What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

On-demand security certificates for improved home router security

US11601288B1 · US · B1

Patent metadata
Field	Value
Publication number	US-11601288-B1
Application number	US-201916546788-A
Country	US
Kind code	B1
Filing date	Aug 21, 2019
Priority date	Aug 21, 2019
Publication date	Mar 7, 2023
Grant date	Mar 7, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A secure connection to a router web UI is provided. In one implementation, responsive to a client request to securely connect to a router web server (RWS), the RWS generates and sends a certificate signing request (CSR) to a remote-security certificate server (R-SCS). Upon validation of the RWS, the R-SCS signs and transmits a router web UI certificate (RWUIC) to the RWS to present to the client. In another implementation, the router includes a local-SCS (L-SCS) that periodically obtains a short-lived intermediate certification authority (ICA) certificate from the R-SCS. Responsive to a client request for secure access to the RWS, the RWS generates and sends a CSR to the L-SCS for the RWUIC. The L-SCS signs the RWUIC and passes the ICA certificate and RWUIC to the RWS, which presents the certificate(s) to the client. Upon validation of the certificate(s), a secure channel between the client and RWS is established.

First claim

Opening claim text (preview).

We claim: 1. A router device configured to provide secure access to a router web user interface, the router device comprising: at least one processor; a memory storage device including instructions that when executed by the at least one processor control the secure access to the router web user interface by a web browser of a client computing device without the web browser presenting a security warning notification, the instructions when executed to: receive a request from the web browser of the client computing device for a secure connection; receive a list of cipher suites supported by the web browser in order of preference from the client computing device; select a cipher and a hash function from the list; notify the client computing device of the cipher and the hash function; establish a transport layer security (TLS) connection with a remote security certificate server; generate a first certificate signing request for obtaining an intermediate certification authority certificate from the remote security certificate server; send the first certificate signing request to the remote security certificate server; receive a signed intermediate certification authority certificate from the remote security certificate server after the first certificate signing request is validated by the remote security certificate server; generate a second certificate signing request for obtaining a signed router web user interface security certificate locally at the router device; store the signed router web user interface security certificate locally at the router device after the second certificate signing request is validated locally at the router device; transmit a certificate chain to the web browser, the certificate chain comprising the signed router web user interface security certificate validated locally at the router device and the signed intermediate certification authority certificate validated by the remote security certificate server; when the certificate chain is validated by the web browser, establish the secure connection with the web browser; receive a request from the web browser for the router web user interface via the secure connection; and responsive to the request, provide the router web user interface to the web browser via the secure connection. 2. The router device of claim 1 , wherein the signed router web user interface security certificate includes a certificate with a unique root. 3. The router device of claim 2 , further comprising a root certification authority certificate for the remote security certificate server installed on the client computing device. 4. The router device of claim 1 , further configured to provide a public and a private key pair to the remote security certificate server as part of the first certificate signing request. 5. The router device of claim 4 , further configured to generate the first certificate signing request according to a predefined schedule. 6. The router device of claim 1 , further configured to provide the router web user interface to the web browser when the router device is off-line or on-line. 7. The router device of claim 1 , wherein the signed router web user interface security certificate is at least one of: a single use certificate; and a short-lived certificate. 8. The router device of claim 1 , further configured to provide unique identifying information associated with the router device to the remote security certificate server for verifying the router device. 9. The router device of claim 1 , wherein the first certificate signing request includes information associated with the web browser for configuring the signed router web user interface security certificate to be specific to a type of the web browser. 10. A method for providing secure access to a router web user interface without a web browser of a client computing device presenting a security warning notification, the method comprising: receiving a request from the web browser for a secure connection; receiving a list of cipher suites supported by the web browser in order of preference from the client computing device; selecting a cipher and a hash function from the list; notifying the client computing device of the cipher and the hash function; establishing a transport layer security (TLS) connection with a remote security certificate server; generating a first certificate signing request for obtaining an intermediate certification authority certificate from the remote security certificate server; sending the first certificate signing request to the remote security certificate server; receiving a signed intermediate certification authority certificate from the remote security certificate server after the first certificate signing request is validated by the remote security certificate server; generating a second certificate signing request for obtaining a signed router web user interface security certificate locally at the router device; storing the signed router web user interface security certificate locally at the router device after the second certificate signing request is validated locally at the router device; transmitting a certificate chain to the web browser, the certificate chain comprising the signed router web user interface security certificate validated locally at the router device and the signed intermediate certification authority certificate validated by the remote security certificate server; when the certificate chain is validated by the web browser, establishing the secure connection with the web browser; receiving a request from the web browser for the router web user interface via the secure connection; and responsive to the request, providing the router web user interface to the web browser via the secure connection. 11. The method of claim 10 , further comprising generating each certificate signing request locally at the router device. 12. The method of claim 10 , further comprising verifying the certificate chain to a root certification authority certificate for the remote security certificate server. 13. The method of claim 10 , further comprising: providing to the remote security certificate server at least one of: unique identifying information associated with the router device for verifying the identity of the router device; and a client security certificate issued by the remote security certificate server or a certification authority trusted by the remote security certificate server. 14. The method of claim 10 , further comprising obtaining the signed intermediate certification authority certificate according to a predefined schedule. 15. The method of claim 10 , wherein the first certificate signing request includes information associated with the web browser for configuring the signed router web user interface security certificate to be specific to a type of the web browser. 16. The method of claim 15 , wherein the information associated with the web browser comprises at least one of: the web browser type; an operating system type; a MAC address; an IP address; and a supported cipher suite. 17. A system comprising: a remote security certificate server; a computing device including a web browser; and a router device configured to control secure access to a router web user interface by the web browser without the web browser presenting a security warning notification, the router device to: receive a request from the web browser of the computing device for a secure connection; receive a list of cipher suites supported by the web browser in order of prefer

Assignees

Cox Communications Inc

Inventors

Classifications

H04L63/205
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L9/3265Primary
using certificate chains, trees or paths; Hierarchical trust model · CPC title
H04L9/3268
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
H04L9/50
using hash chains, e.g. blockchains or hash trees · CPC title

Patent family

Related publications grouped by family.

View patent family 85387014

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11601288B1 cover?: A secure connection to a router web UI is provided. In one implementation, responsive to a client request to securely connect to a router web server (RWS), the RWS generates and sends a certificate signing request (CSR) to a remote-security certificate server (R-SCS). Upon validation of the RWS, the R-SCS signs and transmits a router web UI certificate (RWUIC) to the RWS to present to the clien…
Who is the assignee on this patent?: Cox Communications Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 07 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).