Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020123959 - SECURE IDS CERTIFICATE VERIFICATION FOR A PRIMARY PLATFORM

Publication Number WO/2020/123959
Publication Date 18.06.2020
International Application No. PCT/US2019/066257
International Filing Date 13.12.2019
IPC
G06F 21/64 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
64Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 9/14 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
14using a plurality of keys or algorithms
CPC
G06F 21/33
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
33using certificates
G06F 21/44
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
G06F 21/445
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
445by mutual authentication, e.g. between devices or programs
G06F 21/645
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
64Protecting data integrity, e.g. using checksums, certificates or signatures
645using a third party
G06F 2221/2151
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
2151Time stamp
H04L 9/006
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
006involving public key infrastructure [PKI] trust models
Applicants
  • IOT AND M2M TECHNOLOGIES, LLC [US]/[US]
Inventors
  • NIX, John, A.
Agents
  • THOMSON, Kirsten, L.
Priority Data
62/779,79114.12.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) SECURE IDS CERTIFICATE VERIFICATION FOR A PRIMARY PLATFORM
(FR) VÉRIFICATION DE CERTIFICAT D'ID SÉCURISÉE POUR UNE PLATEFORME PRIMAIRE
Abstract
(EN)
A tamper resistant element (TRE) in a device can operate a primary platform and support a "Smart Secure Platform". The TRE may not keep time when electrical power is removed from the TRE. The device can receive (i) a certificate for an image delivery server (IDS) with a first timestamp and (ii) a signed second timestamp from a certificate authority, comprising a signature according to the Online Certificate Status Protocol (OCSP) with stapling. The device can forward the certificate and second timestamp to the TRE. The device can receive a ciphertext and an encrypted image from the IDS, where the ciphertext includes a third timestamp from a Time Stamp Authority (TSA), and forward the data to the TRE. The TRE can conduct a key exchange to decrypt the ciphertext. The TRE can compare the second and third timestamps to verify the certificate has not been revoked.
(FR)
Un élément inviolable (TRE) dans un dispositif peut faire fonctionner une plateforme primaire et mettre en œuvre une « plateforme sécurisée intelligente ». Le TRE peut ne pas garder le rythme lorsque le courant électrique est retiré du TRE. Le dispositif peut recevoir (i) un certificat pour un serveur de distribution d'image (IDS) avec une première estampille temporelle et (ii) une seconde estampille temporelle signée en provenance d'une autorité de certification, comprenant une signature selon le protocole d'état de certificat en ligne (OCSP) avec agrafage. Le dispositif peut transmettre le certificat et la seconde estampille temporelle au TRE. Le dispositif peut recevoir un texte chiffré et une image cryptée en provenance de l'IDS, le texte chiffré comprenant une troisième estampille temporelle en provenance d'une autorité d'horodatage (TSA), et transmettre les données au TRE. Le TRE peut effectuer un échange de clé pour décrypter le texte chiffré. Le TRE peut comparer les deuxième et troisième estampilles temporelles pour vérifier que le certificat n'a pas été révoqué.
Latest bibliographic data on file with the International Bureau