Trust information delivery scheme for certificate validation
First Claim
Patent Images
1. A method comprising:
- receiving, from a computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device;
hashing a public key portion of the unverified root certificate to generate a digest;
certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values;
receiving a trust information object comprising a second plurality of hash values and a plurality of trust vectors; and
overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively.
5 Assignments
0 Petitions
Accused Products
Abstract
A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.
231 Citations
19 Claims
-
1. A method comprising:
-
receiving, from a computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device; hashing a public key portion of the unverified root certificate to generate a digest; certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values; receiving a trust information object comprising a second plurality of hash values and a plurality of trust vectors; and overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving, from a computing device, a certificate chain comprising a plurality of unverified certificates, wherein the plurality of unverified certificates comprises a first unverified certificate of a certificate authority issuing the plurality of unverified certificates; hashing the first unverified certificate to generate a digest; certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values; starting a session with the computing device; receiving a second plurality of hash values and a plurality of trust vectors; and overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving, from a computing device, a first trust information object comprising at least a plurality of hash values, each hash value being hashed from a trusted entity certificate, and a plurality of trust vectors, each trust vector corresponding to one of the plurality of hash values, the trust vectors indicative of a level of trust associated with a particular trusted entity certificate; receiving, from the computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device; hashing a public key portion of the unverified root certificate to generate a digest; determining that the digest matches one of a first plurality of previously stored hash values; starting a session with the computing device; receiving a second trust information object; and overwriting the first trust information object with the second trust information object. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification