Secure communications improvements
First Claim
Patent Images
1. An apparatus comprising:
- a memory;
a security agent, at least a portion of which is to be implemented in a hardware processor, to extract and examine a certificate, wherein the certificate is used in authentication of a first secure communication channel with a domain,wherein the security agent stores in a non-transitory computer readable medium a relationship indicator between the domain and the certificate based on the detection of a pinning indicator within the extracted and examined certificate used in authentication of the first secure communication channel, wherein the detection of the pinning indicator comprises comparing the value of a field of the certificate with a predetermined value, and wherein data to be communicated over a second secure communication channel with the domain is secured via Secure Socket Layer (SSL) or Transport Layer Security (TLS) based on the stored relationship indicator between the domain and the certificate; and
wherein the relationship indicator comprises a pin in the certificate which records the domain, the certificate, and pin information into the memory for either the security agent or a web browser to enforce the pin.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus related to improving secure communications are described. In an embodiment, a security agent pins a domain to a certificate. The certificate is used in authenticating the domain, and the existence of a pinning indicator within the certificate is used in authenticating the domain. Once the security agent pins the domain to a certificate, a relationship between the domain and the certificate used in authenticating the domain is stored. Other embodiments are also disclosed and claimed.
-
Citations
21 Claims
-
1. An apparatus comprising:
-
a memory; a security agent, at least a portion of which is to be implemented in a hardware processor, to extract and examine a certificate, wherein the certificate is used in authentication of a first secure communication channel with a domain, wherein the security agent stores in a non-transitory computer readable medium a relationship indicator between the domain and the certificate based on the detection of a pinning indicator within the extracted and examined certificate used in authentication of the first secure communication channel, wherein the detection of the pinning indicator comprises comparing the value of a field of the certificate with a predetermined value, and wherein data to be communicated over a second secure communication channel with the domain is secured via Secure Socket Layer (SSL) or Transport Layer Security (TLS) based on the stored relationship indicator between the domain and the certificate; and wherein the relationship indicator comprises a pin in the certificate which records the domain, the certificate, and pin information into the memory for either the security agent or a web browser to enforce the pin. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method to improve secure communications comprising:
-
securing a first secure communication channel using one or more digital certificates; extracting a certificate from the one or more digital certificates used to secure the first communication channel; determining whether a pinning indicator is present within the extracted certificate by comparing a value of a field from the certificate with a predetermined value; pinning a domain to the extracted certificate based on the determination of whether the pinning indicator is present, wherein pinning the domain involves storing a relationship between the domain and the extracted certificate used to secure the first secure communication channel; and securing a second secure communication channel based on the stored relationship between the domain and the extracted certificate used to secure the first secure communication channel, wherein data communicated over the second secure communication channel is secured via Secure Socket Layer (SSL) or Transport Layer Security (TLS); and wherein the relationship indicator comprises a pin in the certificate which records the domain, the certificate, and pin information into the memory for either the security agent or a web browser to enforce the pin. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising instructions, that when executed, perform:
-
examining certificate issuer information of a certificate, wherein the certificate is used in authentication of a first secure communication channel with a domain; determining without an indication from the domain, whether to add a pin a-for the domain to the certificate based on the certificate issuer information of the certificate used to authenticate the domain; and based on the determination whether to add a pin for the domain to the certificate, adding a pin for the domain to the certificate, wherein adding a pin for the domain to the certificate comprises adding a relationship between the domain and the certificate to an existing set of relationships between domains and certificates; securing a second secure communication channel based on the stored relationship between the domain and the extracted certificate used to secure the first secure communication channel, wherein data communicated over the second secure communication channel is secured via Secure Socket Layer (SSL) or Transport Layer Security (TLS); and wherein the relationship indicator comprises a pin in the certificate which records the domain, the certificate, and pin information into the memory for either the security agent or a web browser to enforce the pin. - View Dependent Claims (18, 19, 20, 21)
-
Specification