What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue May 04 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Dynamically analyzing third-party application website certificates across users to detect malicious activity

US10999080B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10999080-B2
Application number	US-201816039275-A
Country	US
Kind code	B2
Filing date	Jul 18, 2018
Priority date	Jun 22, 2018
Publication date	May 4, 2021
Grant date	May 4, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A verification server provides certificate verification services to users of third-party application sites. In some embodiments, a verifier component of a user's client device provides the verification server with a certificate of a third-party application site, and the verification server indicates whether the certificate is successfully verified. In response to successful verification, the verifier component of the user's client device takes an action such as permitting the user's credentials to be provided to the third-party application site. In some embodiments, verifier components of numerous client devices provide certificates to the verification server, based on which the verification server learns which certificates are valid for a given third-party application site.

First claim

Opening claim text (preview).

What is claimed is: 1. A non-transitory computer-readable storage medium storing executable instructions that when executed by a processor of a client device perform actions comprising: requesting, for a user, a web page of a third-party application website; receiving the web page and a corresponding certificate from the third-party application website; sending, to a server by a verifier component of the client device, a representation of the certificate and an identifier of the third-party application website; receiving an indication from the server that the representation matches a stored certificate representation of the third-party application website; responsive to receiving the indication, permitting, by the verifier component, credentials of the user to be provided to the third-party application website; requesting, for a user, a web page of a second third-party application website; receiving the web page of the second third-party application website and a corresponding second certificate; sending, to the server by the verifier component of the client device, a second representation of the second certificate and an identifier of the second third-party application website; receiving a second indication from the server that the second representation fails to match a stored certificate representation of the second third-party application website; and responsive to receiving the second indication: initiating a virtual private network (VPN) connection with a trusted server, using the VPN connection to communicate with the second third-party application website, receiving a third certificate from the second third-party application website, sending, to the server by the verifier component of the client device, a third representation of the third certificate and an identifier of the second third-party application website, receiving a third indication from the server that the third representation matches a stored certificate representation of the second third-party application website, and responsive to receiving the third indication, ceasing to use the VPN connection for communication with the second third-party application website. 2. The non-transitory computer-readable storage medium of claim 1 , the actions further comprising computing a fingerprint of the certificate as the certificate representation. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the verifier component is a web browser plugin. 4. The non-transitory computer-readable storage medium of claim 1 , wherein the client device is a smartphone, and the verifier component is a security application installed on the smartphone. 5. A computer-implemented method performed on a client device, the computer-implemented method comprising: requesting, for a user, a web page of a third-party application website; receiving the web page and a corresponding certificate from the third-party application website; sending, to a server by a verifier component of the client device, a representation of the certificate and an identifier of the third-party application website; receiving an indication from the server that the representation matches a stored certificate representation of the third-party application website; responsive to receiving the indication, permitting, by the verifier component, credentials of the user to be provided to the third-party application website; requesting, for a user, a web page of a second third-party application website; receiving the web page of the second third-party application website and a corresponding second certificate; sending, to the server by the verifier component of the client device, a second representation of the second certificate and an identifier of the second third-party application website; receiving a second indication from the server that the second representation fails to match a stored certificate representation of the second third-party application website; and responsive to receiving the second indication: initiating a virtual private network (VPN) connection with a trusted server, using the VPN connection to communicate with the second third-party application website, receiving a third certificate from the second third-party application website, sending, to the server by the verifier component of the client device, a third representation of the third certificate and an identifier of the second third-party application website, receiving a third indication from the server that the third representation matches a stored certificate representation of the second third-party application website, and responsive to receiving the third indication, ceasing to use the VPN connection for communication with the second third-party application website. 6. The computer-implemented method of claim 5 , further comprising computing a fingerprint of the certificate as the certificate representation. 7. The computer-implemented method of claim 5 , wherein the verifier component is a web browser plugin. 8. The computer-implemented method of claim 5 , wherein the client device is a smartphone, and the verifier component is a security application installed on the smartphone. 9. A computer system comprising: a computer processor; and a non-transitory computer-readable storage medium storing executable instructions that when executed by the computer processor perform actions comprising: requesting, for a user, a web page of a third-party application website; receiving the web page and a corresponding certificate from the third-party application website; sending, to a server by a verifier component of the computer system, a representation of the certificate and an identifier of the third-party application website; receiving an indication from the server that the representation matches a stored certificate representation of the third-party application website; responsive to receiving the indication, permitting, by the verifier component, credentials of the user to be provided to the third-party application website; requesting, for a user, a web page of a second third-party application web site; receiving the web page of the second third-party application website and a corresponding second certificate; sending, to the server by the verifier component of the computer system, a second representation of the second certificate and an identifier of the second third-party application website; receiving a second indication from the server that the second representation fails to match a stored certificate representation of the second third-party application website; and responsive to receiving the second indication: initiating a virtual private network (VPN) connection with a trusted server, using the VPN connection to communicate with the second third-party application website, receiving a third certificate from the second third-party application website, sending, to the server by the verifier component of the computer system, a third representation of the third certificate and an identifier of the second third-party application website, receiving a third indication from the server that the third representation matches a stored certificate representation of the second third-party application website, and responsive to receiving the third indication, ceasing to use the VPN connection for communication with the second third-party application website. 10. The computer system of claim 9 , the actions further comprising computing a fingerprint of the certificate as the certificate representation. 11. The computer system of claim 9 , wherein the verifier component is a web browser plugin. 12. The computer system of clai

Assignees

Okta Inc

Inventors

Classifications

G06F2221/2115
Third party · CPC title
H04L9/0643
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
G06F21/33
using certificates · CPC title
H04L63/12
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title

Patent family

Related publications grouped by family.

View patent family 68980862

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10999080B2 cover?: A verification server provides certificate verification services to users of third-party application sites. In some embodiments, a verifier component of a user's client device provides the verification server with a certificate of a third-party application site, and the verification server indicates whether the certificate is successfully verified. In response to successful verification, the ve…
Who is the assignee on this patent?: Okta Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue May 04 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).