Providing quality of service for certificate management systems

US 10,439,825 B1
Filed: 11/13/2018
Issued: 10/08/2019
Est. Priority Date: 11/13/2018
Status: Active Grant

First Claim

Patent Images

1. A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service, wherein the system comprises:

a public application programming interface (API) operable to receive certificate requests from a plurality of clients, each certificate request indicating;

a number of computerized devices needing certificates;

a timestamp indicating when the certificate request was transmitted; and

a client identifier that specifies a client requesting the certificates;

a QoS manager operable to;

distribute the certificate requests from the plurality of clients across a plurality of client queues, each of the plurality of client queues corresponding to a particular client requesting certificates; and

divide a client'"'"'s certificate request in a client queue into subgroups of one or more entries, each of the one or more entries having a group size corresponding to a subset of the number of computerized devices needing certificates; and

a QoS arbiter operable to select a sequence of entries from the plurality of client queues to be placed onto a QoS queue based at least in part on a number of entries in the QoS queue, a latency level of the certificate management service, and respective timestamps indicating when the certificate requests were transmitted,wherein the QoS manager is operable to retrieve entries from the QoS queue in the sequence selected by the QoS arbiter and transmit, via an internal registration authority API of the certificate management service, the retrieved entries to the certificate management service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example system receives certificate requests from clients. Each request indicates: a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. It also includes a QoS arbiter that selects a sequence of entries from the client queues to be placed onto a QoS queue based on a number of entries in the QoS queue, a latency level of a certificate management service, and timestamps indicating when requests were transmitted, where the QoS manager retrieves entries from the QoS queue in the sequence selected by the QoS arbiter and transmits them to the certificate management service.

Citations

20 Claims

1. A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service, wherein the system comprises:
- a public application programming interface (API) operable to receive certificate requests from a plurality of clients, each certificate request indicating;
  
  a number of computerized devices needing certificates;
  
  a timestamp indicating when the certificate request was transmitted; and
  
  a client identifier that specifies a client requesting the certificates;
  
  a QoS manager operable to;
  
  distribute the certificate requests from the plurality of clients across a plurality of client queues, each of the plurality of client queues corresponding to a particular client requesting certificates; and
  
  divide a client'"'"'s certificate request in a client queue into subgroups of one or more entries, each of the one or more entries having a group size corresponding to a subset of the number of computerized devices needing certificates; and
  
  a QoS arbiter operable to select a sequence of entries from the plurality of client queues to be placed onto a QoS queue based at least in part on a number of entries in the QoS queue, a latency level of the certificate management service, and respective timestamps indicating when the certificate requests were transmitted,wherein the QoS manager is operable to retrieve entries from the QoS queue in the sequence selected by the QoS arbiter and transmit, via an internal registration authority API of the certificate management service, the retrieved entries to the certificate management service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the group size is a tunable numeric value with a default value of 1.
  - 3. The system of claim 1, wherein the computerized devices needing certificates correspond to one or more of an On Board Unit (OBU), an Electronic Control Unit (ECU), and a Road-Side Unit (RSU).
  - 4. The system of claim 3, wherein:
    - an OBU is operable to be installed in one or more of a vehicle, a watercraft, an aircraft, a spacecraft, a medical device, a robot, a drone, a wireless communication module, a wired communication module, and an Internet of Things (IoT) device;
      
      an ECU is operable to be installed in one or more of a vehicle, a boat, an aircraft, a spacecraft, a medical device, a robot, a drone, a wireless communication module, a wired communication module, and an IoT device; and
      
