MANAGEMENT OF SSL CERTIFICATE ESCROW

US 20120170753A1
Filed: 12/30/2010
Published: 07/05/2012
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of securely providing a private key escrow service, comprising:

providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key;

receiving the encrypted copy of the private key from the private key holder via the secure upload webpage;

storing the encrypted copy of the private key in memory;

providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key;

receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and

decrypting the private key in response to the instruction to decrypt the private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing a secure SSL certificate escrow service comprise: providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key; receiving the encrypted copy of the private key from the private key holder via the secure upload webpage; storing the encrypted copy of the private key in memory; providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key; receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and decrypting the private key in response to the instruction to decrypt the private key.

70 Citations

View as Search Results

35 Claims

1. A computer-implemented method of securely providing a private key escrow service, comprising:
- providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key;
  
  receiving the encrypted copy of the private key from the private key holder via the secure upload webpage;
  
  storing the encrypted copy of the private key in memory;
  
  providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key;
  
  receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and
  
  decrypting the private key in response to the instruction to decrypt the private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the encrypted copy of the private key is protected by a passcode.
  - 3. The method of claim 2, wherein the encrypted copy of the private key is protected by the passcode such that the private key escrow service is unable to access an unencrypted copy of the private key without the passcode.
  - 4. The method of claim 3, wherein the instruction to decrypt includes the passcode, and wherein decrypting the private key comprises decrypting the private key using the passcode.
  - 5. The method of claim 1, wherein storing the encrypted copy of the private key in memory further comprises:
    - storing the encrypted copy of the private key in secure memory.
  - 6. The method of claim 5, wherein storing the encrypted copy of the private key in secure memory further comprises:
    - storing the encrypted copy of the private key in memory such that the encrypted copy of the private key may not be accessed by any human user.
  - 7. The method of claim 1, wherein decrypting the private key further comprises:
    - accessing an unencrypted form of the private key; and
      
      using the unencrypted private key to securely communicate with one or more clients.
  - 8. The method of claim 7, wherein using the unencrypted private key to securely communicate with one or more clients further comprises:
    - using the unencrypted private key to mitigate against a Secure Sockets Layer (“
      
      SSL”
      
      ) Denial-of-Service (“
      
      DoS”
      
      ) attack.
  - 9. The method of claim 8, wherein the SSL DoS attack comprises an attack against one or more servers of the private key holder.
  - 10. The method of claim 7, further comprising:
    - providing a secure decommission webpage for allowing the private key holder to decommission the private key.
  - 11. The method of claim 10, wherein decommissioning the private key comprises:
    - instructing the private key escrow service to cease using the unencrypted private key to communicate with clients.
  - 12. The method of claim 11, wherein decommissioning the private key further comprises:
    - instructing the private key escrow service to permanently delete the unencrypted private key.
  - 13. The method of claim 12, wherein decommissioning the private key further comprises:
    - sending a reminder to the private key holder to revoke a public key certificate associated with the private key.
  - 14. The method of claim 12, wherein decommissioning the private key further comprises:
    - providing an audit report to the private key holder concerning actions taken by the private key escrow service with respect to the private key.
  - 15. The method of claim 1, further comprising:
    - providing a secure deletion page for allowing the private key holder to delete one or more encrypted or unencrypted private keys entrusted to the private key escrow service.
  - 16. The method of claim 1, further comprising:
    - providing an audit report to the private key holder concerning actions taken by the private key escrow service with respect to the private key.
  - 17. The method of claim 1, further comprising:
    - providing a secure account management page for allowing the private key holder to manage one or more private keys entrusted to the private key escrow service.

