System for discovering SSL-enabled network devices and certificates
First Claim
Patent Images
1. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
- a processor;
a network interface connectible to a data communications network, said network interface further controllable by said processor;
a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (v) storing created certificate records.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
-
Citations
16 Claims
-
1. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
-
a processor;
a network interface connectible to a data communications network, said network interface further controllable by said processor;
a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (v) storing created certificate records. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
-
a processor;
a network interface connectible to a data communications network, said network interface further controllable by said processor;
a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including probing of IP port 443 using a secure sockets layer protocol, (iii) for network devices having servers installed thereto, attempting to identify the type of server for each, (iv) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (v) for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, (vi) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (vii) storing created certificate records to a database. - View Dependent Claims (13, 14, 15)
-
-
16. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
-
a processor;
a network interface connectible to a data communications network, said network interface further controllable by said processor;
a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including attempting to access the filesystems of the network devices to search for certificates installed thereto, (iii) for network devices having servers installed thereto, attempting to identify the type of server for each, (iv) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (v) for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, (vi) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (vii) storing created certificate records to a database.
-
Specification