Patents Assigned to Certified Security Solutions, Inc.
  • System and Method for Validating SCEP Certificate Enrollment Requests
    Publication number: 20140337618
    Abstract: A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
    Type: Application
    Filed: July 28, 2014
    Publication date: November 13, 2014
    Applicant: Certified Security Solutions, Inc.
    Inventors: Gary A. Galehouse, Wayne A. Harris, Edward R. Shorter, Kevin M. Tambascio
  • System and method for validating SCEP certificate enrollment requests
    Patent number: 8832432
    Abstract: A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
    Type: Grant
    Filed: August 13, 2013
    Date of Patent: September 9, 2014
    Assignee: Certified Security Solutions, Inc.
    Inventors: Gary A. Galehouse, Wayne A. Harris, Edward R. Shorter, Kevin M. Tambascio
  • System and method for validating SCEP certificate enrollment requests
    Patent number: 8745378
    Abstract: A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
    Type: Grant
    Filed: February 8, 2013
    Date of Patent: June 3, 2014
    Assignee: Certified Security Solutions, Inc.
    Inventors: Gary A. Galehouse, Wayne A. Harris, Edward R. Shorter, Kevin M. Tambascio
  • SYSTEM AND METHOD FOR VALIDATING SCEP CERTIFICATE ENROLLMENT REQUESTS
    Publication number: 20130332726
    Abstract: A system and method for validating SCEP certificate enrollment that enforces the pairing of a SCEP challenge password and a set of expected certificate request content. A SCEP Validation Service or software residing in another system component whether a certificate request is legitimate by comparing it to registered SCEP challenges and associated expected certificate request content. This system and method addresses a privilege-escalation vulnerability in prior SCEP-based systems that could lead to a practical attack.
    Type: Application
    Filed: August 13, 2013
    Publication date: December 12, 2013
    Applicant: Certified Security Solutions, Inc.
    Inventors: Gary A. Galehouse, Wayne A. Harris, Edward R. Shorter, Kevin M. Tambascio