18. A system for securely providing a private key escrow service, comprising:
- providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key;
  
  a processing system comprising one or more processors;
  
  one or more communications ports for receiving communications from one or more networked devices and transmitting communications to one or more networked devices; and
  
  a memory system comprising one or more computer-readable media, wherein the computer-readable media store instructions that, when executed by the processing system, cause the system to perform the operations of;
  
  receiving the encrypted copy of the private key from the private key holder via the secure upload webpage;
  
  storing the encrypted copy of the private key in memory;
  
  providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key;
  
  receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage; and
  
  decrypting the private key in response to the instruction to decrypt the private key.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The system of claim 18, wherein the encrypted copy of the private key is protected by a passcode.
  - 20. The system of claim 19, wherein the encrypted copy of the private key is protected by the passcode such that the private key escrow service is unable to access an unencrypted copy of the private key without the passcode.
  - 21. The system of claim 20, wherein the instruction to decrypt includes the passcode, and wherein decrypting the private key comprises decrypting the private key using the passcode.
  - 22. The system of claim 18, wherein storing the encrypted copy of the private key in memory further comprises:
    - storing the encrypted copy of the private key in secure memory.
  - 23. The system of claim 22, wherein storing the encrypted copy of the private key in secure memory further comprises:
    - storing the encrypted copy of the private key in memory such that the encrypted copy of the private key may not be accessed by any human user.
  - 24. The system of claim 18, wherein decrypting the private key further comprises:
    - accessing an unencrypted form of the private key; and
      
      using the unencrypted private key to securely communicate with one or more clients.
  - 25. The system of claim 24, wherein using the unencrypted private key to securely communicate with one or more clients further comprises:
    - using the unencrypted private key to mitigate against a Secure Sockets Layer (“
      
      SSL”
      
      ) Denial-of-Service (“
      
      DoS”
      
      ) attack.
  - 26. The system of claim 25, wherein the SSL DoS attack comprises an attack against one or more servers of the private key holder.
  - 27. The system of claim 24, the operations further comprising:
    - providing a secure decommission webpage for allowing the private key holder to decommission the private key.
  - 28. The system of claim 27, wherein decommissioning the private key comprises:
    - instructing the private key escrow service to cease using the unencrypted private key to communicate with clients.
  - 29. The system of claim 28, wherein decommissioning the private key further comprises:
    - instructing the private key escrow service to permanently delete the unencrypted private key.
  - 30. The system of claim 29, wherein decommissioning the private key further comprises:
    - sending a reminder to the private key holder to revoke a public key certificate associated with the private key.
  - 31. The system of claim 29, wherein decommissioning the private key further comprises:
    - providing an audit report to the private key holder concerning actions taken by the private key escrow service with respect to the private key.
  - 32. The system of claim 18, the operations further comprising:
    - providing a secure deletion page for allowing the private key holder to delete one or more encrypted or unencrypted private keys entrusted to the private key escrow service.
  - 33. The system of claim 18, the operations further comprising:
    - providing an audit report to the private key holder concerning actions taken by the private key escrow service with respect to the private key.
  - 34. The system of claim 18, the operations further comprising:
    - providing a secure account management page for allowing the private key holder to manage one or more private keys entrusted to the private key escrow service.

35. A computer-implemented method of securely providing a private key escrow service, comprising:
- providing a secure upload webpage for a private key holder to upload an encrypted copy of a private key, wherein the encrypted copy of the private key is protected by a first passcode such that the private key escrow service is unable to access an unencrypted copy of the private key without the first passcode, and wherein the secure upload webpage requires the private key holder to specify a second passcode for additionally securing the encrypted copy of the private key;
  
  receiving the encrypted copy of the private key and the second passcode from the private key holder via the secure upload webpage;
  
  storing the encrypted copy of the private key in memory in association with the second passcode;
  
  providing a secure decryption webpage for the private key holder to enable the private key escrow service to decrypt the private key;
  
  receiving an instruction to decrypt the private key from the private key holder through the secure decryption webpage, wherein the instruction to decrypt the private key includes the first passcode and the second passcode;
  
  decrypting the private key using the first passcode in response to the instruction to decrypt the private key and a determination that the private key holder has correctly provided the second passcode via the secure decryption webpage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Pandrangi, Ramakant, Scalzo, Frank

Granted Patent

US 8,971,539 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2131   Lost password, e.g. recover...

H04L 9/0894   Escrow, recovery or storing...

MANAGEMENT OF SSL CERTIFICATE ESCROW

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

70 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGEMENT OF SSL CERTIFICATE ESCROW

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links