Security information acquisition

US 6,513,116 B1
Filed: 09/29/1998
Issued: 01/28/2003
Est. Priority Date: 05/16/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method, including steps of:

maintaining a base root certificate in storage at a client; and

using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides an improved method and system for security information acquisition. A relatively small amount of nonvolatile storage at the client consumer electronic device is used to obtain a chain of trusted root certificates, thus providing each client consumer electronic device with a trustable technique for access to secure communication. The trusted root certificates are provided by one or more TSIPs (trusted security information providers), and are chained together so that a current root certificate can be obtained by the client consumer electronic device, even using an expired root certificate. The client consumer electronic device uses a current root certificate to obtain a SIO (security information object) from the TSIP. The SIO includes information regarding at least one trusted entity, such as a one or more trusted entity certificates, and other trust information. The SIO is digitally signed by the TSIP and can be verified by the client consumer electronic device using the current root certificate.

115 Citations

View as Search Results

30 Claims

1. A method, including steps of:
- maintaining a base root certificate in storage at a client; and
  
  using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as in claim 1, wherein said security information includes a root certificate for at least one certification authority.
  - 3. A method as in claim 1, wherein said security information includes information about at least one certification authority.
  - 4. A method as in claim 1, wherein said security information includes a root certificate for at least one trusted entity.
  - 5. A method as in claim 1, wherein said storage includes nonvolatile storage.
  - 6. A method as in claim 1, wherein said storage includes sufficient storage for substantially only one said base root certificate.
  - 7. A method as in claim 1, including steps for revoking one of said plurality of root certificates.
  - 8. A method as in claim 7, wherein said steps for revoking said one root certificate include steps for issuing a new root certificate.
  - 9. A method as in claim 1, including steps for using said current root certificate to verify security information at said client from said server.
  - 10. A method as in claim 9, wherein said security information includes information about at least one trusted entity.
  - 11. A method as in claim 10, wherein said trusted entity is a financial institution, information provider, or software publisher.
  - 12. A system as in claim 11, wherein said trusted entity is a financial institution, information provider, or software publisher.

13. A system, including:
- a client device including storage having a base root certificate; and
  
  means for using said base root certificate to obtain a security information message, said security information message including a plurality of root certificates from a server wherein said plurality of root certificates forms a chain within said security information message, said security information message being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate being usable to verify a next root certificate, at least one root certificate being verifiable using said base root certificate, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. A system as in claim 13, wherein said security information includes a root certificate for at least one certification authority.
  - 15. A system as in claim 13, wherein said security information includes information about at least one certification authority.
  - 16. A system as in claim 13, wherein said security information includes a root certificate for at least one trusted entity.
  - 17. A system as in claim 13, wherein said storage includes nonvolatile storage.
  - 18. A system as in claim 13, wherein said storage includes sufficient storage for substantially only one said base root certificate.
  - 19. A system as in claim 13, including means for revoking one of said plurality of root certificates.
  - 20. A system as in claim 19, wherein said means for revoking said one root certificate includes means for issuing a new root certificate.
  - 21. A system as in claim 13, including means for using said current root certificate to verify security information at said client from said server.
  - 22. A system as in claim 21, wherein said security information includes information about at least one trusted entity.

23. In a security system, storage storing security information including:
- a plurality of root certificates received in a message from a server, wherein said plurality of root certificates forms a chain within said message, said security information being obtained before verification of any of said root certificates, said chain linking each root certificate with a next root certificate, each root certificate enabling a processor to verify a next root certificate, at least one root certificate being verifiable by the processor using a base root certificate, said base root certificate used to obtain said security information, at least one root certificate being current, each root certificate including an expiration date, and each root certificate being digitally signed using a private key for a first key pair and including a public key for the first key pair and a secure digest of a public key for a second key pair for verifying the public key for the second key pair, said security system using said current root certificate'"'"'s public key to verify secure communications received from and to send secure communications to, a trusted entity.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. Storage as in claim 23, wherein said security information includes a root certificate for at least one certification authority.
  - 25. Storage as in claim 23, wherein said security information includes information about at least one certification authority.
  - 26. Storage as in claim 23, wherein said security information includes a root certificate for at least one trusted entity.
  - 27. Storage as in claim 23, wherein said storage includes non-volatile storage.
  - 28. Storage as in claim 23, including security information from said server verifiable using said current root certificate at a client.
  - 29. A Storage as in claim 28, wherein said security information includes information about at least one trusted entity.
  - 30. Storage as in claim 29, wherein said trusted entity is a financial institution, information provider, or software publisher.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications Management LLC (Comcast Corporation)
Original Assignee
Liberate Technologies
Inventors
Valente, Luis
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/162,650
Time in Patent Office

1,582 Days
Field of Search

713/155-159, 380/282, 380/285
US Class Current

713/155
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Security information acquisition

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Security information acquisition

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links