Proxy certificate management for nfv environment (pcs)
US-2024275775-A1 · Aug 15, 2024 · US
Accelerating OCSP responses via content delivery network collaboration
US10404681B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10404681-B2 |
| Application number | US-201715851590-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 21, 2017 |
| Priority date | Oct 9, 2013 |
| Publication date | Sep 3, 2019 |
| Grant date | Sep 3, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for distributing certificate validity messages to a content delivery network (CDN), the method comprising: identifying, using one or more computing devices, certificate validity messages that have been requested at least a threshold number of times within a time period to form a set of certificate validity messages; generating a plurality of updated certificate validity messages based on the set of certificate validity messages; generating, at a certificate authority (CA) server separate from the CDN, a plurality of cache keys based on the plurality of updated certificate validity messages; and sending the plurality of updated certificate validity messages and the plurality of cache keys to the CDN, wherein the CDN uses the plurality of cache keys to store the plurality of updated certificate validity messages in a cache without generating one or more cache keys at the CDN. 2. The method of claim 1 , wherein said identifying, using the one or more computing devices, certificate validity messages to form the set of certificate validity messages comprises: receiving a cache utilization measure from the CDN; and identifying, from the cache utilization measure, certificate validity messages that have been requested at least the threshold number of times within the time period. 3. The method of claim 1 , wherein each of the certificate validity messages is provided in response to a certificate status request from users and wherein each of the certificate validity messages indicates a validity status of at least one digital certificate issued by the CA server. 4. The method of claim 1 , wherein each of the certificate validity messages is an online certificate status protocol (OCSP) response. 5. The method of claim 1 further comprising: identifying, via the one or more computing devices, certificate validity messages that have been requested less than the threshold number of times within the time period to form an additional set of certificate validity messages; and allowing the certificate validity messages in the additional set of certificate validity messages to expire. 6. A computer-implemented method for distributing certificate validity messages to a content delivery network (CDN), the method comprising: identifying, via one or more computing devices, certificate validity messages that have been requested at least a threshold number of times to form a set of certificate validity messages; generating a plurality of updated certificate validity messages, based on the set of certificate validity messages; generating, at a certificate authority (CA) server separate from the CDN, a plurality of cache keys based on the plurality of updated certificate validity messages; and sending the plurality of updated certificate validity messages and the plurality of cache keys to the CDN, wherein the CDN uses the plurality of cache keys to store the plurality of updated certificate validity messages in a cache without generating one or more cache keys at the CDN. 7. The method of claim 6 , wherein said identifying, via the one or more computing devices, certificate validity messages to form the set of certificate validity messages comprises: receiving a cache utilization measure from the CDN; and identifying, from the cache utilization measure, certificate validity messages that have been requested least the threshold number of times. 8. The method of claim 6 , wherein each of the certificate validity messages is provided in response to a certificate status request from users and wherein each of the certificate validity messages indicates a validity status of at least one digital certificate issued by the CA server. 9. The method of claim 6 , wherein each of the certificate validity messages is an online certificate status protocol (OCSP) response. 10. The method of claim 6 , further comprising: identifying, via the one or more computing devices, certificate validity messages that have been requested less than the threshold number of times to form an additional set of certificate validity messages; and allowing the certificate validity messages in the additional set of certificate validity messages to expire. 11. A system, comprising: a processor; and a memory hosting an application, which, when executed on the processor, performs an operation for distributing certificate validity messages to a content delivery network (CDN), the operation comprising: identifying, via the processor, certificate validity messages that have been requested at at least a threshold frequency to form a set of certificate validity messages; generating a plurality of updated certificate validity messages based on the set of certificate validity messages; generating, at the system and separate from the CDN, a plurality of cache keys based on the plurality of updated certificate validity messages; and sending the plurality of updated certificate validity messages and the plurality of cache keys to the CDN, wherein the CDN uses the plurality of cache keys to store the plurality of updated certificate validity messages in a cache without generating one or more cache keys at the CDN. 12. The system of claim 11 , wherein each of the certificate validity messages is an online certificate status protocol (OCSP) response. 13. The system of claim 11 , wherein said identifying the certificate validity messages to form the set of certificate validity messages comprises: receiving a cache utilization measure from the CDN; and identifying, from the cache utilization measure, certificate validity messages that have been requested at at least the threshold frequency. 14. The system of claim 11 , wherein each of the plurality of cache keys is generated using a key generation algorithm used by the CDN. 15. The system of claim 11 , wherein the operation further comprises: identifying, via the processor, certificate validity messages that have been requested at less than the threshold frequency to form an additional set of certificate validity messages; and allowing the certificate validity messages in the additional set of certificate validity messages to expire.
Assignees
Inventors
Classifications
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
Electricity · mapped topic
Storing data temporarily at an intermediate stage, e.g. caching · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10404681B2 cover?
- Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certif…
- Who is the assignee on this patent?
- Digicert Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 03 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).