SYSTEM AND METHOD FOR VERIFICATION OF DIGITAL CERTIFICATES

US 20140095866A1
Filed: 04/12/2013
Published: 04/03/2014
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. In a computer network, a method for analyzing authenticity digital certificates, the method comprising:

obtaining, from a plurality of diverse information sources within the computer network, initial information pertaining to digital certificates, wherein for each of the digital certificates the initial information includes;

intrinsic parameter data from among contents of the digital certificate;

extrinsic parameter data pertaining to the digital certificate and comprising static data not contained in the contents of the digital certificate;

storing, in a data store, selected parameter data from among the intrinsic parameter data and the extrinsic parameter data;

analyzing the selected parameter data to determine a measure of suspiciousness for each of the digital certificates;

based on the measure of suspiciousness, determining a need for collection of supplemental data for further analysis of any of the digital certificates;

in response to the determination of need for supplemental data for any of the digital certificates, collecting circumstantial data pertaining to that digital certificate, the circumstantial data being based on actual usage of that digital certificate;

comparing the initial data and supplemental data against a set of decision criteria, the set of decision criteria defining parameters and combinations of parameters associated with fraudulent activity; and

based on the comparing, providing a determination of authenticity of each of the digital certificates.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Analysis of authenticity digital certificates includes. Initial information pertaining to digital certificates is collected from diverse information sources. For each of the digital certificates the initial information includes intrinsic parameter data from among contents of the digital certificate and extrinsic parameter data pertaining to the digital certificate and comprising static data not contained in the contents of the digital certificate. Selected parameter data is stored and analyzed to determine a measure of suspiciousness for each of the digital certificates. If necessary, circumstantial data based on actual usage of one or more of the digital certificates are collected. The initial data and supplemental data are compared against a set of decision criteria that define fraudulent activity, and a determination of authenticity of each of the digital certificates is made.

Citations

30 Claims

1. In a computer network, a method for analyzing authenticity digital certificates, the method comprising:
- obtaining, from a plurality of diverse information sources within the computer network, initial information pertaining to digital certificates, wherein for each of the digital certificates the initial information includes;
  
  intrinsic parameter data from among contents of the digital certificate;
  
  extrinsic parameter data pertaining to the digital certificate and comprising static data not contained in the contents of the digital certificate;
  
  storing, in a data store, selected parameter data from among the intrinsic parameter data and the extrinsic parameter data;
  
  analyzing the selected parameter data to determine a measure of suspiciousness for each of the digital certificates;
  
  based on the measure of suspiciousness, determining a need for collection of supplemental data for further analysis of any of the digital certificates;
  
  in response to the determination of need for supplemental data for any of the digital certificates, collecting circumstantial data pertaining to that digital certificate, the circumstantial data being based on actual usage of that digital certificate;
  
  comparing the initial data and supplemental data against a set of decision criteria, the set of decision criteria defining parameters and combinations of parameters associated with fraudulent activity; and
  
  based on the comparing, providing a determination of authenticity of each of the digital certificates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method claim 1, wherein the initial information includes extrinsic parameter data selected from the group consisting of:
    - a URL of the information source from which the certificate was obtained, a location of one or more of the information sources from which the initial information was obtained, a location of the Internet service provider of an owner of each digital certificate, a network-determined location of a presenter of each digital certificate, information on when one or more of the information sources first encountered the certificate, or any combination thereof.
  - 3. The method claim 1, wherein the information sources include at least one information source selected from the group consisting of a certificate authority, a purported digital certificate owner, a party to whom digital certificates are presented, a search engine, or any combination thereof.
  - 4. The method claim 1, wherein the information sources include an Internet service provider (ISP and wherein the extrinsic parameter data includes information based on ISP account holder information.
  - 5. The method claim 1, wherein obtaining the initial information includes polling at least one of the information sources.
  - 6. The method claim 1, wherein obtaining the initial information is initiated by at least one of the information sources.
  - 7. The method claim 1, wherein the storing includes grouping the initial information by at lest one predetermined parameter selected from the group consisting of:
    - company name indicated in the digital certificates, uniform resource locator, geographic region of a purported owner of each digital certificate, or any combination thereof.
  - 8. The method claim 1, wherein the analyzing of the selected parameter data to determine the measure of suspiciousness includes comparing portions of the intrinsic parameter data for each certificate against the extrinsic parameter data for the same certificate.
  - 9. The method claim 1, wherein the analyzing of the selected parameter data to determine the measure of suspiciousness includes comparing portions of the initial data relating to a first digital certificate against a plurality of corresponding parameters of a plurality of other digital certificates.
  - 10. The method claim 1, wherein the analyzing of the selected parameter data to determine the measure of suspiciousness includes comparing portions of the initial data relating to a first digital certificate against a grouping based on certain parameters of a plurality of other digital certificates.
  - 11. The method claim 1, wherein the analyzing of the selected parameter data to determine the measure of suspiciousness includes comparing different parameters of the initial data relating to geographic location associated with a first digital certificate.
  - 12. The method claim 1, wherein the analyzing of the selected parameter data to determine the measure of suspiciousness includes comparing parameters of the initial data relating to validity period associated with a first digital certificate against temporal data associated with one or more other digital certificates.
  - 13. The method claim 1, wherein the circumstantial data includes temporal information representing how long the digital certificate has been used.
  - 14. The method claim 1, wherein the circumstantial data includes geographic region information on actual usage of the digital certificate.
  - 15. The method claim 1, wherein the circumstantial data includes rates of usage of the digital certificate over time.

