System for discovering SSL-enabled network devices and certificates

US 20050076201A1
Filed: 08/13/2004
Published: 04/07/2005
Est. Priority Date: 08/15/2003
Status: Abandoned Application

First Claim

Patent Images

1. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:

a processor;

a network interface connectible to a data communications network, said network interface further controllable by said processor;

a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;

instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;

(i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (v) storing created certificate records.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.

50 Citations

View as Search Results

16 Claims

1. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, (iii) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (iv) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (v) storing created certificate records.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A system according to claim 1, wherein said contacting includes probing IP port 443 using a secure sockets layer protocol.
  - 3. A system according to claim 1, wherein said contacting includes probing IP port 80.
  - 4. A system according to claim 1, wherein said contacting includes searching for certificates on network mountable filesystems.
  - 5. A system according to claim 1, wherein said contacting includes executing a search command for certificates in a shell interface.
  - 6. A system according to claim 1, wherein said instructions are further executable to parse found certificates for dates of validity.
  - 7. A system according to claim 1, wherein said instructions are further executable to parse found certificates for issuing certificate authorities.
  - 8. A system according to claim 1, wherein said storing stores certificate records to a database.
  - 9. A system according to claim 8, wherein said instructions are further executable to merge created certificate records with a database produced from earlier discovery activity.
  - 10. A system according to claim 1, wherein said instructions are further executable to identify the type of servers located to the network devices.
  - 11. A system according to claim 10, wherein said instructions are further executable to store server types to a database.

12. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including probing of IP port 443 using a secure sockets layer protocol, (iii) for network devices having servers installed thereto, attempting to identify the type of server for each, (iv) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (v) for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, (vi) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (vii) storing created certificate records to a database.
- View Dependent Claims (13, 14, 15)
- - 13. A system according to claim 12, wherein said instructions are further executable to parse found certificates for issuing certificate authorities.
  - 14. A system according to claim 12, wherein said instructions are further executable to merge created certificate records with a database produced from earlier discovery activity.
  - 15. A system according to claim 12, wherein said instructions are further executable to store server types to a database.

16. A certificate discovery system for discovering digital certificates installed to servers on a network, comprising:
- a processor;
  
  a network interface connectible to a data communications network, said network interface further controllable by said processor;
  
  a storage device group readable by said processor, said storage device group containing at least one storage device operable to contain operating system files and applications;
  
  instructions stored to said storage device group, said instructions being further executable by said processor to achieve the functions of;
  
  (i) receiving an address range corresponding to a network or network portion to be scanned, (ii) contacting network devices within the received address range, said contacting further intended to initiate the transmission of a digital certificate from each of the contacted network devices to said certificate discovery system, said contacting including attempting to access the filesystems of the network devices to search for certificates installed thereto, (iii) for network devices having servers installed thereto, attempting to identify the type of server for each, (iv) for each contacted network device transmitting a digital certificate, receiving the digital certificate, (v) for each received digital certificate, parsing the certificates to retrieve beginning and ending dates of validity, (vi) for each received digital certificate, creating a certificate record containing a certificate identification, wherein the certificate identification contains sufficient information to identify the received digital certificate and the network device from where it was transmitted, and (vii) storing created certificate records to a database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imcentric Incorporated, Venafi,Inc.
Original Assignee
Imcentric Incorporated
Inventors
Thornton, Russell S., Seegmiller, Jayson, Hodson, Benjamin, Weight, Richard

Application Number

US10/917,962
Publication Number

US 20050076201A1
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

System for discovering SSL-enabled network devices and certificates

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System for discovering SSL-enabled network devices and certificates

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links