Attesting control over network devices
US-2022052859-A1 · Feb 17, 2022 · US
Certificate based security using post quantum cryptography
US11716206B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11716206-B2 |
| Application number | US-202017086510-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 2, 2020 |
| Priority date | Nov 2, 2020 |
| Publication date | Aug 1, 2023 |
| Grant date | Aug 1, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Establishing secure communications by sending a server certificate message, the certificate message including a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other, signing a first message associated with client-server communications using a first private key, the first private key associated with the first certificate, signing a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the signed first message, and sending a server certificate verify message, the server certificate verify message comprising the signed first message and the signed second message.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer implemented method for establishing secure network communications, the method comprising: sending, by one or more server computer processors, a server certificate message in response to a client hello message, the certificate message comprising a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other; signing, by the one or more server computer processors, a first message associated with client-server communications using a first private key, the first private key associated with the first certificate; signing, by the one or more server computer processors, a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the first message; sending, by the one or more server computer processors in response to receiving the client hello message, a server certificate verify message, the server certificate verify message comprising the first message and the second message; receiving, by the one or more server computer processors, a client certificate message in response to the server hello message, the client certificate message comprising a third certificate associated with the first encryption algorithm and a fourth certificate associated with the second encryption algorithm, the third certificate and fourth certificate bound to each other; and receiving, by the one or more server computer processors, a client certificate verify message, the client certificate verify message comprising a third message associated with client-server communications signed using a third private key, the third private key associated with the third certificate, and a fourth message associated with the client-server communications signed using a fourth private key, the fourth private key associated with the fourth certificate, the fourth message including the third message. 2. The computer implemented method according to claim 1 , wherein the first encryption algorithm comprises a lattice-based encryption algorithm. 3. The computer implemented method according to claim 1 , wherein the first message comprises a transcript of client-server messaging. 4. The computer implemented method according to claim 1 , wherein the first certificate and the second certificate have an identical subject name. 5. The computer implemented method according to claim 1 , wherein an attribute of the second certificate comprises a hashed value of the first certificate. 6. The computer implemented method according to claim 1 , further comprising sending, by the one or more server computer processors, data encrypted using the first encryption algorithm. 7. A computer program product for establishing secure network communications, the computer program product comprising one or more computer readable storage devices and collectively stored program instructions on the one or more computer readable storage devices, the stored program instructions comprising: program instructions to send a server certificate message in response to a client hello message, the certificate message comprising a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other; program instructions to sign a first message associated with client-server communications using a first private key, the first private key associated with the first certificate; program instructions to sign a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the first message; program instructions to send, in response to receiving the client hello message, a server certificate verify message, the server certificate verify message comprising the first message and the second message; program instructions to receive a client certificate message in response to the server hello message, the client certificate message comprising a third certificate associated with the first encryption algorithm and a fourth certificate associated with the second encryption algorithm, the third certificate and fourth certificate bound to each other; and program instructions to receive a client certificate verify message, the client certificate verify message comprising a third message associated with client-server communications signed using a third private key, the third private key associated with the third certificate, and a fourth message associated with the client-server communications signed using a fourth private key, the fourth private key associated with the fourth certificate, the fourth message including the third message. 8. The computer program product according to claim 7 , wherein the first encryption algorithm comprises a lattice-based encryption algorithm. 9. The computer program product according to claim 7 , wherein the first message comprises a transcript of client-server messaging. 10. The computer program product according to claim 7 , wherein the first certificate and the second certificate have an identical subject name. 11. The computer program product according to claim 7 , wherein an attribute of the second certificate comprises a hashed value of the first certificate. 12. The computer program product according to claim 7 , the stored program instructions further comprising program instructions to send data encrypted using the first encryption algorithm. 13. A computer system for establishing secure network communications, the computer system comprising: one or more computer processors; one or more computer readable storage devices; and stored program instructions on the one or more computer readable storage devices for execution by the one or more computer processors, the stored program instructions comprising: program instructions to send a server certificate message in response to a client hello message, the certificate message comprising a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other; program instructions to sign a first message associated with client-server communications using a first private key, the first private key associated with the first certificate; program instructions to sign a second message associated with the client-server communications using a second private key, the second private key associated with the second certificate, the second message including the first message; program instructions to send, in response to receiving the client hello message, a server certificate verify message, the server certificate verify message comprising the first message and the second message; program instructions to receive a client certificate message in response to the server hello message, the client certificate message comprising a third certificate associated with the first encryption algorithm and a fourth certificate associated with the second encryption algorithm, the third certificate and fourth certificate bound to each other; and program instructions to receive a client certificate verify message, the client certificate verify message comprising a third message associated with client-server communications signed using a third private key, the third private key associated with the third certificate, and a fourth message assoc
Assignees
Inventors
Classifications
- H04L63/166Primary
at the transport layer · CPC title
involving digital signatures · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
using certificate chains, trees or paths; Hierarchical trust model · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11716206B2 cover?
- Establishing secure communications by sending a server certificate message, the certificate message including a first certificate associated with a first encryption algorithm and a second certificate associated with a second encryption algorithm, the first certificate and second certificate bound to each other, signing a first message associated with client-server communications using a first p…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/166. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 01 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).