Method for discovering digital certificates in a network

US 20050076200A1
Filed: 08/13/2004
Published: 04/07/2005
Est. Priority Date: 08/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for discovering digital certificates to servers on a network, said method comprising the steps of:

receiving an address range corresponding to a network or network portion to be scanned, contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, for each contacted network device transmitting a digital certificate, receiving the digital certificate, for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and storing created certificate records.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

Citations

16 Claims

1. A method for discovering digital certificates to servers on a network, said method comprising the steps of:
- receiving an address range corresponding to a network or network portion to be scanned, contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, for each contacted network device transmitting a digital certificate, receiving the digital certificate, for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and storing created certificate records.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein said contacting includes probing IP port 443 using a secure sockets layer protocol.
  - 3. A method according to claim 1, wherein said contacting includes probing IP port 80.
  - 4. A method according to claim 1, wherein said contacting includes searching for certificates on network mountable filesystems.
  - 5. A method according to claim 1, wherein said contacting includes executing a search command for certificates in a shell interface.
  - 6. A method according to claim 1, further comprising the step of parsing found certificates for dates of validity.
  - 7. A method according to claim 1, further comprising the step of parsing found certificates for issuing certificate authorities.
  - 8. A method according to claim 1, wherein said storing stores certificate records to a database.
  - 9. A method according to claim 8, further comprising the step of merging created certificate records with a database produced from earlier discovery activity.
  - 10. A method according to claim 1, further comprising the step of identifying the type of servers located to the network devices.
  - 11. A method according to claim 10, further comprising the step of storing server types to a database.

12. A method for discovering digital certificates to servers on a network, said method comprising the steps of:
- receiving an address range corresponding to a network or network portion to be scanned, contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including probing of IP port 443 using a secure sockets layer protocol, for network devices having servers installed thereto, attempting to identify the type of server for each, for each contacted network device transmitting a digital certificate, receiving the digital certificate, for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and storing created certificate records to a database.
- View Dependent Claims (13, 14, 15)
- - 13. A method according to claim 12, further comprising the step of parsing found certificates for issuing certificate authorities.
  - 14. A method according to claim 12, further comprising the step of merging created certificate records with a database produced from earlier discovery activity.
  - 15. A method according to claim 12, further comprising the step of storing server types to a database.

16. A method for discovering digital certificates to servers on a network, said method comprising the steps of:
- receiving an address range corresponding to a network or network portion to be scanned, contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including attempting to access the filesystems of the network devices to search for certificates installed thereto, for network devices having servers installed thereto, attempting to identify the type of server for each, for each contacted network device transmitting a digital certificate, receiving the digital certificate, for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and storing created certificate records to a database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imcentric Incorporated, Venafi,Inc.
Original Assignee
Imcentric Incorporated
Inventors
Thornton, Russell S., Seegmiller, Jayson, Hodson, Benjamin, Weight, Richard

Application Number

US10/917,961
Publication Number

US 20050076200A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

Method for discovering digital certificates in a network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method for discovering digital certificates in a network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links