Security information acquisition
First Claim
1. A method, including steps of:
- maintaining a base root certificate in storage at a client; and
using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair.
6 Assignments
0 Petitions
Accused Products
Abstract
The invention provides an improved method and system for security information acquisition. A relatively small amount of nonvolatile storage at the client consumer electronic device is used to obtain a chain of trusted root certificates, thus providing each client consumer electronic device with a trustable technique for access to secure communication. The trusted root certificates are provided by one or more TSIPs (trusted security information providers), and are chained together so that a current root certificate can be obtained by the client consumer electronic device, even using an expired root certificate. The client consumer electronic device uses a current root certificate to obtain a SIO (security information object) from the TSIP. The SIO includes information regarding at least one trusted entity, such as a one or more trusted entity certificates, and other trust information. The SIO is digitally signed by the TSIP and can be verified by the client consumer electronic device using the current root certificate.
-
Citations
30 Claims
-
1. A method, including steps of:
-
maintaining a base root certificate in storage at a client; and
using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, including:
-
a client device including storage having a base root certificate; and
means for using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. In a security system, storage storing security information including:
-
a plurality of root certificates received in a message from a server, wherein said plurality of root certificates forms a chain within said message, said security information being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate enabling a processor to verify a next root certificate, at least one root certificate being verifiable by the processor using a base root certificate, said base root certificate used to obtain said security information, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair, said security system using said current root certificate'"'"'s public key to verify secure communications received from and to send secure communications to, a trusted entity. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification