DIGITAL CERTIFICATE VALIDATION USING UNTRUSTED DATA

US 20190319809A1
Filed: 04/16/2019
Published: 10/17/2019
Est. Priority Date: 04/17/2018
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a target recipient for a digital certificate, the method comprising:

receiving, at a certificate authority authentication system, a request for a digital certificate, the request including a public key of a public-private key pair, an identification of a target certificate recipient, and untrusted certificate validation data;

automatically initiating a communication link using the untrusted certificate validation data to generate verified untrusted certificate validation data;

following, or concurrently with, the automatically initiating the communication link, comparing at least one of the untrusted certificate validation data or the verified untrusted certificate validation data with entity specific data obtained from a confirmation computing system to generate trusted certificate validation data;

comparing the trusted certificate validation data with the verified untrusted certificate validation data;

based at least in part on an identification of a match between the confirmed certificate validation data and the verified untrusted certificate validation data, authenticating the target certificate recipient; and

issuing the requested digital certificate for the target certificate recipient.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and apparatus for authenticating target recipients for digital certificates. A certificate authority authentication system receives a request from an entity for a digital certificate including untrusted certificate validation data. The authentication system initiates a communication link using to untrusted certificate validation data to generate verified untrusted certificate validation data. Subsequently or concurrently, the system obtains, from a confirmation computing system, trusted certificate validation data. The authentication system compares the verified untrusted certificate validation data with the trusted certificate validation data and, based on the comparison, authenticates the entity and issues the requested digital certificate.

0 Citations

20 Claims

1. A method for authenticating a target recipient for a digital certificate, the method comprising:
- receiving, at a certificate authority authentication system, a request for a digital certificate, the request including a public key of a public-private key pair, an identification of a target certificate recipient, and untrusted certificate validation data;
  
  automatically initiating a communication link using the untrusted certificate validation data to generate verified untrusted certificate validation data;
  
  following, or concurrently with, the automatically initiating the communication link, comparing at least one of the untrusted certificate validation data or the verified untrusted certificate validation data with entity specific data obtained from a confirmation computing system to generate trusted certificate validation data;
  
  comparing the trusted certificate validation data with the verified untrusted certificate validation data;
  
  based at least in part on an identification of a match between the confirmed certificate validation data and the verified untrusted certificate validation data, authenticating the target certificate recipient; and
  
  issuing the requested digital certificate for the target certificate recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the confirmation computing system is distinct from and unaffiliated with the target certificate recipient.
  - 3. The method of claim 1, wherein the comparing the at least one of the untrusted certificate validation data or the verified untrusted certificate validation data with the entity specific data occurs only after the using the untrusted certificate validation data to generate the verified untrusted certificate validation data.
  - 4. The method of claim 1, wherein the verified untrusted certificate validation data corresponds to the untrusted certificate validation data after it has been verified with the target certificate recipient.
  - 5. The method of claim 1, wherein the using the untrusted certificate validation data to generate the verified untrusted certificate validation data comprises verifying the untrusted certificate validation data with the target certificate recipient and identifying the untrusted certificate validation data as verified untrusted certificate validation data based on the verifying.
  - 6. The method of claim 1, wherein the comparing the trusted certificate validation data with the verified untrusted certificate validation data occurs only after the untrusted certificate validation is verified.
  - 7. The method of claim 1, wherein the comparing comprises comparing the untrusted certificate validation data with the entity specific data obtained from the confirmation computing system to generate trusted certificate validation data.
  - 8. The method of claim 1, wherein the comparing comprises comparing the verified untrusted certificate validation data with the entity specific data obtained from the confirmation computing system to generate trusted certificate validation data.

