Renewal processing of digital certificates in an asynchronous messaging environment
First Claim
Patent Images
1. A method, comprising:
- obtaining, within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate, a renewed digital certificate to replace the existing digital certificate, where the renewed digital certificate comprises a new certificate serial number, an extended attribute that stores a serial number value of the existing digital certificate, and an issuer identifier that matches an issuer identifier of the existing digital certificate;
receiving a message with a symmetric key encrypted using the existing digital certificate and identified within the message via the serial number value of the existing digital certificate; and
processing the message using the renewed digital certificate, comprising;
determining whether the symmetric key encrypted using the existing digital certificate in a message payload matches the issuer identifier and the new certificate serial number of the renewed digital certificate;
determining, in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload does not match the issuer identifier and the new certificate serial number of the renewed digital certificate, whether the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; and
in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate;
validating the renewed digital certificate; and
in response to successful validation of the renewed digital certificate;
decrypting the symmetric key using a private key of the renewed digital certificate;
decrypting the received message payload using the decrypted symmetric key; and
processing the decrypted message payload.
1 Assignment
0 Petitions
Accused Products
Abstract
A renewed digital certificate is obtained within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate to replace the existing digital certificate. The renewed digital certificate includes an extended attribute that stores a serial number value of the existing digital certificate. A message is received with a symmetric key that is encrypted using the existing digital certificate. The symmetric key is identified within the message by the serial number value of the existing digital certificate. The message is processed using the renewed digital certificate.
22 Citations
18 Claims
-
1. A method, comprising:
-
obtaining, within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate, a renewed digital certificate to replace the existing digital certificate, where the renewed digital certificate comprises a new certificate serial number, an extended attribute that stores a serial number value of the existing digital certificate, and an issuer identifier that matches an issuer identifier of the existing digital certificate; receiving a message with a symmetric key encrypted using the existing digital certificate and identified within the message via the serial number value of the existing digital certificate; and processing the message using the renewed digital certificate, comprising; determining whether the symmetric key encrypted using the existing digital certificate in a message payload matches the issuer identifier and the new certificate serial number of the renewed digital certificate; determining, in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload does not match the issuer identifier and the new certificate serial number of the renewed digital certificate, whether the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; and in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; validating the renewed digital certificate; and in response to successful validation of the renewed digital certificate; decrypting the symmetric key using a private key of the renewed digital certificate; decrypting the received message payload using the decrypted symmetric key; and processing the decrypted message payload. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
a memory that stores an existing digital certificate; and a processor programmed to; obtain, within an asynchronous messaging environment from a certificate server of an issuer of the existing digital certificate, a renewed digital certificate to replace the existing digital certificate, where the renewed digital certificate comprises a new certificate serial number, an extended attribute that stores a serial number value of the existing digital certificate, and an issuer identifier that matches an issuer identifier of the existing digital certificate; store the renewed digital certificate to the memory; receive a message with a symmetric key encrypted using the existing digital certificate and identified within the message via the serial number value of the existing digital certificate; and process the message using the renewed digital certificate, the processor being programmed to; determine whether the symmetric key encrypted using the existing digital certificate in a message payload matches the issuer identifier and the new certificate serial number of the renewed digital certificate; determine, in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload does not match the issuer identifier and the new certificate serial number of the renewed digital certificate, whether the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; and in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; validate the renewed digital certificate; and in response to successful validation of the renewed digital certificate;
decrypt the symmetric key using a private key of the renewed digital certificate;
decrypt the received message payload using the decrypted symmetric key; and
process the decrypted message payload. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a computer readable storage medium including computer readable program code, where the computer readable program code when executed on a computer causes the computer to:
-
obtain, within an asynchronous messaging environment from a certificate server of an issuer of an existing digital certificate, a renewed digital certificate to replace the existing digital certificate, where the renewed digital certificate comprises a new certificate serial number, an extended attribute that stores a serial number value of the existing digital certificate, and an issuer identifier that matches an issuer identifier of the existing digital certificate; receive a message with a symmetric key encrypted using the existing digital certificate and identified within the message via the serial number value of the existing digital certificate; and process the message using the renewed digital certificate, the computer readable program code when executed on the computer causing the computer to; determine whether the symmetric key encrypted using the existing digital certificate in a message payload matches the issuer identifier and the new certificate serial number of the renewed digital certificate; determine, in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload does not match the issuer identifier and the new certificate serial number of the renewed digital certificate, whether the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; and in response to determining that the symmetric key encrypted using the existing digital certificate in the message payload matches the issuer identifier of the renewed digital certificate and the serial number value of the existing digital certificate stored within the extended attribute of the renewed digital certificate; validate the renewed digital certificate; and in response to successful validation of the renewed digital certificate; decrypt the symmetric key using a private key of the renewed digital certificate; decrypt the received message payload using the decrypted symmetric key; and process the decrypted message payload. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification