496B2 (en) 2013-03-13 2015-09-22 Uniloc Luxembourg S.A. Device authentication using device environment information
US9286466B2 (en) 2013-03-15 2016-03-15 Uniloc Luxembourg S.A. Registration and authentication of computing devices using a digital skeleton key
US9215075B1 (en) * 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US9906497B2 (en) 2014-10-06 2018-02-27 Cryptzone North America, Inc. Multi-tunneling virtual network adapter
US9148408B1 (en) 2014-10-06 2015-09-29 Cryptzone North America, Inc. Systems and methods for protecting network devices
US9866519B2 (en) 2015-10-16 2018-01-09 Cryptzone North America, Inc. Name resolving in segmented networks
US9736120B2 (en) 2015-10-16 2017-08-15 Cryptzone North America, Inc. Client network access provision by a network traffic manager
US10412048B2 (en) 2016-02-08 2019-09-10 Cryptzone North America, Inc. Protecting network devices by a firewall
US9560015B1 (en) 2016-04-12 2017-01-31 Cryptzone North America, Inc. Systems and methods for protecting network devices by a firewall
US11025428B2 (en) 2016-05-05 2021-06-01 Neustar, Inc. Systems and methods for enabling trusted communications between controllers
WO2017193093A1 (en) 2016-05-05 2017-11-09 Neustar, Inc. Systems and methods for enabling trusted communications between entities
US11108562B2 (en) 2016-05-05 2021-08-31 Neustar, Inc. Systems and methods for verifying a route taken by a communication
US10958725B2 (en) 2016-05-05 2021-03-23 Neustar, Inc. Systems and methods for distributing partial data to subnetworks
US11277439B2 (en) 2016-05-05 2022-03-15 Neustar, Inc. Systems and methods for mitigating and/or preventing distributed denial-of-service attacks
US11429762B2 (en) 2018-11-27 2022-08-30 Amazon Technologies, Inc. Simulation orchestration for training reinforcement learning models
US11836577B2 (en) 2018-11-27 2023-12-05 Amazon Technologies, Inc. Reinforcement learning model training through simulation
US11455234B2 (en) * 2018-11-21 2022-09-27 Amazon Technologies, Inc. Robotics application development architecture
US20210067554A1 (en) * 2019-09-03 2021-03-04 ITsMine Ltd. Real-time notifications on data breach detected in a computerized environment

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757924A (en) * 1995-09-18 1998-05-26 Digital Secured Networks Techolognies, Inc. Network security device which performs MAC address translation without affecting the IP address
JPH11692A (en) 1997-06-11 1999-01-06 Nippon Gesuido Jigyodan Method for operation control of oxidation ditch
US6088805A (en) * 1998-02-13 2000-07-11 International Business Machines Corporation Systems, methods and computer program products for authenticating client requests with client certificate information
US6484258B1 (en) * 1998-08-12 2002-11-19 Kyber Pass Corporation Access control using attributes contained within public key certificates
JP2000136224A (en) 1998-08-27 2000-05-16 Bridgestone Corp Rigid polyurethane foam
JP2000201143A (en) 1999-01-05 2000-07-18 Nec Corp Terminal certification device
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US6772331B1 (en) * 1999-05-21 2004-08-03 International Business Machines Corporation Method and apparatus for exclusively pairing wireless devices
US6826690B1 (en) 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
US6636975B1 (en) * 1999-12-15 2003-10-21 Identix Incorporated Accessing a secure resource using certificates bound with authentication information
US6772340B1 (en) * 2000-01-14 2004-08-03 Microsoft Corporation Digital rights management system operating on computing device and having black box tied to computing device
JP3945963B2 (en) 2000-05-09 2007-07-18 株式会社リコー Access point device
US6854056B1 (en) * 2000-09-21 2005-02-08 International Business Machines Corporation Method and system for coupling an X.509 digital certificate with a host identity
US6789193B1 (en) * 2000-10-27 2004-09-07 Pitney Bowes Inc. Method and system for authenticating a network user
US20020136226A1 (en) * 2001-03-26 2002-09-26 Bluesocket, Inc. Methods and systems for enabling seamless roaming of mobile devices among wireless networks
JP3702812B2 (en) * 2001-06-25 2005-10-05 日本電気株式会社 Authentication method and authentication apparatus in wireless LAN system
US7310821B2 (en) * 2001-08-27 2007-12-18 Dphi Acquisitions, Inc. Host certification method and system
JP2003178022A (en) * 2001-09-14 2003-06-27 Sony Computer Entertainment Inc Identification information issuing apparatus and method therefor, storage medium with identification information issuing program stored therein, identification information issuing program, information processing device and method therefor, storage medium with information processing program stored therein, and information processing program
AU2002343424A1 (en) * 2001-09-28 2003-04-14 Bluesocket, Inc. Method and system for managing data traffic in wireless networks
KR100883648B1 (en) * 2002-03-16 2009-02-18 삼성전자주식회사 Method of access control in wireless environment and recording medium in which the method is recorded
US20030217263A1 (en) * 2002-03-21 2003-11-20 Tsutomu Sakai System and method for secure real-time digital transmission
GB2388498B (en) 2002-05-07 2005-10-19 Nokia Corp Method and apparatus for ensuring address information of a wireless terminal device in communications network
US20030233580A1 (en) * 2002-05-29 2003-12-18 Keeler James D. Authorization and authentication of user access to a distributed network communication system with roaming features
US20040030887A1 (en) * 2002-08-07 2004-02-12 Harrisville-Wolff Carol L. System and method for providing secure communications between clients and service providers
US20060005237A1 (en) * 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
JP2004272792A (en) * 2003-03-11 2004-09-30 Toshiba Corp Method for controlling network access, information providing device, and apparatus for issuing certificate

Also Published As

Publication number Publication date
WO2006039771A1 (en) 2006-04-20
CA2578186C (en) 2012-07-10
US7904952B2 (en) 2011-03-08
US20060080534A1 (en) 2006-04-13

Similar Documents

Publication Publication Date Title
CA2578186A1 (en) System and method for access control
JP5889988B2 (en) HTTP-based authentication
US8024488B2 (en) Methods and apparatus to validate configuration of computerized devices
US8966263B2 (en) System and method of network equipment remote access authentication in a communications network
US9237021B2 (en) Certificate grant list at network device
US8800013B2 (en) Devolved authentication
CN101741860B (en) Computer remote security control method
CN106921663B (en) Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal
JP2009538478A5 (en)
CN101534192B (en) System used for providing cross-domain token and method thereof
JP2005085102A (en) Guarantee system
EP2404427B1 (en) Method and apparatus for securing network communications
WO2010108354A1 (en) Method and system for accessing web service safely
CN108173827B (en) Block chain thinking-based distributed SDN control plane security authentication method
CN102271136A (en) Access control method and equipment under NAT (Network Address Translation) network environment
US20150281211A1 (en) Network security
CN1725687A (en) Security identification method
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN114070559A (en) Industrial Internet of things session key negotiation method based on multiple factors
CN110891067B (en) Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system
US10298588B2 (en) Secure communication system and method
CN110771087A (en) Private key update
CN1595897A (en) Method and system for unified process of domain authentication and user network authority control
CN102739613A (en) Dynamic pathway method of crossing firewall and system thereof
KR102162108B1 (en) Lw_pki system for nfv environment and communication method using the same

Legal Events

Date Code Title Description
EEER Examination request