      an RSU is operable to be installed in one or more of a traffic control device, a wireless communication module, a digital billboard, and an electronic sign.
  - 5. The system of claim 1, wherein the plurality of clients include at least one distributor appliance or server that is operable to act as a proxy between the certificate management service and at least one computerized device needing certificates.
  - 6. The system of claim 1, wherein each certificate request further indicates a client priority level of a client submitting the request, and wherein the QoS arbiter is further operable to select the sequence of entries from the plurality of client queues to be placed onto the QoS queue based at least in part on a respective client priority level indicated in a certificate request.
  - 7. The system of claim 6, wherein a client priority level for a client is based on a service tier associated with the client, and wherein a service tier corresponds to one of a plurality of tiers ranging from a lowest service level to a highest service level.
  - 8. The system of claim 6, wherein the QoS arbiter is further operable to dynamically re-order the sequence of entries placed onto the QoS queue based at least in part on respective client priority levels indicated in additional certificate requests received from additional clients.
  - 9. The system of claim 1, wherein each certificate request further indicates a request urgency level associated with the request, and wherein the QoS arbiter is operable to select the sequence of entries from the plurality of client queues to be placed onto the QoS queue based at least in part on a respective request urgency level indicated in a certificate request.
  - 10. The system of claim 9, wherein a request urgency level for a certificate request is designated by a client submitting the certificate request, and wherein a request urgency level corresponds to one of a plurality of levels ranging from a lowest urgency option to a highest urgency option.
  - 11. The system of claim 1, wherein the QoS arbiter is operable to select the sequence of entries from the plurality of client queues to be placed onto the QoS queue using a round robin technique.
  - 12. The system of claim 1, wherein the QoS arbiter is operable to select the sequence of entries from the plurality of client queues to be placed onto the QoS queue based on a dynamic priority assigned to each of the client queues, and wherein the respective, dynamic priority assigned to each of the client queues is assigned by the QoS arbiter based at least in part on a number of entries in each of the client queues.
  - 13. The system of claim 1, wherein the certificate requests from the plurality of clients include requests for enrollment certificates, and wherein the public API is further operable to:
    - transmit, on behalf of the certificate management service, via the communications network, to the plurality of clients, enrollment certificates generated by an enrollment certificate authority of the certificate management service.
  - 14. The system of claim 13, wherein:
    - the certificate requests further include requests for pseudonym certificates;
      
      the public API is further operable to transmit, on behalf of the certificate management service, via the communications network, to the plurality of clients, pseudonym certificates generated by a pseudonym certificate authority of the certificate management service;
      
      the plurality of clients include at least one distributor appliance that is operable to act as a proxy between the certificate management service and at least one computerized device needing certificates; and
      
      the at least one computerized device is operable to retrieve certificates from the distributor appliance.
  - 15. The system of claim 14, wherein an enrollment certificate is a public key certificate identifying a holder of the public key certificate as an authorized participant in an ecosystem including a plurality of computerized devices, and wherein each authorized participant in the ecosystem is able to receive one or more pseudonym certificates that enable communications with the plurality of computerized devices.
  - 16. The system of claim 1, wherein the QoS arbiter is further operable to dynamically re-order the sequence of entries placed onto the QoS queue based at least in part on additional certificate requests received from additional clients.

17. A computer implemented method for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service, the method comprising:
- receiving, via a public application programming interface (API), certificate requests from a plurality of clients, each certificate request indicating;
  
  a number of computerized devices needing certificates;
  
  a timestamp indicating when the certificate request was transmitted; and
  
  a client identifier that specifies a client requesting the certificates;
  
  distributing, by a QoS manager, the certificate requests from the plurality of clients across a plurality of client queues, each of the plurality of client queues corresponding to a particular client requesting certificates; and
  
  dividing, by the QoS manager, a client'"'"'s requests into subgroups of one or more entries, each of the one or more entries corresponding to a subset of the number of computerized devices needing certificates;
  
  selecting, by a QoS arbiter, a sequence of entries from the plurality of client queues to be placed onto a QoS queue based at least in part on a number of entries in the QoS queue, a latency level of the certificate management service, and respective timestamps indicating when the certificate requests were transmitted;
  
  retrieving, by the QoS manager, entries from the QoS queue in the sequence selected by the QoS arbiter; and
  
  transmitting, via an internal registration authority API of the certificate management service, the retrieved entries to the certificate management service.
- View Dependent Claims (18, 19, 20)
- - 18. The computer implemented method of claim 17, wherein selecting the sequence of entries from the plurality of client queues to be placed onto the QoS queue comprises using a round robin technique.
  - 19. The computer implemented method of claim 17, wherein selecting the sequence of entries from the plurality of client queues to be placed onto the QoS queue is based on a dynamic priority assigned to each of the client queues, and wherein the respective, dynamic priority assigned to each of the client queues is assigned by the QoS arbiter based at least in part on a number of entries in each of the client queues.
  - 20. The computer implemented method of claim 17, wherein the plurality of clients include at least one distributor appliance or server that is operable to act as a proxy between the certificate management service and at least one computerized device needing certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Integrity Security Services, LLC
Original Assignee
Integrity Security Services, Inc. (Green Hills Software Incorporated)
Inventors
Meyer, Alan T., Fynaardt, Daniel R.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US16/189,895
Time in Patent Office

329 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 9/088   Usage controlling of secret...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

Providing quality of service for certificate management systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing quality of service for certificate management systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links