Certificate remoting and recovery

US 8,621,205 B2
Filed: 02/12/2010
Issued: 12/31/2013
Est. Priority Date: 02/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing automated certificate management, the method comprising:

identifying a plurality of security certificates used by a first server;

determining whether at least one first certificate of the plurality of security certificates is one of;

inactive and not available;

in response to determining that the at least one first certificate of the plurality of security certificates is not available;

identifying at least one peer server, andrequesting the at least one first certificate of the plurality of security certificates from the at least one peer server; and

in response to determining that the at least one first certificate of the plurality of security certificates is inactive;

determining whether the at least one peer server comprises the inactive at least one first certificate, andremotely instructing the at least one peer server to remove the inactive at least one first certificate by sending a remove action request in response to a determination that the at least one peer server comprises the inactive at least one first certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certificate remoting and recovery may be provided. A computer may identify required security certificates and determine whether at least one required security certificate is not available. If the certificate is not available, the computer may identify a peer server and request the missing certificate from the peer server. The computer may also be operative to receive certificate management instructions from other computers.

12 Citations

View as Search Results

20 Claims

1. A method for providing automated certificate management, the method comprising:
- identifying a plurality of security certificates used by a first server;
  
  determining whether at least one first certificate of the plurality of security certificates is one of;
  
  inactive and not available;
  
  in response to determining that the at least one first certificate of the plurality of security certificates is not available;
  
  identifying at least one peer server, andrequesting the at least one first certificate of the plurality of security certificates from the at least one peer server; and
  
  in response to determining that the at least one first certificate of the plurality of security certificates is inactive;
  
  determining whether the at least one peer server comprises the inactive at least one first certificate, andremotely instructing the at least one peer server to remove the inactive at least one first certificate by sending a remove action request in response to a determination that the at least one peer server comprises the inactive at least one first certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the peer server comprises a second server located in geographic proximity to the first server.
  - 3. The method of claim 1, wherein the peer server comprises a second server in communication with the first server via a local area network.
  - 4. The method of claim 1, further comprising:
    - determining whether the at least one first certificate of the plurality of security certificates was received from the peer server; and
      
      in response to determining that the at least one first certificate of the plurality of security certificates was not received from the peer server;
      
      identifying at least one neighboring server, andrequesting the at least one first certificate of the plurality of security certificates from the at least one neighboring server.
  - 5. The method of claim 4, wherein the at least one neighboring server comprises a third server in a different geographic location from the first server.
  - 6. The method of claim 1, further comprising:
    - receiving a request to manipulate at least one second certificate of the plurality of security certificates from the peer server; and
      
      manipulating the at least one second certificate according to the received request.
  - 7. The method of claim 6, wherein the received request comprises at least one of the following:
    - importing the at least one second certificate, exporting the at least one second certificate, querying for the presence of the at least one second certificate, getting the at least one second certificate, disabling the at least one second certificate, revoking the at least one second certificate, enabling the at least one second certificate, creating the at least one second certificate, and removing the at least one second certificate.
  - 8. The method of claim 6, further comprising, wherein the received request comprises removing the at least one second certificate:
    - removing the at least one second certificate;
      
      determining whether the at least one second certificate is in a certificate thumbprint; and
      
      in response to determining that the at least one second certificate is in at least one certificate thumbprint, removing the at least one second certificate from the at least one certificate thumbprint.
  - 9. The method of claim 8, wherein identifying the plurality of security certificates used by the first server comprises retrieving a list of security certificates associated with the at least one certificate thumbprint.
  - 10. The method of claim 9, wherein the at least one certificate thumbprint is one of a plurality of certificate thumbprints associated with the first server.
  - 11. The method of claim 10, where each of the plurality of certificate thumbprints is associated with at least one automated process.
  - 12. The method of claim 8, wherein the received request comprises modifying the at least one certificate thumbprint.

