Trust information delivery scheme for certificate validation
First Claim
Patent Images
1. A method comprising:
- receiving, from a computing device, a plurality of hash values;
receiving, from the computing device, at least a first unverified root certificate associated with a certificate authority;
hashing the first unverified root certificate to generate a digest;
comparing the digest against the plurality of hash values;
determining that the digest corresponds to one of the plurality of hash values;
starting a session with the computing device; and
receiving information related to a number of signatures required for a next update of the plurality of hash values.
4 Assignments
0 Petitions
Accused Products
Abstract
A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.
213 Citations
16 Claims
-
1. A method comprising:
-
receiving, from a computing device, a plurality of hash values; receiving, from the computing device, at least a first unverified root certificate associated with a certificate authority; hashing the first unverified root certificate to generate a digest; comparing the digest against the plurality of hash values; determining that the digest corresponds to one of the plurality of hash values; starting a session with the computing device; and receiving information related to a number of signatures required for a next update of the plurality of hash values. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
communicating with a computing device to update a first plurality of hash values; hashing a public key portion of a signing certificate certifying the computing device to generate a first hash value; determining that the first hash value matches one of the first plurality of hash values; receiving a second plurality of hash values from the computing device; and overwriting the first plurality of hash values with the second plurality of hash values. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving a plurality of hash values; receiving, from a server, at least a first unverified root certificate associated with a certificate authority; hashing the first unverified root certificate to generate a digest; comparing the digest against the plurality of hash values; determining that the digest corresponds to one of the plurality of hash values; loading first data from the server to execute a script; starting a session with the server; and receiving information related to a number of signature required for a next of the plurality of hard values. - View Dependent Claims (15, 16)
-
Specification