METHOD AND SYSTEM FOR RECURSIVELY EMBEDDED CERTIFICATE RENEWAL AND REVOCATION

US 20160365985A1
Filed: 06/11/2015
Published: 12/15/2016
Est. Priority Date: 06/11/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing a certificate, comprising:

providing a certificate with an extension field, whereinthe extension field comprises renewal information andthe extension field is secured.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for renewing and revoking certificates. In one embodiment, a certificate may include a renewal extension field with renewal information. Multiple sets of renewal information may be recursively embedded. Upon determining that a certificate will shortly expire, a server may determine that the certificate has a renewal extension field with renewal information, and may request a symmetric key from a certificate authority to decrypt the renewal information. The certificate authority may respond by providing a symmetric key, and the server may use the symmetric key to decrypt the renewal information, which may include updated field values for the certificate. If a server requests a symmetric key too early, i.e., too long before a certificate expires, then certificate authority may deny the request, and the server may determine to wait and then try requesting the symmetric key again. In another embodiment, a certificate authority may revoke a certificate by providing a short lifespan and not providing a symmetric key to decrypt the renewal information.

16 Citations

View as Search Results

34 Claims

1. A method for managing a certificate, comprising:
- providing a certificate with an extension field, whereinthe extension field comprises renewal information andthe extension field is secured.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the extension field is secured through encryption.
  - 3. The method of claim 1, wherein the renewal information comprises multiple sets of renewal information.
  - 4. The method of claim 3, wherein the multiple sets of renewal information are recursively embedded.
  - 5. The method of claim 1, wherein the renewal information comprises at least one of a validity field, a CA renewal request location field, and a certificate signature value field.
  - 6. The method of claim 2, wherein the extension is secured through encryption using a unique symmetric key.
  - 7. The method of claim 3, wherein the multiple sets of renewal information are each encrypted with a unique symmetric key.
  - 8. The method of claim 7, wherein the multiple sets of renewal information are recursively embedded.
  - 9. The method of claim 2, further comprisingreceiving a request for a symmetric key to decrypt the extension field,determining that the request for a symmetric key is valid, andproviding the requested symmetric key.
  - 10. The method of claim 9, wherein determining that the request for a symmetric key is valid comprises determining that the request for a symmetric key is within an expected request time frame.
  - 11. The method of claim 9, further comprising providing at least one additional update field.

12. A method for managing a certificate, comprising:
- determining that a certificate has an extension field comprising secured renewal information;
  
  requesting a key for accessing the secured renewal information.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method of claim 12, wherein the extension field is secured through encryption.
  - 14. The method of claim 12, wherein the renewal information comprises multiple sets of renewal information.
  - 15. The method of claim 14, wherein the multiple sets of renewal information are recursively embedded.
  - 16. The method of claim 12, wherein the renewal information comprises at least one of a validity field, a CA renewal request location field, and a certificate signature value field.
  - 17. The method of claim 13, wherein the extension is secured through encryption using a unique symmetric key.
  - 18. The method of claim 14, wherein the multiple sets of renewal information are each encrypted with a unique symmetric key.
  - 19. The method of claim 18, wherein the multiple sets of renewal information are recursively embedded.
  - 20. The method of claim 13, further comprising:
    - receiving a key in response to the requesting a key;
      
      using the key to access the secured renewal information;
      
      and using the secured renewal information to update one or more fields in the certificate.
  - 21. The method of claim 12, further comprising:
    - determining that a key has not been provided, within a maximum time period, in response to the requesting a key andre-requesting the key after waiting until a waiting time period has elapsed.
  - 22. The method of claim 12, further comprising determining that the certificate will expire before a renewal time period has elapsed.
  - 23. The method of claim 20, further comprising:
    - hashing the fields of the certificate with the updated fields to generate a hash result;
      
      comparing the hash result with a certificate signature value field; and
      
      determining that the hash result matches the certificate signature value field.

24. A certificate management system, comprising:
- a certificate generation module configured to provide a certificate with an extension field, whereinthe extension field comprises renewal information andthe extension field is secured.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 25. The system of claim 24, wherein the extension field is secured through encryption.
  - 26. The system of claim 24, wherein the renewal information comprises multiple sets of renewal information.
  - 27. The system of claim 26, wherein the multiple sets of renewal information are recursively embedded.
  - 28. The system of claim 24, wherein the renewal information comprises at least one of a validity field, a CA renewal request location field, and a certificate signature value field.
  - 29. The system of claim 25, wherein the extension is secured through encryption using a unique symmetric key.
  - 30. The system of claim 26, wherein the multiple sets of renewal information are each encrypted with a unique symmetric key.
  - 31. The system of claim 30, wherein the multiple sets of renewal information are recursively embedded.
  - 32. The system of claim 25, further comprising a request processing module configured toreceive a request for a symmetric key to decrypt the extension field,determine that the request for a symmetric key is valid, andprovide the requested symmetric key.
  - 33. The system of claim 32, wherein determining that the request for a symmetric key is valid comprises determining that the request for a symmetric key is within an expected request time frame.
  - 34. The system of claim 32, wherein the request processing module is further configured provide at least one additional update field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
DigiCert Incorporated
Inventors
Pilcher, Jared, Sabin, Jason

Application Number

US14/736,411
Publication Number

US 20160365985A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 9/0819 Key transport or distributi...

H04L 9/3268 using certificate validatio...

METHOD AND SYSTEM FOR RECURSIVELY EMBEDDED CERTIFICATE RENEWAL AND REVOCATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR RECURSIVELY EMBEDDED CERTIFICATE RENEWAL AND REVOCATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links