13. A system for providing remote certificate management, the system comprising:
- a memory storage; and
  
  a processing unit coupled to the memory storage, wherein the processing unit is operative to;
  
  receive a request to perform an action associated with a security certificate from at least one remote computing system,determine whether the security certificate associated with the requested action is stored in the memory storage,in response to determining that the security certificate associated with the requested action is stored in the memory storage, perform the requested action on the security certificate, the requested action comprising a request to remotely remove the security certificate by sending a remove action request when it is determined that the security certificate is inactive.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, further comprising:
    - in response to determining that the security certificate associated with the requested action is not stored in the memory storage, determine whether the requested action comprises a create action; and
      
      in response to determining that the requested action comprises the create action, create the security certificate in the memory storage according to the requested action.
  - 15. The system of claim 13, wherein the requested action comprises at least one of the following:
    - an import action, an export action, a query action, a get action, a disable action, a revoke action, an enable action, a create action, and a remove action.
  - 16. The system of claim 13, wherein the requested action is received as a remote procedure call (RPC).
  - 17. The system of claim 13, further comprising:
    - in response to determining that the security certificate associated with the requested action is not stored in the memory storage;
      
      determine whether the requested action comprises an import action;
      
      in response to determining that the requested action comprises the import action, determine whether at least one peer server comprises the security certificate; and
      
      in response to determining that the at least one peer server comprises the security certificate, import the security certificate from the at least one peer server.
  - 18. The system of claim 17, wherein being operative to import the security certificate from the at least one peer server comprises being operative to execute a remote procedure call on the at least one peer server comprising a request to perform an export action on the security certificate.
  - 19. The system of claim 13, wherein the security certificate comprises an X.509 compliant security certificate.

20. A memory storage which stores a set of instructions which when executed by a computing device will cause the computing device to perform a method for providing certificate management and recovery, the method comprising:
- creating a list of a plurality of active security certificates, wherein the list of active security certificates is created according to at least one certificate thumbprint associated with at least one automated process;
  
  determining whether at least one of the plurality of active security certificates is not stored on the memory storage of the computing device executing the set of instructions;
  
  in response to determining that the at least one of the plurality of active security certificates is not stored on the memory storage;
  
  identifying at least one peer server, wherein the peer server comprises a second computing device in geographic proximity to the computing device executing the set of instructions,determining whether the at least one peer server comprises the at least one of the plurality of active security certificates not stored on the memory storage,in response to determining that the at least one peer server comprises the at least one of the plurality of active security certificates not stored on the memory storage;
  
  retrieving a copy of the at least one of the plurality of active security certificates not stored on the memory storage from the peer server, andstoring the retrieved copy of the at least one of the plurality of active security certificates on the memory storage,in response to determining that the at least one peer server does not comprise the at least one of the plurality of active security certificates not stored on the memory storage;
  
  identifying at least one neighboring server, wherein the neighboring server comprises a third computing device located in a different geographic location from the computing device executing the set of instructions,determining whether the at least one neighboring server comprises the at least one of the plurality of active security certificates not stored on the memory storage, andin response to determining that the at least one neighboring server comprises the at least one of the plurality of active security certificates not stored on the memory storage;
  
  retrieving a copy of the at least one of the plurality of active security certificates not stored on the memory storage from the neighboring server, andstoring the retrieved copy of the at least one of the plurality of active security certificates on the memory storage,receiving a first request to query as to whether at least one security certificate stored on the memory storage is not in the list of the plurality of active security certificates;
  
  determining that the at least one security certificate stored on the memory storage is not in the list of the plurality of active security certificates; and
  
  receiving a second request to remove the at least one security certificate; and
  
  remotely removing the at least one security certificate stored on the memory storage that is not in the list of the plurality of active security certificates by sending a remove action request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Byrum, Frank, Conceicao, Ladislau, Freeman, Trevor William, Kay, Jeffrey Brian, Leibmann, Matthias, Hubbell, Steven Quentin
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Jamshidi, Ghodrat

Application Number

US12/704,791
Publication Number

US 20110202759A1
Time in Patent Office

1,418 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

H04L 9/3263 involving certificates, e.g...

Certificate remoting and recovery

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Certificate remoting and recovery

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links