Trust information delivery scheme for certificate validation

US 8,935,525 B2
Filed: 04/16/2013
Issued: 01/13/2015
Est. Priority Date: 06/11/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving, from a computing device, a plurality of hash values;

receiving, from the computing device, at least a first unverified root certificate associated with a certificate authority;

hashing the first unverified root certificate to generate a digest;

comparing the digest against the plurality of hash values;

determining that the digest corresponds to one of the plurality of hash values;

starting a session with the computing device; and

receiving information related to a number of signatures required for a next update of the plurality of hash values.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.

213 Citations

16 Claims

1. A method comprising:
- receiving, from a computing device, a plurality of hash values;
  
  receiving, from the computing device, at least a first unverified root certificate associated with a certificate authority;
  
  hashing the first unverified root certificate to generate a digest;
  
  comparing the digest against the plurality of hash values;
  
  determining that the digest corresponds to one of the plurality of hash values;
  
  starting a session with the computing device; and
  
  receiving information related to a number of signatures required for a next update of the plurality of hash values.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - loading a webpage once the session has started.
  - 3. The method of claim 1, further comprising:
    - storing the plurality of hash values in a memory.
  - 4. The method of claim 1, further comprising:
    - periodically updating the plurality of hash values based on information received from a provider at boot time.
  - 5. The method of claim 1, wherein receiving the plurality of hash values further comprises receiving via a Hypertext Transfer Protocol (HTTP).
  - 6. The method of claim 1, further comprising:
    - receiving a signing certificate along with the plurality of hash values.
  - 7. The method of claim 1, wherein receiving the plurality of hash values further comprises receiving through a Hypertext Transfer Protocol (HTTP) channel over Secure Socket Layer (SSL).

8. A method comprising:
- communicating with a computing device to update a first plurality of hash values;
  
  hashing a public key portion of a signing certificate certifying the computing device to generate a first hash value;
  
  determining that the first hash value matches one of the first plurality of hash values;
  
  receiving a second plurality of hash values from the computing device; and
  
  overwriting the first plurality of hash values with the second plurality of hash values.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the signing certificate is received through a secure transmission channel that comprises a Secure Socket Layer (SSL) channel.
  - 10. The method of claim 8, further comprising:
    - storing a first plurality of trust bit vectors.
  - 11. The method of claim 8, wherein the signing certificate is received from one of a certificate authority, software provider, and a content provider.
  - 12. The method of claim 8, wherein the hash is performed via an MD5 or SHA-1 algorithm.
  - 13. The method of claim 8, wherein the first plurality of hash values are associated with an earlier timestamp than the second plurality of hash values.

14. A method comprising:
- receiving a plurality of hash values;
  
  receiving, from a server, at least a first unverified root certificate associated with a certificate authority;
  
  hashing the first unverified root certificate to generate a digest;
  
  comparing the digest against the plurality of hash values;
  
  determining that the digest corresponds to one of the plurality of hash values;
  
  loading first data from the server to execute a script;
  
  starting a session with the server; and
  
  receiving information related to a number of signature required for a next of the plurality of hard values.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14, wherein receiving the plurality of hash values further comprises receiving through a Hypertext Transfer Protocol (HTTP) channel over Secure Socket Layer (SSL).
  - 16. The method of claim 14, further comprising:
    - determining that the server comprises a web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications Management LLC (Comcast Corporation)
Original Assignee
TVWorks LLC (Comcast Corporation)
Inventors
Xiao, Sihai
Primary Examiner(s)
Zee, Edward

Application Number

US13/863,507
Publication Number

US 20130283042A1
Time in Patent Office

637 Days
Field of Search

713155-158, 713/150, 713/176, 713/177
US Class Current

713/157
CPC Class Codes

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2151   Time stamp

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

Trust information delivery scheme for certificate validation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

213 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Trust information delivery scheme for certificate validation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

213 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others