Automated certificate management

US 9,197,630 B2
Filed: 03/08/2010
Issued: 11/24/2015
Est. Priority Date: 03/08/2010
Status: Active Grant

First Claim

Patent Images

1. At a computer system, the computer system including a processor, system memory, and a certificate store, a method for managing the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, the method comprising:

detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used for authenticated access to the resource to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired;

in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires;

publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store;

accessing a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource;

maintaining both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate;

after detecting that the configurable certificate transition period has ended;

republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate republished as a primary certificate to the certificate store;

removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and

generating a further new certificate that is to replace the new certificate when the new certificate expires.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A certificate management system provides automated management of certificate lifecycles and certificate distribution. Rather than depend upon an administrator to manually distribute and manage certificates, the system self-generates certificates, distributes the certificates to appropriate servers or other parties, and transitions from old certificates to new certificates in a well-defined manner that avoids breaking functionality. After generating one or more certificates, the system securely shares certificates in a way that parties that use them can find the new certificates without an administrator manually distributing the certificates. When it is time to update certificates, the system generates new certificates and shares the new certificates in a similar way. During a transition period, the system provides a protocol by which both old and new certificates can be used to perform authenticated access to resources, so that the transition from an old to a new certificate does not break services.

27 Citations

View as Search Results

16 Claims

1. At a computer system, the computer system including a processor, system memory, and a certificate store, a method for managing the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, the method comprising:
- detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used for authenticated access to the resource to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired;
  
  in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires;
  
  publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store;
  
  accessing a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource;
  
  maintaining both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate;
  
  after detecting that the configurable certificate transition period has ended;
  
  republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate republished as a primary certificate to the certificate store;
  
  removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and
  
  generating a further new certificate that is to replace the new certificate when the new certificate expires.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein generating a new certificate that is to replace the expiring certificate comprises invoking a local application programming interface (API) for creating certificates.
  - 3. The method of claim 1 wherein generating a new certificate that is to replace the expiring certificate comprises invoking a remote public certificate authority (CA) to generate certificates.
  - 4. The method of claim 1 wherein publishing the new certificate as a secondary certificate to the certificate store comprises placing the new certificate in a public location in the server farm secured using a common service account so that only authorized parties can access the new certificate.
  - 5. The method of claim 1 wherein detecting that the configurable certificate transition period has ended comprises detecting expiration of the expiring certificate.

6. A computer system for automatically managing the lifecycle of a plurality of certificates any of which can be used for access to a resource, the system comprising:
- a processor and memory configured to execute software instructions;
  
  a certificate store configured to store certificates;
  
  a component configured to detect pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate and a prior primary certificate both usable for authenticated access to the resource up until the prior primary certificate expired;
  
  a certificate generation component configured to generate a new certificate in response to detected pending expiration of the primary certificate and in anticipation of eventually transitioning to the new certificate to the primary certificate to replace the expiring certificate, the new certificate useable for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires;
  
  a certificate publishing component configured to publish the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store;
  
  a certificate retrieval component configured to retrieve new certificates published by the certificate publishing component;
  
  a certificate update component configured to;
  
  access a configurable certificate transition period, the configurable certificate transition period indicating a period of time that the expiring certificate and the new certificate are simultaneously valid for authenticating access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable certificate transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource; and
  
  maintain both the expiring certificate and the new certificate in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate;
  
  a certificate expiration component configured to remove the expiring certificate from the system after detecting that the configurable certificate transition period has ended, removing the expiring certificate prompting any dependent servers to also remove the expired certificate;
  
  wherein the certificate publishing component is further configured to republish the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate after detecting that the configurable certificate transition period has ended, the new certificate published as a primary certificate to the certificate store; and
  
  wherein the certificate generation component is further configured to generate a further new certificate that is to replace the new certificate when the new certificate expires.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6 wherein the certificate generation component is further configured to create an initial set of certificates upon installation of the system and configuration of a server farm for automated certificate management.
  - 8. The system of claim 6 wherein the certificate generation component is further configured to create new certificates to replace old ones nearing expiration without intervention by an administrator.
  - 9. The system of claim 6 wherein the certificate publishing component is further configured to use a standard protocol to make new certificates available upon request to other servers.
  - 10. The system of claim 6 wherein the certificate publishing component is further configured to encrypt certificates using a key shared securely with servers in the server farm.
  - 11. The system of claim 6 wherein the certificate publishing component is further configured to publish both primary and secondary certificates to allow a transition period between original and replacement certificates as certificates approach expiration.

12. A computer program product for use at a computer system, the computer system including a certificate store, the computer program product comprising a computer storage device having stored thereon instructions for controlling the computer system to manage the lifecycle of a plurality of certificates any of which can be used for authenticated access to a resource in a server farm, wherein the instructions, when executed, cause a processor to perform actions comprising:
- detecting pending expiration of a certificate that can be used for authenticated access to the resource, the expiring certificate identified as a primary certificate used for authenticated access to the resource, the expiring certificate previously promoted from a secondary certificate used to perform authenticated access to the resource within the server farm to the primary certificate in response to detecting pending expiration of a prior primary certificate, the expiring certificate and the prior primary certificate both usable for authenticated access to resource up until the prior primary certificate expired;
  
  in response to detecting pending expiration of the expiring certificate, generating a new certificate in anticipation of eventually transitioning the new certificate to the primary certificate to replace the expiring certificate and that can be used for authenticated access to the resource along with the expiring certificate up until the expiring certificate expires;
  
  publishing the new certificate as a secondary certificate used for authenticated access to the resource such that servers can authenticate access to the resource using either the expiring certificate or the new certificate, the new certificate published as a secondary certificate to the certificate store;
  
  access a configurable certificate transition period, the configurable certificate transition period indicating a period of time that both an expiring certificate and a new certificate are simultaneously valid for authenticated access to the resource prior to the expiring certificate being removed, the configurable certificate transition period selected by an administrator through the use of configurable parameters to tune the configurable transition period to a selected balance between security of the resource and certificate compatibility for accessing the resource;
  
  maintaining both the expiring certificate and the new certificate together in the certificate store as valid for authenticated access to the resource during the configurable certificate transition period so as to give other parties time to adopt the new certificate;
  
  after detecting that the configurable certificate transition period has ended;
  
  republishing the new certificate as a primary certificate to promote the new certificate from a secondary certificate to a primary certificate, the new certificate published as a primary certificate to the certificate store;
  
  removing the expiring certificate from the certificate store to prompt any dependent servers to also remove the expiring certificate; and
  
  generating a further new certificate that is to replace the new certificate when the new certificate expires.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer program product of claim 12 wherein detecting that the configurable certificate transition period has ended comprises detecting expiration of the expiring certificate.
  - 14. The computer program product of claim 12 wherein generating a new certificate that is to replace the expiring certificate comprises invoking a local application programming interface (API) for creating certificates.
  - 15. The computer program product of claim 12 wherein generating a new certificate that is to replace the expiring certificate comprises invoking a remote public certificate authority (CA) to generate certificates.
  - 16. The computer program product of claim 12 wherein publishing the new certificate as a secondary certificate to the certificate store comprises placing the new certificate in a public location in the server farm secured using a common service account so that only authorized parties can access the new certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sharif, Tariq, Brace, Colin H., Garg, Nakul
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US12/719,853
Publication Number

US 20110219227A1
Time in Patent Office

2,087 Days
Field of Search

726/14, 726/6, 713/158, 713/156, 713/164, 713/155, 380/277
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2107   File encryption

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2151   Time stamp

H04L 2463/061   applying further key deriva...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

Automated certificate management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Automated certificate management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links