System and method for dynamically determining CRL locations and access methods

US 20020178361A1
Filed: 05/24/2001
Published: 11/28/2002
Est. Priority Date: 05/24/2001
Status: Active Grant

First Claim

Patent Images

1. A method of retrieving CRL information, said method comprising:

receiving a list of one or more servers where the CRL information is stored, the servers each having an identifier;

determining which of the servers to contact based on the identifier; and

selecting an access method to use to retrieve the CRL information based on the determined server identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for dynamically determining a CRL location and protocol. CRL location names and protocols are retrieved from a digital certificate data structure which includes a network servers that contain the CRL file. A determination is made as to whether any of the servers reside in the current domain, in which case the server is used because the data is more secure. If no locations are within the current domain, Internet servers outside the current domain are analyzed. Security parameters may be established that restrict which Internet servers can be used to retrieve the data. The security parameters may also include which access methods may be used to retrieve data since some access methods provide greater security than other access methods. A security parameter may also be based upon both the access method and the name, or address, of the Internet server.

Citations

20 Claims

1. A method of retrieving CRL information, said method comprising:
- receiving a list of one or more servers where the CRL information is stored, the servers each having an identifier;
  
  determining which of the servers to contact based on the identifier; and
  
  selecting an access method to use to retrieve the CRL information based on the determined server identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the access methods are selected from a group consisting of FTP, LDAP, and HTTP.
  - 3. The method as described in claim 1 wherein the list of servers is retrieved from a digital certificate corresponding to a remote computer system.
  - 4. The method as described in claim 1 wherein the determining further includes:
    - comparing the identifiers corresponding to the servers with a current domain address; and
      
      selecting one of the servers in response to the server'"'"'s identifier matching the current domain address.
  - 5. The method as described in claim 4 further comprising:
    - selecting a fast access method in response to selecting the server with the identifier matching the current domain address.
  - 6. The method as described in claim 4 further comprising:
    - selecting one of the servers in response to the comparing not finding any server identifiers matching the current domain address; and
      
      selecting a secure access method in response to the comparing not finding any server identifiers matching the current domain address.
  - 7. The method as described in claim 1 further comprising retrieving the CRL information from the determined server using the selected access method.

8. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  a nonvolatile storage accessible by the processors;
  
  a network interface connecting the information handling system to a computer network; and
  
  a CRL retrieval tool for retrieving CRL information, the CRL retrieval tool including;
  
  means for receiving a list of one or more servers where the CRL information is stored, the servers each having an identifier;
  
  means for determining which of the servers to contact based on the identifier; and
  
  means for selecting an access method to use to retrieve the CRL information based on the determined server identifier.
- View Dependent Claims (9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20)
- - 9. The information handling system as described in claim 8 wherein the access methods are selected from a group consisting of FTP, LDAP, and HTTP.
  - 10. The information handling system as described in claim 8 wherein the means for determining further includes:
    - means for comparing the identifiers corresponding to the servers with a current domain address; and
      
      means for selecting one of the servers in response to the server'"'"'s identifier matching the current domain address.
  - 11. The information handling system as described in claim 10 further comprising:
    - means for selecting a fast access method in response to selecting the server with the identifier matching the current domain address.
  - 12. The information handling system as described in claim 10 further comprising:
    - means for selecting one of the servers in response to the comparing not finding any server identifiers matching the current domain address; and
      
      means for selecting a secure access method in response to the comparing not finding any server identifiers matching the current domain address.
  - 13. The information handling system as described in claim 8 further comprising means for retrieving the CRL information from the determined server using the selected access method.
  - 15. The computer program product as described in claim 14 wherein the access methods are selected from a group consisting of FTP, LDAP, and HTTP.
  - 16. The computer program product as described in claim 14 wherein the list of servers is retrieved from a digital certificate corresponding to a remote computer system.
  - 17. The computer program product as described in claim 14 wherein the means for determining further includes:
    - means for comparing the identifiers corresponding to the servers with a current domain address; and
      
      means for selecting one of the servers in response to the server'"'"'s identifier matching the current domain address.
  - 18. The computer program product as described in claim 17 further comprising:
    - means for selecting a fast access method in response to selecting the server with the identifier matching the current domain address.
  - 19. The computer program product as described in claim 17 further comprising:
    - means for selecting one of the servers in response to the comparing not finding any server identifiers matching the current domain address; and
      
      means for selecting a secure access method in response to the comparing not finding any server identifiers matching the current domain address.
  - 20. The computer program product as described in claim 14 further comprising means for retrieving the CRL information from the determined server using the selected access method.

14. A computer program product stored on a computer operable medium for retrieving CRL information, said computer program product comprising:
- means for receiving a list of one or more servers where the CRL information is stored, the servers each having an identifier;
  
  means for determining which of the servers to contact based on the identifier; and
  
  means for selecting an access method to use to retrieve the CRL information based on the determined server identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Genty, Denise Marie, Venkataraman, Guha Prasad, Wilson, Jacqueline Hegedus

Granted Patent

US 7,003,662 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06Q 20/0855   involving a third party

G06Q 50/188   Electronic negotiation

H04L 63/0272   Virtual private networks

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

System and method for dynamically determining CRL locations and access methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for dynamically determining CRL locations and access methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links