×

Using resource records for digital certificate validation

  • US 9,641,516 B2
  • Filed: 07/01/2015
  • Issued: 05/02/2017
  • Est. Priority Date: 07/01/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:

  • receiving, by a client computer, a request to retrieve a web page at a uniform resource locator (URL) incorporating a host name;

    causing, by the client computer and in response to the receiving the request to retrieve the web page, resource records associated with the host name to be queried for an IP address of a server associated with the host name, a list of certificate authorities, a first digest of a modulus of a digital certificate, and an identifier of an owner of the host name, wherein the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name are stored within the resource records on a Domain Name System (DNS) server;

    receiving, by the client computer, from the DNS server, and in response to the causing the resource records to be queried, the IP address of the server, the list of certificate authorities, the first digest of the modulus of the digital certificate, and the identifier of the owner of the host name;

    initiating, by the client computer and based on the received IP address, establishment of a secure connection with the server;

    receiving, by the client computer, from the server, and in response to the initiating the establishment of the secure connection, the digital certificate incorporated within a communication;

    identifying, by the client computer and within the received digital certificate, a certificate authority, the modulus, and a common name of an owner of the digital certificate;

    comparing, by the client computer, the identified certificate authority to the received list of certificate authorities;

    determining, by the client computer and based on the comparing the identified certificate authority to the received list of certificate authorities, that the identified certificate authority is included in the received list of certificate authorities;

    generating, by the client computer, a second digest of the modulus;

    comparing, by the client computer, the first digest of the modulus and the second digest of the modulus;

    determining, by the client computer and based on the comparing the first digest and the second digest, that the first digest and the second digest match;

    comparing, by the client computer, the identifier of the owner of the host name and the common name of the owner of the digital certificate;

    determining, by the client computer and based on the comparing the identifier of the owner of the host name and the common name of the owner of the digital certificate, that the owner of the host name and the owner of the digital certificate match;

    completing, by the client computer and in response to the determining that the identified certificate authority is included in the received list of certificate authorities, that the first digest and the second digest match, and that the owner of the host name and the owner of the digital certificate match, the establishment of the secure connection with the server; and

    retrieving the web page.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×