METHODS FOR INSPECTING SECURITY CERTIFICATES BY NETWORK SECURITY DEVICES TO DETECT AND PREVENT THE USE OF INVALID CERTIFICATES
First Claim
1. A method for inspecting security certificates, the method comprising the steps of:
- (a) scanning, by a network security device, messages of a security protocol between a server and a client system, by steps including;
(i) scanning said messages for an object ID (OID) of a compromised cryptographic hash function, and(ii) scanning said messages for an OID of a certificate extension;
(b) detecting said messages having a security certificate;
(c) detecting suspicious security certificates from said messages; and
(d) aborting particular sessions of said security protocol associated with said suspicious security certificates.
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting a use of an invalid cryptographic algorithm for the certificates.
-
Citations
18 Claims
-
1. A method for inspecting security certificates, the method comprising the steps of:
-
(a) scanning, by a network security device, messages of a security protocol between a server and a client system, by steps including; (i) scanning said messages for an object ID (OID) of a compromised cryptographic hash function, and (ii) scanning said messages for an OID of a certificate extension; (b) detecting said messages having a security certificate; (c) detecting suspicious security certificates from said messages; and (d) aborting particular sessions of said security protocol associated with said suspicious security certificates. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
-
(a) program code for scanning, by a network security device, messages of a security protocol between a server and a client system, wherein said program code for scanning includes; (i) program code for scanning said messages for an object ID (OID) of a compromised cryptographic hash function, and (ii) program code for scanning said messages for an OID of a certificate extension; (b) program code for detecting said messages having a security certificate; (c) program code for detecting suspicious security certificates from said messages; and (d) program code for aborting particular sessions of said security protocol associated with said suspicious security certificates. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification