Dynamic association and documentation
US-2015012297-A1 · Jan 8, 2015 · US
Reducing latency for certificate validity messages using private content delivery networks
US10110592B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10110592-B2 |
| Application number | US-201314135277-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 19, 2013 |
| Priority date | Oct 9, 2013 |
| Publication date | Oct 23, 2018 |
| Grant date | Oct 23, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for reducing response latency for certificate validity messages using a private content delivery network, the method comprising: generating, by a certificate authority, a digital certificate; upon generating the digital certificate and a certificate validity message for the digital certificate, prompting, by the certificate authority, a computing server in a private content delivery network (PCDN) to request the certificate validity message, wherein the PCDN caches content for distribution to a plurality of local CDN nodes; and upon receiving a request for the certificate validity message from the PCDN, sending the certificate validity message to the PCDN. 2. The method of claim 1 , wherein the PCDN responds to requests for the certificate validity message from the plurality of local CDN nodes. 3. The method of claim 2 , wherein each local CDN node, after receiving the certificate validity message from the PCDN, caches the certificate validity message. 4. The method of claim 1 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 5. The method of claim 1 , wherein the digital certificate is an SSL certificate binding a public key listed in the certificate to a server domain named in the certificate. 6. The method of claim 1 , wherein the certificate validity message specifies a validity period for relying on the certificate validity message. 7. The method of claim 6 , further comprising: generating an updated certificate validity message for the digital certificate; and sending the updated certificate validity message to the PCDN. 8. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for reducing response latency for certificate validity messages using a private content delivery network, the operation comprising: generating, by a certificate authority, a digital certificate; upon generating the digital certificate and a certificate validity message for the digital certificate, prompting, by the certificate authority, a computing server in a private content delivery network (PCDN) to request the certificate validity message, wherein the PCDN caches content for distribution to a plurality of local CDN nodes; and upon receiving a request for the certificate validity message from the PCDN, sending the certificate validity message to the PCDN. 9. The computer-readable storage medium of claim 8 , wherein the PCDN responds to requests for the certificate validity message from the plurality of local CDN nodes. 10. The computer-readable storage medium of claim 9 , wherein each local CDN node, after receiving the certificate validity message from the PCDN, caches the certificate validity message. 11. The computer-readable storage medium of claim 8 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 12. The computer-readable storage medium of claim 8 , wherein the digital certificate is an SSL certificate binding a public key listed in the certificate to a server domain named in the certificate. 13. The computer-readable storage medium of claim 8 , wherein the certificate validity message specifies a validity period for relying on the certificate validity message. 14. The computer-readable storage medium of claim 13 , wherein the operation further comprises: generating an updated certificate validity message for the digital certificate; and sending the updated certificate validity message to the PCDN. 15. A system, comprising: a processor; and a memory hosting an application, which, when executed on the processor, performs an operation for reducing response latency for certificate validity messages using a private content delivery network, the operation comprising: generating, by a certificate authority, a digital certificate, upon generating the digital certificate and a certificate validity message for the digital certificate, prompting, by the certificate authority, a computing server in a private content delivery network (PCDN) to request the certificate validity message, wherein the PCDN caches content for distribution to a plurality of local CDN nodes, and upon receiving a request for the certificate validity message from the PCDN, sending the certificate validity message to the PCDN. 16. The system of claim 15 , wherein the PCDN responds to requests for the certificate validity message from the plurality of local CDN nodes, and wherein each local CDN node, after requesting the certificate validity message from the PCDN, caches the certificate validity message. 17. The system of claim 15 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 18. The system of claim 15 , wherein the digital certificate is an SSL certificate binding a public key listed in the certificate to a server domain named in the certificate. 19. The system of claim 15 , wherein the certificate validity message specifies a validity period for relying on the certificate validity message. 20. The system of claim 19 , wherein the operation further comprises: generating an updated certificate validity message for the digital certificate; and sending the updated certificate validity message to the PCDN.
Assignees
Inventors
Classifications
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Electricity · mapped topic
Storing data temporarily at an intermediate stage, e.g. caching · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10110592B2 cover?
- Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certif…
- Who is the assignee on this patent?
- Digicert Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 23 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).