Patent · US Active

System and method for validating SCEP certificate enrollment requests

US8832432B2 · kind B2 · utility

3Cited by

2References

24Claims

0Family size

Assignee

Certified Security Solutions, Inc. · US

Inventors

Gary A. Galehouse · Cuyahoga Falls, US
Wayne Harris · Gilbert, US
Edward R. Shorter · Munroe Falls, US
Kevin M. Tambascio · Lyndhurst, US

Key dates

Filing date	Aug 13, 2013
Grant date	Sep 9, 2014
Priority date	—
Expiry date	Aug 13, 2033

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/205
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.