Systems and methods for generating and using multiple pre-signed cryptographic responses

US 9,184,919 B2
Filed: 06/22/2012
Issued: 11/10/2015
Est. Priority Date: 06/22/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

generating multiple cryptographic datasets corresponding to a single encryption key, each cryptographic dataset having a different validity period;

upon a user request, identifying one or more cryptographic datasets that are still valid among the multiple cryptographic datasets;

identifying a cryptographic dataset having a shortest validity period among the one or more cryptographic datasets that are still valid; and

providing the identified cryptographic dataset to the user in response to identifying the cryptographic dataset having the shortest validity period.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for generating and using multiple pre-signed cryptographic responses. In one implementation, the method includes generating multiple cryptographic datasets. Each cryptographic dataset has a different validity period. The method further includes upon a user request, identifying one or more cryptographic datasets that are still valid among the multiple cryptographic datasets. The method further includes identifying a cryptographic dataset having the shortest validity period among the one or more cryptographic datasets that are still valid. The method also includes providing the identified cryptographic dataset to the user.

Citations

20 Claims

1. A computer-implemented method, comprising:
- generating multiple cryptographic datasets corresponding to a single encryption key, each cryptographic dataset having a different validity period;
  
  upon a user request, identifying one or more cryptographic datasets that are still valid among the multiple cryptographic datasets;
  
  identifying a cryptographic dataset having a shortest validity period among the one or more cryptographic datasets that are still valid; and
  
  providing the identified cryptographic dataset to the user in response to identifying the cryptographic dataset having the shortest validity period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the multiple cryptographic datasets include a first cryptographic dataset having a first validity period, and a second cryptographic dataset having a second validity period shorter than the first validity period, wherein method includes:
    - determining if the second cryptographic dataset has expired;
      
      if the second cryptographic dataset has not expired, providing the second cryptographic dataset to the user; and
      
      if the second cryptographic dataset has expired, providing the first cryptographic dataset to the user.
  - 3. The method of claim 2, wherein the multiple cryptographic datasets further include a third cryptographic dataset having a third validity period shorter than the first validity period and longer than the second validity period, wherein the method further includes:
    - determining if the third cryptographic dataset has expired;
      
      if the third cryptographic dataset has not expired, providing the third cryptographic dataset to the user; and
      
      if the third cryptographic dataset has expired, providing the first cryptographic dataset to the user.
  - 4. The method of claim 1, wherein the multiple cryptographic datasets are Domain Name System records.
  - 5. The method of claim 1, wherein the multiple cryptographic datasets are Online Certificate Status Protocol pre-signed responses.
  - 6. The method of claim 2, wherein the first validity period is longer than 7 days, and the second validity period is shorter than 7 days.
  - 7. The method of claim 1, wherein the multiple cryptographic datasets have an identical Time-To-Live period, but different expiration times.
  - 8. The method of claim 1, wherein the multiple cryptographic datasets have different Time-To-Live periods.

9. A system, comprising:
- a generator configured to generate multiple cryptographic datasets corresponding to a single encryption key, each cryptographic dataset having a different validity period; and
  
  a server configured to;
  
  upon a user request, identify one or more cryptographic datasets that are still valid among the multiple cryptographic datasets;
  
  identify a cryptographic dataset having a shortest validity period among the one or more cryptographic datasets that are still valid; and
  
  provide the identified cryptographic dataset to the user in response to identifying the cryptographic dataset having the shortest validity period.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the multiple cryptographic datasets include a first cryptographic dataset having a first validity period, and a second cryptographic dataset having a second validity period shorter than the first validity period, wherein the server is configured to:
    - determine if the second cryptographic dataset has expired;
      
      if the second cryptographic dataset has not expired, provide the second cryptographic dataset to the user; and
      
      if the second cryptographic dataset has expired, provide the first cryptographic dataset to the user.
  - 11. The system of claim 10, wherein the multiple cryptographic datasets further include a third cryptographic dataset having a third validity period shorter than the first validity period and longer than the second validity period, wherein the server is further configured to:
    - determine if the third cryptographic dataset has expired;
      
      if the third cryptographic dataset has not expired, provide the third cryptographic dataset to the user; and
      
      if the third cryptographic dataset has expired, provide the first cryptographic dataset to the user.
  - 12. The system of claim 9, wherein the generator is a Domain Name System Security Extensions signing infrastructure and the multiple cryptographic datasets are Domain Name System records.
  - 13. The system of claim 9, wherein the generator is an Online Certificate Status Protocol signing infrastructure and the multiple cryptographic datasets are Online Certificate Status Protocol pre-signed responses.
  - 14. The system of claim 10, wherein the first validity period is longer than 7 days, and the second validity period is shorter than 7 days.
  - 15. The system of claim 9, wherein the generator is further configured to push the multiple cryptographic datasets to the server.

16. A non-transitory computer-readable medium having stored thereon instructions that, when executed by a processor, performs a method comprising:
- generating multiple cryptographic datasets corresponding to a single encryption key, each cryptographic dataset having a different validity period;
  
  upon a user request, identifying one or more cryptographic datasets that are still valid among the multiple cryptographic datasets;
  
  identifying a cryptographic dataset having a shortest validity period among the one or more cryptographic datasets that are still valid; and
  
  providing the identified cryptographic dataset to the user in response to identifying the cryptographic dataset having the shortest validity period.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16, wherein the multiple cryptographic datasets include a first cryptographic dataset having a first validity period, and a second cryptographic dataset having a second validity period shorter than the first validity period, wherein the method further comprises:
    - determining if the second cryptographic dataset has expired;
      
      if the second cryptographic dataset has not expired, providing the second cryptographic dataset to the user; and
      
      if the second cryptographic dataset has expired, providing the first cryptographic dataset to the user.
  - 18. The computer-readable medium of claim 16, wherein the multiple cryptographic datasets are Domain Name System records.
  - 19. The computer-readable medium of claim 16, wherein the multiple cryptographic datasets are Online Certificate Status Protocol pre-signed responses.
  - 20. The computer-readable medium of claim 17, wherein the first validity period is longer than 7 days, and the second validity period is shorter than 7 days.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Ghosh, Dipankar
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US13/530,951
Publication Number

US 20130346746A1
Time in Patent Office

1,236 Days
Field of Search

713/158
US Class Current

1/1
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0823   using certificates cryptogr...

H04L 9/3268   using certificate validatio...

Systems and methods for generating and using multiple pre-signed cryptographic responses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for generating and using multiple pre-signed cryptographic responses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links