Authentication of unknown parties in secure computer communications

US 7,949,771 B1
Filed: 09/05/2007
Issued: 05/24/2011
Est. Priority Date: 09/05/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of authenticating a party for secure computer communication, the method comprising:

a first computer receiving an SSL certificate from a second computer over a computer network, the second computer initiating a secure computer communication with the first computer over the computer network in accordance with SSL protocol, the second computer being an unknown party to the first computer and not authenticated by a certificate authority;

the first computer locally processing the SSL certificate in the first computer to determine a trustworthiness of the second computer even without necessarily having to consult a remotely located public whitelist of trusted parties;

the first computer converting the SSL certificate into an input vector having fields of the SSL certificate as features;

the first computer using the input vector to classify the SSL certificate to determine the trustworthiness of the SSL certificate;

wherein the first computer locally processing the SSL certificate to determine the trustworthiness of the second computer comprises;

the first computer extracting the fields of the SSL certificate; and

the first computer taking a hash of each of the fields to create input data; and

wherein the first computer provides the input data to a model configured to determine if the SSL certificate is a trusted or non-trusted digital certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication of an unknown party in a secure computer communication may be performed even without consulting a public whitelist of trusted parties. A digital certificate from an unknown party not authenticated by a trusted certificate authority may be locally processed to determine if the digital certificate is a trusted, non-trusted, or unknown digital certificate. For example, a model may be created by training a support vector machine to classify a digital certificate. The model may be provided to a computer involved in secure computer communication. The computer may receive an incoming digital certificate, extract fields from the incoming digital certificate, and take a hash of the extracted fields perform input data that may be employed by the model to determine if the incoming digital certificate is a trusted, non-trusted, or unknown digital certificate.

Citations

9 Claims

1. A computer-implemented method of authenticating a party for secure computer communication, the method comprising:
- a first computer receiving an SSL certificate from a second computer over a computer network, the second computer initiating a secure computer communication with the first computer over the computer network in accordance with SSL protocol, the second computer being an unknown party to the first computer and not authenticated by a certificate authority;
  
  the first computer locally processing the SSL certificate in the first computer to determine a trustworthiness of the second computer even without necessarily having to consult a remotely located public whitelist of trusted parties;
  
  the first computer converting the SSL certificate into an input vector having fields of the SSL certificate as features;
  
  the first computer using the input vector to classify the SSL certificate to determine the trustworthiness of the SSL certificate;
  
  wherein the first computer locally processing the SSL certificate to determine the trustworthiness of the second computer comprises;
  
  the first computer extracting the fields of the SSL certificate; and
  
  the first computer taking a hash of each of the fields to create input data; and
  
  wherein the first computer provides the input data to a model configured to determine if the SSL certificate is a trusted or non-trusted digital certificate.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the second computer comprises a web server in communication with a web browser in the first computer.
  - 3. The method of claim 1 wherein the first computer locally processing the digital certificate comprises determining whether the digital certificate is a trusted digital certificate, non-trusted digital certificate, or unknown digital certificate.
  - 4. The method of claim 1 wherein the computer network comprises the Internet.

5. A computer-implemented method of authenticating a party for secure computer communication, the method comprising:
- a first computer receiving a digital certificate from a second computer over a computer network, the second computer initiating a secure computer communication with the first computer over the computer network, the second computer being an unknown party to the first computer and not authenticated by a certificate authority;
  
  the first computer processing the digital certificate in the first computer to determine a trustworthiness of the second computer even without necessarily having to consult a remotely located public whitelist of trusted parties;
  
  the first computer converting the digital certificate into an input vector having fields of the digital certificate as features;
  
  the first computer using the input vector to classify the digital certificate to determine the trustworthiness of the digital certificate;
  
  wherein the first computer processing the digital certificate to determine the trustworthiness of the second computer comprises;
  
  the first computer extracting the fields of the digital certificate; and
  
  the first computer taking a hash of each of the fields to create input data; and
  
  wherein the first computer provides the input data to a model configured to determine if the digital certificate is a trusted or non-trusted digital certificate.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5 wherein the digital certificate comprises an SSL certificate.
  - 7. The method of claim 5 wherein the secure computer communication is in accordance with the SSL protocol.
  - 8. The method of claim 5 wherein the second computer comprises a web server in communication with a web browser in the first computer.
  - 9. The method of claim 5 wherein processing the digital certificate comprises determining whether the digital certificate is a trusted digital certificate, non-trusted digital certificate, or unknown digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Chen, Jerry Jen-Chih, Chia, Li
Primary Examiner(s)
Dalencourt; Yves

Application Number

US11/899,429
Time in Patent Office

1,357 Days
Field of Search

709/229, 713/152, 713/155, 713/156, 713/167, 713/173
US Class Current

709/229
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/166 at the transport layer

Authentication of unknown parties in secure computer communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of unknown parties in secure computer communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links