System and method for validating SCEP certificate enrollment requests

A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component verifies whether a certificate request is legitimate by...

Full description

Saved in:
Bibliographic Details
Main Authors SHORTER EDWARD R, GALEHOUSE GARY A, HARRIS WAYNE A, TAMBASCIO KEVIN M
Format Patent
LanguageChinese
English
Published 02.03.2016
Subjects
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
WIRELESS COMMUNICATIONS NETWORKS
Online AccessGet full text

Cover

More Information
Summary:A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component verifies whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method address a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
Bibliography:Application Number: CN201380075367