Managing cell sites in a radio access network
US-2024224030-A1 · Jul 4, 2024 · US
Verifying and enforcing certificate use
US10270602B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10270602-B2 |
| Application number | US-24301408-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 1, 2008 |
| Priority date | Oct 1, 2008 |
| Publication date | Apr 23, 2019 |
| Grant date | Apr 23, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, system, and computer usable program product for verifying and enforcing certificate use are provided in the illustrative embodiments. A certificate is received from a sender. The certificate is validated before communicating a message associated with the certificate to a receiver. If the certificate is invalid, a policy is selected based on a type of invalidity of the certificate. An action is taken to enforce the policy for using the certificate. The certificate may be received from the sender at a proxy. The validating may further include verifying the validity of the certificate using a certificate from a certificate database accessible to the proxy over a network. the proxy may copy a part of the certificate database to a second certificate database local to the proxy. The validating may further include verifying the validity of the certificate using a certificate revocation list accessible to the proxy over a network.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method for verifying and enforcing certificate use, the computer implemented method comprising: receiving, at a certificate validation proxy, using a processor and a memory in a computer, a certificate from a sender; validating the certificate at the certificate validation proxy, by determining whether the certificate is invalid, before communicating a message associated with the certificate to a receiver; selecting at the certificate validation proxy, responsive to the certificate being invalid, a policy based on a type of invalidity of the certificate; taking an action at the certificate validation proxy to enforce the policy for using the certificate. 2. The computer implemented method of claim 1 , wherein the validating further comprises: verifying the validity of the certificate using a certificate from a certificate database, and wherein the certificate database is accessible to the certificate validation proxy over a network. 3. The computer implemented method of claim 2 , wherein the certificate validation proxy copies a part of the certificate database accessible over to the network to a second certificate database local to the certificate validation proxy. 4. The computer implemented method of claim 1 , wherein the validating further comprises: verifying the validity of the certificate using a certificate revocation list, wherein the certificate revocation list is accessible to the certificate validation proxy over a network. 5. The computer implemented method of claim 4 , wherein the certificate validation proxy copies a part of the certificate revocation list accessible over to the network to a second certificate revocation list local to the certificate validation proxy. 6. The computer implemented method of claim 1 , wherein selecting the policy further comprises: selecting the policy from a policy store, wherein the policy store is accessible to the certificate validation proxy over a network. 7. The computer implemented method of claim 6 , wherein the certificate validation proxy copies a part of the policy accessible over to the network to a second policy store local to the certificate validation proxy. 8. The computer implemented method of claim 1 , wherein an action according to the policy includes encrypting the message with a valid certificate and wherein the encrypting the message with the valid certificate further includes logging a reason for encrypting. 9. The computer implemented method of claim 1 , wherein an action according to the policy includes signing the message with a valid certificate, wherein the signing the message with the valid certificate further includes logging a reason for signing. 10. The computer implemented method of claim 8 , wherein the certificate validation proxy uses the policy to perform the action on behalf of the receiver application such that a certificate verification function of the receiver application remains unchanged. 11. The computer implemented method of claim 1 , the certificate is invalid when the expiration date of the certificate is more than a predetermined period old at the time of validating. 12. A computer usable program product comprising a non-transitory computer usable medium including computer usable code for verifying and enforcing certificate use, the computer usable code comprising: computer usable code for receiving at a certificate validation proxy a certificate from a sender; computer usable code for validating the certificate at the certificate validation proxy, by determining whether the certificate is invalid, before communicating a message associated with the certificate to a receiver; computer usable code for selecting at the certificate validation proxy, responsive to the certificate being invalid, a policy based on a type of invalidity of the certificate; computer usable code for taking an action at the certificate validation proxy to enforce the policy for using the certificate. 13. The computer usable program product of claim 12 , wherein the computer usable code for validating further comprises: computer usable code for verifying the validity of the certificate using a certificate from a certificate database, and wherein the certificate database is accessible to the certificate validation proxy over a network. 14. The computer usable program product of claim 13 , wherein the certificate validation proxy copies a part of the certificate database accessible over to the network to a second certificate database local to the certificate validation proxy. 15. The computer usable program product of claim 12 , wherein the computer usable code for validating further comprises: computer usable code for verifying the validity of the certificate using a certificate revocation list, wherein the certificate revocation list is accessible to the certificate validation proxy over a network. 16. The computer usable program product of claim 15 , wherein the certificate validation proxy copies a part of the certificate revocation list accessible over to the network to a second certificate revocation list local to the certificate validation proxy. 17. The computer usable program product of claim 12 , wherein the computer usable code for selecting the policy further comprises: computer usable code for selecting the policy from a policy store, wherein the policy store is accessible to the certificate validation proxy over a network. 18. The computer usable program product of claim 17 , wherein the certificate validation proxy copies a part of the policy accessible over to the network to a second policy store local to the certificate validation proxy. 19. The computer usable program product of claim 12 , wherein the computer usable code for taking the action according to the policy includes computer usable code for encrypting the message with a valid certificate and wherein the computer usable code for encrypting the message with the valid certificate further includes computer usable code for logging a reason for encrypting. 20. The computer usable program product of claim 12 , wherein the computer usable code for taking the action according to the policy includes computer usable code for signing the message with a valid certificate, wherein the computer usable code for signing the message with the valid certificate further includes computer usable code for logging a reason for signing. 21. The computer usable program product of claim 19 , wherein a computer usable code for in the certificate validation proxy uses the policy to perform the action on behalf of the receiver application such that a computer usable code for certificate verification function of the receiver application remains unchanged. 22. The computer usable program product of claim 12 , the certificate is invalid when the certificate is self-signed and of an unauthorized class. 23. A data processing system for verifying and enforcing certificate use, the data processing system comprising: a storage device including a storage medium, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises: computer usable code for receiving at a certificate validation proxy a certificate from a sender; computer usable code for validating the certificate at the certificate validation proxy, by determining whether the certificate is invalid, b
Assignees
Inventors
Classifications
Proxy, i.e. using intermediary entity to perform cryptographic operations · CPC title
- H04L9/3268Primary
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10270602B2 cover?
- A method, system, and computer usable program product for verifying and enforcing certificate use are provided in the illustrative embodiments. A certificate is received from a sender. The certificate is validated before communicating a message associated with the certificate to a receiver. If the certificate is invalid, a policy is selected based on a type of invalidity of the certificate. An …
- Who is the assignee on this patent?
- Hinton Heather Maria, IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3268. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 23 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).