What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Accelerating OCSP responses via content delivery network collaboration

US11212274B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11212274-B2
Application number	US-201916555598-A
Country	US
Kind code	B2
Filing date	Aug 29, 2019
Priority date	Oct 9, 2013
Publication date	Dec 28, 2021
Grant date	Dec 28, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method for distributing certificate validity messages to a content delivery network (CDN) computing device, the computer-implemented method comprising: generating, at a certificate authority (CA) computing device separate from the CDN computing device, a plurality of certificate validity messages; identifying, at the CA computing device, a CDN cache key algorithm corresponding to a cache of the CDN computing device; generating, at the CA computing device, a plurality of CDN cache keys using the CDN cache key algorithm; and transmitting, from the CA computing device to the CDN computing device, at least one certificate validity message of the plurality of certificate validity messages and at least one CDN cache key of the plurality of CDN cache keys, wherein the CDN computing device uses the at least one CDN cache key to store the at least one certificate validity message in the cache. 2. The computer-implemented method of claim 1 , further comprising identifying a set of certificate validity messages that expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificate validity messages. 3. The computer-implemented method of claim 1 , further comprising identifying a set of certificates that at least one of have been revoked or expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 4. The computer-implemented method of claim 1 , further comprising identifying a set of certificates for which a respective status has been requested by one or more client computing devices at least a threshold number of times, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 5. The computer-implemented method of claim 1 , wherein said identifying the CDN cache key algorithm, comprises: receiving the CDN cache key algorithm from the CDN computing device. 6. The computer-implemented method of claim 1 , wherein each of the plurality of certificate validity messages is an online certificate status protocol (OCSP) response. 7. The computer-implemented method of claim 1 , further comprising, transmitting, from the CA computing device to the CDN computing device, the plurality of certificate validity messages and the plurality of CDN cache keys to the CDN computing device, wherein the CDN computing device uses the plurality of CDN cache keys to store the plurality of certificate validity messages in the cache. 8. Non-transitory computer-readable storage media storing instructions, which, when executed by one or more processors of a certificate authority (CA) computing device separate from a content delivery network (CDN) computing device, cause the one or more processors to: generate a plurality of certificate validity messages; identify a CDN cache key algorithm corresponding to a cache of the CDN computing device; generate a plurality of CDN cache keys using the CDN cache key algorithm; and transmit, to the CDN computing device, at least one certificate validity message of the plurality of certificate validity messages and at least one CDN cache key of the plurality of CDN cache keys, wherein the CDN computing device uses the at least one CDN cache key to store the at least one certificate validity message in the cache. 9. The non-transitory computer-readable storage media of claim 8 , wherein the instructions further cause the one or more processors to identify a set of certificate validity messages that expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificate validity messages. 10. The non-transitory computer-readable storage media of claim 8 , wherein the instructions further cause the one or more processors to identify a set of certificates that at least one of have been revoked or expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 11. The non-transitory computer-readable storage media of claim 8 , wherein the instructions further cause the one or more processors to identify a set of certificates for which a respective status has been requested by one or more client computing devices at least a threshold number of times, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 12. The non-transitory computer-readable storage media of claim 8 , wherein, to identify the CDN cache key algorithm, the instructions further cause the one or more processors to: receive the CDN cache key algorithm from the CDN computing device. 13. The non-transitory computer-readable storage media of claim 8 , wherein each of the plurality of certificate validity messages is an online certificate status protocol (OCSP) response. 14. The non-transitory computer-readable storage media of claim 8 , wherein the instructions further cause the one or more processors to transmit, to the CDN computing device, the plurality of certificate validity messages and the plurality of CDN cache keys to the CDN computing device, wherein the CDN computing device uses the plurality of CDN cache keys to store the plurality of certificate validity messages in the cache. 15. A system, comprising: one or more processors of a certificate authority (CA) computing device that is separate from a content delivery network (CDN) computing device, the one or more processors configured to: generate a plurality of certificate validity messages; identify a CDN cache key algorithm corresponding to a cache of the CDN computing device; generate a plurality of CDN cache keys using the CDN cache key algorithm; and transmit, to the CDN computing device, at least one certificate validity message of the plurality of certificate validity messages and at least one CDN cache key of the plurality of CDN cache keys, wherein the CDN computing device uses the at least one CDN cache key to store the at least one certificate validity message in the cache. 16. The system of claim 15 , wherein the one or more processors are further configured to identify a set of certificate validity messages that expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificate validity messages. 17. The system of claim 15 , wherein the one or more processors are further configured to identify a set of certificates that at least one of have been revoked or expire within a certain time period, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 18. The system of claim 15 , wherein the one or more processors are further configured to identify a set of certificates for which a respective status has been requested by one or more client computing devices at least a threshold number of times, wherein the plurality of certificate validity messages is generated based at least in part on the set of certificates. 19. The system of claim 15 , wherein to identify the CDN cache key algorithm, the one or more processors are configured to: receive the CDN cache key algorithm from the CDN computing device. 20. The system of claim 15 , wherein each of the plurality of certificate validity messages is an online certificate status

Assignees

Digicert Inc

Inventors

Classifications

H04L67/568
Storing data temporarily at an intermediate stage, e.g. caching · CPC title
H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L9/3268
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
H04L63/04
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
H04L67/2842
Electricity · mapped topic

Patent family

Related publications grouped by family.

View patent family 52777926

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11212274B2 cover?: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certif…
Who is the assignee on this patent?: Digicert Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).