16. A system for analyzing authenticity digital certificates comprising:
- a computer system including computing hardware and a plurality of operatively coupled modules comprising instructions executable on the computing hardware, the modules including;
  
  an initial data collection module configured to obtain, from a plurality of diverse information sources communicatively coupled to the computer system, initial information pertaining to digital certificates, wherein for each of the digital certificates the initial information includes;
  
  intrinsic parameter data from among contents of the digital certificate; and
  
  extrinsic parameter data pertaining to the digital certificate and comprising static data not contained in the contents of the digital certificate;
  
  a database configured to store selected parameter data from among the intrinsic parameter data and the extrinsic parameter data;
  
  an abnormality detection module configured to analyze the selected parameter data to determine a measure of suspiciousness for each of the digital certificates, and, based on the measure of suspiciousness, determine a need for collection of supplemental data for further analysis of any of the digital certificates;
  
  a communication module configured to collect circumstantial data in response to a determination by the abnormality detection module of a need for supplemental data for any of the digital certificates, the circumstantial data pertaining to that digital certificate, and based on actual usage of that digital certificate;
  
  a suspicious certificate detection module configured to compare the initial data and supplemental data against a set of decision criteria, the set of decision criteria defining parameters and combinations of parameters associated with fraudulent activity; and
  
  a decision module configured to provide a determination of authenticity of each of the digital certificates based on an output the suspicious certificate detection module.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The system claim 16, wherein the initial information includes extrinsic parameter data selected from the group consisting of:
    - a URL of the information source from which the certificate was obtained, a location of one or more of the information sources from which the initial information was obtained, a location of the Internet service provider of an owner of each digital certificate, a network-determined location of a presenter of each digital certificate, information on when one or more of the information sources first encountered the certificate, or any combination thereof.
  - 18. The system claim 16, wherein the information sources include at least one information source selected from the group consisting of a certificate authority, a purported digital certificate owner, a party to whom digital certificates are presented, a search engine, or any combination thereof.
  - 19. The system claim 16, wherein the information sources include an Internet service provider (ISP and wherein the extrinsic parameter data includes information based on ISP account holder information.
  - 20. The system claim 16, wherein the database stores the initial information grouped by at lest one predetermined parameter.
  - 21. The system claim 16, wherein the database stores the initial information grouped by at lest one predetermined parameter selected from the group consisting of:
    - company name indicated in the digital certificates, uniform resource locator, geographic region of a purported owner of each digital certificate, or any combination thereof.
  - 22. The system claim 16, wherein the database stores the initial information grouped by similar company name.
  - 23. The system claim 16, wherein the abnormality detection module is configured to determine the measure of suspiciousness by comparing portions of the intrinsic parameter data for each certificate against the extrinsic parameter data for the same certificate.
  - 24. The system claim 16, wherein the abnormality detection module is configured to determine the measure of suspiciousness by comparing portions of the initial data relating to a first digital certificate against a plurality of corresponding parameters of a plurality of other digital certificates.
  - 25. The system claim 16, wherein the abnormality detection module is configured to determine the measure of suspiciousness by comparing portions of the initial data relating to a first digital certificate against a grouping based on certain parameters of a plurality of other digital certificates.
  - 26. The system claim 16, wherein the abnormality detection module is configured to determine the measure of suspiciousness by comparing different parameters of the initial data relating to geographic location associated with a first digital certificate.
  - 27. The system claim 16, wherein the abnormality detection module is configured to determine the measure of suspiciousness by comparing parameters of the initial data relating to validity period associated with a first digital certificate against temporal data associated with one or more other digital certificates.
  - 28. The system claim 16, wherein the circumstantial data includes temporal information representing how long the digital certificate has been used.
  - 29. The system claim 16, wherein the circumstantial data includes geographic region information on actual usage of the digital certificate.
  - 30. The system claim 16, wherein the circumstantial data includes rates of usage of the digital certificate over time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Kaspersky Lab ZAO
Inventors
Grebennikov, Nikolay A., Monastyrsky, Alexey V., Gostev, Alexander A.

Granted Patent

US 8,732,472 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 9/3263 involving certificates, e.g...

H04L 9/3268 using certificate validatio...

SYSTEM AND METHOD FOR VERIFICATION OF DIGITAL CERTIFICATES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR VERIFICATION OF DIGITAL CERTIFICATES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links