Embedded extrinsic source for digital certificate validation

US 8,954,733 B2
Filed: 03/23/2012
Issued: 02/10/2015
Est. Priority Date: 03/23/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of validating a first digital certificate, the method comprising the steps of:

a computer receiving the first digital certificate including information defining a validity period and information specifying a first extrinsic source;

the computer determining that the first digital certificate includes an indicator value of criticality asserting that the computer is required to receive a current date and time value from one of a plurality of extrinsic sources;

the computer reading the first digital certificate to identify an address of the first extrinsic source;

the computer requesting the current date and time value from the first extrinsic source;

the computer receiving the current date and time value;

the computer comparing the current date and time value to the validity period of the first digital certificate; and

the computer determining if the current date and time value is within the validity period.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer uses the information included within a digital certificate to obtain a current date and time value from a trusted extrinsic trusted source and the computer compares the obtained current date and time value to a validity period included in the digital certificate to determine if the digital certificate is expired. The information included within the digital certificate specifying an extrinsic source for the current date and time value can be included in an extension of the digital certificate, and the information can specify a plurality of extrinsic sources.

9 Citations

17 Claims

1. A method of validating a first digital certificate, the method comprising the steps of:
- a computer receiving the first digital certificate including information defining a validity period and information specifying a first extrinsic source;
  
  the computer determining that the first digital certificate includes an indicator value of criticality asserting that the computer is required to receive a current date and time value from one of a plurality of extrinsic sources;
  
  the computer reading the first digital certificate to identify an address of the first extrinsic source;
  
  the computer requesting the current date and time value from the first extrinsic source;
  
  the computer receiving the current date and time value;
  
  the computer comparing the current date and time value to the validity period of the first digital certificate; and
  
  the computer determining if the current date and time value is within the validity period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein specifying the first extrinsic source includes a network location.
  - 3. The method of claim 1, wherein the step of the computer receiving the current date and time value includes the computer receiving the current date and time value from the first extrinsic source.
  - 4. The method of claim 1, further comprising the step of the computer requesting the current date and time value from a second extrinsic source.
  - 5. The method of claim 4, wherein the step of the computer receiving the current date and time value includes the computer receiving the current date and time value from the second extrinsic source.
  - 6. The method of claim 4, wherein the second extrinsic source is received by the computer from the first extrinsic source.
  - 7. The method of claim 5 wherein the current date and time value is provided to the first extrinsic source by the second extrinsic source, and wherein the current date and time value is provided to the computer by the first extrinsic source.
  - 8. The method of claim 1 wherein the step of the computer receiving the first digital certificate further includes information from the first digital certificate specifying a second extrinsic source.
  - 9. The method of claim 1, wherein the information specifying the first extrinsic source is included within an extension of the first digital certificate.
  - 10. The method of claim 1, wherein the step of the computer receiving the current date and time value, includes receiving the current date and time value within a second digital certificate.

11. A computer system to validate a digital certificate, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising;
  
  program instructions to receive a digital certificate including information defining a validity period and information specifying a first extrinsic source;
  
  program instructions to determine that the digital certificate includes an indicator value of criticality asserting that the computer is required to receive a current date and time value from one of a plurality of extrinsic sources;
  
  program instructions to read the first digital certificate to identify an address of the first extrinsic source;
  
  program instructions to request the current date and time value from the first extrinsic source;
  
  program instructions to receive the current date and time value;
  
  program instructions to compare the current date and time value to the validity period; and
  
  program instructions to determine if the current date and time value is within the validity period.

12. A computer program product to validate a digital certificate, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on at least one of the one or more tangible storage devices, the program instructions comprising;
  
  program instructions to receive a digital certificate including information defining a validity period and information specifying a first extrinsic source;
  
  program instructions to determine that the digital certificate includes an indicator value of criticality asserting that the computer is required to receive a current date and time value from one of a plurality of extrinsic sources;
  
  program instructions to read the digital certificate to identify an address of the first extrinsic source;
  
  program instructions to request the current date and time value from the first extrinsic source;
  
  program instructions to receive the current date and time value;
  
  program instructions to compare the current date and time value to the validity period; and
  
  program instructions to determine if the current date and time value is within the validity period.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer program product of claim 12 wherein the first extrinsic source includes a network location.
  - 14. The computer program product of claim 12, further comprising program instructions wherein requesting the current date and time value includes requesting the current date and time value from a second extrinsic source.
  - 15. The computer program product of claim 12, further comprising program instructions to receive the current date and time value from the second extrinsic source.
  - 16. The computer program product of claim 12, wherein the information specifying the first extrinsic source is included within an extension of the digital certificate.

17. A method of creating a digital certificate, the method comprising the steps of:
- a computer creating the digital certificate including information defining a validity period and information specifying one or more extrinsic sources; and
  
  the computer distributing the digital certificate to a receiving computer,wherein;
  
  the receiving computer is configured to read the first digital certificate to identify an address of the one or more extrinsic sources,the receiving computer is configured to determine that the digital certificate includes an indicator value of criticality asserting that the computer is required to receive a current date and time value from one of the one or more extrinsic sources,the receiving computer is configured to request the current date and time value from the one of the one or more extrinsic sources,the receiving computer is configured to receive the current date and time value,the receiving computer is configured to compare the current date and time value from the one of the one or more extrinsic sources to the validity period, andthe receiving computer is configured to determine if the current date and time value is within the validity period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Akehurst, Andrew D., McKechan, David J., Reece, Stuart J.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US13/427,954
Publication Number

US 20130254535A1
Time in Patent Office

1,054 Days
Field of Search

713/158, 713/156
US Class Current

713/158
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/32   including means for verifyi...

H04L 9/3268   using certificate validatio...

H04L 9/40   Network security protocols

Embedded extrinsic source for digital certificate validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Embedded extrinsic source for digital certificate validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links