9. Non-transitory computer-readable media including computer-executable instructions that, when executed by a computing system, cause the computing system to:
- receive, at a certificate authority authentication system, a request for a digital certificate, the request including a public key of a public-private key pair, an identification of a target certificate recipient, and untrusted certificate validation data;
  
  automatically initiate a communication link using the untrusted certificate validation data to generate verified untrusted certificate validation data;
  
  following, or concurrently with, the automatic initiation of the communication link, compare at least one of the untrusted certificate validation data or the verified untrusted certificate validation data with entity specific data obtained from a confirmation computing system to generate trusted certificate validation data;
  
  compare the trusted certificate validation data with the verified untrusted certificate validation data;
  
  based at least in part on an identification of a match between the confirmed certificate validation data and the verified untrusted certificate validation data, authenticate the target certificate recipient; and
  
  issue the requested digital certificate for the target certificate recipient.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The non-transitory computer-readable media of claim 9, wherein the confirmation computing system is distinct from and unaffiliated with the target certificate recipient.
  - 11. The non-transitory computer-readable media of claim 9, wherein the comparison of the at least one of the untrusted certificate validation data or the verified untrusted certificate validation data with the entity specific data occurs only after the generation of the verified untrusted certificate validation data via the automatically initiated communication link.
  - 12. The non-transitory computer-readable media of claim 9, wherein the communication link comprises a plurality of emails between the certificate authority authentication system and the target certificate recipient.
  - 13. The non-transitory computer-readable media of claim 9, wherein the communication link comprises an automatically initiated telephone call between the certificate authority authentication system and the target certificate recipient.

14. A method for authenticating a target recipient for a digital certificate, the method comprising:
- receiving, at a certificate authority authentication system, a request for a digital certificate from the target recipient, the request including a public key of a public-private key pair, an identification of the target recipient, and untrusted certificate validation data, the untrusted certificate validation data including contact information associated with the target recipient;
  
  sending, from the certificate authority authentication system, a verification request message to the target recipient using the contact information of the untrusted certificate validation data, wherein the certificate authority authentication system sends the verification request before receiving confirmation of the untrusted certificate validation data from a confirmation computing system; and
  
  receiving, at the certificate authority authentication system, a response to the verification request message and generating, based on the response, verified untrusted certificate validation data.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14 further comprising:
    - obtaining, at the certificate authority authentication system, entity specific data from the confirmation computing system;
      
      comparing, with the certificate authority authentication system, the entity specific data with the untrusted certificate validation data or the verified untrusted certificate validation data from the confirmation computing system;
      
      based at least in part on an identification of a match between the entity specific data from the confirmation computing system and the untrusted certificate validation data or the verified untrusted certificate validation data, authenticating the target recipient; and
      
      issuing the requested digital certificate to the target recipient.
  - 16. The method of claim 14, wherein the contact information in the untrusted certificate validation data comprises a phone number or email address of the target recipient and wherein sending the verification request message comprises automatically, with the certificate authority authentication system, initiating a phone call or email message using the phone number or email address of the target recipient.
  - 17. The method of claim 14, wherein the confirmation computing system is distinct from and unaffiliated with the target recipient.
  - 18. The method of claim 14, wherein receiving confirmation of the untrusted certificate validation data from the confirmation computing system comprises:
    - obtaining, at the certificate authority authentication system, entity specific data from the confirmation computing system;
      
      comparing, with the certificate authority authentication system, the entity specific data with the untrusted certificate validation data or the verified untrusted certificate validation data from the confirmation computing system; and
      
      based at least in part on an identification of a match between the entity specific data from the confirmation computing system and the untrusted certificate validation data or the verified untrusted certificate validation data, confirming the untrusted certificate validation data.
  - 19. The method of claim 14, wherein sending the verification request message to the target recipient comprises validating that the contact information included in the untrusted certificate validation data is usable to contact the target recipient.
  - 20. The method of claim 14, wherein the contact information included in the untrusted certificate validation data comprises a Uniform Resource Locator (URL) of a server associated with the target recipient and wherein sending the verification request message and receiving the response to the verification request message comprises:
    - initiating and establishing a connection between the certificate authority authentication system and the server associated with the target recipient using the URL of the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
DigiCert Incorporated
Inventors
Rowley, Richard Jeremy

Granted Patent

US 11,146,407 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/18   using different networks or...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3215   using a plurality of channe...

H04L 9/3268   using certificate validatio...

DIGITAL CERTIFICATE VALIDATION USING UNTRUSTED DATA

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

0 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

DIGITAL CERTIFICATE VALIDATION USING UNTRUSTED DATA

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others