Trust information delivery scheme for certificate validation

US 9,288,064 B2
Filed: 12/15/2014
Issued: 03/15/2016
Est. Priority Date: 06/11/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving, from a computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device;

hashing a public key portion of the unverified root certificate to generate a digest;

certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values;

receiving a trust information object comprising a second plurality of hash values and a plurality of trust vectors; and

overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.

231 Citations

19 Claims

1. A method comprising:
- receiving, from a computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device;
  
  hashing a public key portion of the unverified root certificate to generate a digest;
  
  certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values;
  
  receiving a trust information object comprising a second plurality of hash values and a plurality of trust vectors; and
  
  overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the unverified root certificate comprises a signing certificate associated with one of a certificate authority, a software provider, and a content provider.
  - 3. The method of claim 1, wherein the hashing is performed via an MD5 or SHA-1 algorithm.
  - 4. The method of claim 1, wherein the first plurality of previously stored hash values is associated with an earlier timestamp than the second plurality of hash values.
  - 5. The method of claim 1, further comprising:
    - determining that the computing device is trusted for a secure connection by examining a bit of one of the plurality of previously stored trust vectors; and
      
      establishing the secure connection.
  - 6. The method of claim 1, further comprising:
    - receiving information related to a number of signatures required for a next update of the second plurality of hash values.

7. A method comprising:
- receiving, from a computing device, a certificate chain comprising a plurality of unverified certificates, wherein the plurality of unverified certificates comprises a first unverified certificate of a certificate authority issuing the plurality of unverified certificates;
  
  hashing the first unverified certificate to generate a digest;
  
  certifying the computing device responsive to the digest matching one of a first plurality of previously stored hash values;
  
  starting a session with the computing device;
  
  receiving a second plurality of hash values and a plurality of trust vectors; and
  
  overwriting the first plurality of previously stored hash values and a plurality of previously stored trust vectors with the second plurality of hash values and the plurality of trust vectors, respectively.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the receiving the second plurality of hash values and the plurality of trust vectors comprises receiving the second plurality of hash values and the plurality of trust vectors via a secure transmission channel.
  - 9. The method of claim 7, wherein the certificate chain comprises a signing certificate associated with one of the certificate authority, a software provider, and a content provider.
  - 10. The method of claim 7, wherein the hashing is performed via an MD5 or SHA-1 algorithm.
  - 11. The method of claim 7, wherein the first plurality of previously stored hash values is associated with an earlier timestamp than the second plurality of hash values.
  - 12. The method of claim 7, further comprising:
    - determining that the computing device is trusted for a secure connection by examining a bit of one of the plurality of previously stored trust vectors; and
      
      establishing the secure connection.
  - 13. The method of claim 7, further comprising:
    - receiving information related to a number of signatures required for a next update of the second plurality of hash values.

14. A method comprising:
- receiving, from a computing device, a first trust information object comprising at least a plurality of hash values, each hash value being hashed from a trusted entity certificate, and a plurality of trust vectors, each trust vector corresponding to one of the plurality of hash values, the trust vectors indicative of a level of trust associated with a particular trusted entity certificate;
  
  receiving, from the computing device, an unverified root certificate, wherein the unverified root certificate is for certifying the computing device;
  
  hashing a public key portion of the unverified root certificate to generate a digest;
  
  determining that the digest matches one of a first plurality of previously stored hash values;
  
  starting a session with the computing device;
  
  receiving a second trust information object; and
  
  overwriting the first trust information object with the second trust information object.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the unverified root certificate comprises a signing certificate associated with one of a certificate authority, a software provider, and a content provider.
  - 16. The method of claim 14, wherein the hashing is performed via an MD5 or SHA-1 algorithm.
  - 17. The method of claim 14, wherein the first trust information object is associated with an earlier timestamp than the second trust information object.
  - 18. The method of claim 15, further comprising:
    - determining that the computing device is trusted for a secure connection by examining a bit of a previously stored trust vector associated with the digest; and
      
      establishing the secure connection.
  - 19. The method of claim 14, further comprising:
    - receiving information related to a number of signatures required for a next update of the second trust information object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications Management LLC (Comcast Corporation)
Original Assignee
TVWorks LLC (Comcast Corporation)
Inventors
Xiao, Sihai
Primary Examiner(s)
Zee, Edward

Application Number

US14/570,417
Publication Number

US 20150100786A1
Time in Patent Office

456 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2151   Time stamp

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

Trust information delivery scheme for certificate validation

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

231 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Trust information delivery scheme for certificate validation

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

231 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links