Authenticating a Node in a Communication Network

US 20140237582A1
Filed: 04/23/2014
Published: 08/21/2014
Est. Priority Date: 04/07/2009
Status: Active Grant

First Claim

Patent Images

1. A method of determining a reputation score for a certificate in a communication network, the method comprising, at a client node;

receiving from a remote node the certificate;

comparing data relating to the certificate with data stored in a certificates database stored at the client node;

determining a reputation score for the certificate based on the comparison, the reputation score being usable for determining whether to trust the certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating a first node'"'"'s identity in a communication network. An authentication node receives from a second node an authentication request. The authentication request includes a first certificate that has previously been presented to the second node by a node purporting to be the first node. The authentication node retrieves a second certificate belonging to the first node from the first node, and compares the first certificate with the second certificate. If the certificates match, then the first node'"'"'s identity can be authenticated but if the certificates do not match, then the first node'"'"'s identity cannot be authenticated. The results of the comparison are then sent to the second node.

Citations

17 Claims

1. A method of determining a reputation score for a certificate in a communication network, the method comprising, at a client node;
- receiving from a remote node the certificate;
  
  comparing data relating to the certificate with data stored in a certificates database stored at the client node;
  
  determining a reputation score for the certificate based on the comparison, the reputation score being usable for determining whether to trust the certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising the step of determining whether to terminate communication with the remote node based on the reputation score.
  - 3. The method of claim 1, further comprising the step of informing a user of the reputation score, such that the user can decide whether to terminate communication with the remote node.
  - 4. The method of claim 1, further comprising storing the certificate in the database, along with further information about the certificate.
  - 5. The method of claim 4, wherein the further information comprises any one of:
    - a date and/or time the certificate was generated;
      
      a date and/or time the certificate was received;
      
      an address of the remote node;
      
      network information over which the certificate was received.
  - 6. The method of claim 1, wherein the comparison to determine the reputation score comprises any of:
    - comparing the certificate against information contained in a Certifying Authority revocation list;
      
      comparing a reputation of the remote node against information contained in a reputation list;
      
      determining if the remote node already has an existing certificate, and comparing the existing certificate with the certificate;
      
      comparing the certificate received from the remote node when the client node uses a first network, against a further certificate received from the remote node when the client node uses a further network;
      
      comparing the certificate received from the remote node against further certificates received from the remote node at different time periods or locations.
  - 7. The method of claim 5, wherein the network may be any one of a WiFi, 3G, or LTE network.
  - 8. The method of claim 1, the method comprising:
    - downloading information relating to certificates from a server; and
      
      storing the information relating to certificates in the database.
  - 9. The method of claim 8, further comprising uploading information relating to the certificate to the server.

10. A client node, the client node comprising:
- a first receiver arranged to receive a certificate from a remote node;
  
  a certificates database comprising data relating to certificates;
  
  a first processor arranged to compare data relating to the certificate with the data in the certificates database;
  
  the first processor further arranged to determining a reputation score for the certificate based on the comparison, the reputation score being usable for determining whether to trust the certificate.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The client node of claim 10, the client node further comprising a second processor arranged to determine whether to terminate the communication with the remote node based on the reputation score.
  - 12. The client node of claim 10, the client node further comprising an I/O interface, and wherein the second processor is arranged to inform a user of the reputation score, such that the user can decide whether to terminate the communication with the remote node.
  - 13. The client node of claim 10, wherein the first processor is arranged to store the certificate in the database, along with further information about the certificate.
  - 14. The client node of claim 10, wherein the first processor is arranged to compare any of:
    - The certificate received from the remote node with information contained in a Certifying Authority revocation list;
      
      a reputation of the remote node against a reputation list stored in the database;
      
      an existing certificate for the remote node against the received certificate from the remote node;
      
      the certificate received from the remote node when the client node uses a first network, against a further certificate received from the remote node when the client node uses a further network;
      
      the certificate received from the remote node against further certificates received from the remote node at different time periods or locations.
  - 15. The client node of claim 10, further comprising:
    - a transmitter for transmitting a request to a server for further information regarding certificates; and
      
      a second receiver for receiving the further information regarding certificates.
  - 16. A computer program, comprising computer readable code which, when run on a client node, causes the client node to behave as a client node as claimed in claim 10.
  - 17. A computer program product comprising a non-transitory computer readable medium and a computer program according to claim 16, wherein the computer program is stored on the non-transitory computer readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Withsecure Corporation
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
NIEMELA, Jarno

Granted Patent

US 9,602,499 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/1441   Countermeasures against mal...

H04L 63/1466   Active attacks involving in...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

Authenticating a Node in a Communication Network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a Node in a Communication Network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links