Deployment of a Custom Address to a Remotely Managed Computational Instance
US-2019116153-A1 · Apr 18, 2019 · US
Customizable certificate validation policy
US11973805B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11973805-B2 |
| Application number | US-202117459896-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 27, 2021 |
| Priority date | Jan 20, 2021 |
| Publication date | Apr 30, 2024 |
| Grant date | Apr 30, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Specifications of digital certificate validation security policies for a server within an intranet environment are received. A first one of the policies is specified to be applied for an intranet network connection and a second for a network connection outside the intranet. Each of the first and second policies includes a plurality of different configurable individual settings to enable or disable corresponding individual components of a plurality of different component digital certificate validation checks. A determination is made to establish a connection with a network destination and a digital certificate from the destination is received. One of the policies to apply for the connection is identified. For each of the plurality of the different component checks, a determination is made based on the identified policy whether to perform the component check for the received certificate. Any of the plurality of the different component checks determined to be performed are performed.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving specifications of digital certificate validation security policies for a server within an intranet environment, where a first one of the digital certificate validation security policies is specified to be applied for a network connection within the intranet environment and a second one of the digital certificate validation security policies is specified to be applied for a network connection to a destination outside the intranet environment, and each of the first and second digital certificate validation security policies includes a plurality of different configurable individual settings to enable or disable corresponding individual components of a plurality of different component digital certificate validation checks including a first individually configurable setting included in the plurality of different configurable individual settings to enable or disable a hostname validation check and a second individually configurable setting included in the plurality of different configurable individual settings to enable or disable a certificate chain validation check; determining to establish a connection with a network destination; receiving a digital certificate from the network destination; identifying at least one of the digital certificate validation security policies to apply for the connection; for each of the plurality of different component digital certificate validation checks, determining based on the identified digital certificate validation security policy for the connection whether to perform the component digital certificate validation check for the received digital certificate; and performing any of the plurality of different component digital certificate validation checks determined to be performed. 2. The method of claim 1 , wherein versions of the specifications of the digital certificate validation security policies are stored in a cloud-based datastore and provided to the server within the intranet environment. 3. The method of claim 2 , wherein the cloud-based datastore is utilized by a cloud-based application service, and wherein the cloud-based application service provides a graphical user interface for configuring the specifications of the digital certificate validation security policies. 4. The method of claim 3 , further comprising updating the specifications of the digital certificate validation security policies for the server within the intranet environment based on an update to the versions of the specifications of the digital certificate validation security policies stored in the cloud-based datastore. 5. The method of claim 3 , wherein the specifications of the digital certificate validation security policies for the server within the intranet environment specify a third one of the digital certificate validation security policies to be applied for a network connection to the cloud-based application service. 6. The method of claim 5 , wherein the specifications of the digital certificate validation security policies for the server within the intranet environment specify a fourth one of the digital certificate validation security policies to be applied for a network connection to an external application service different from the cloud-based application service. 7. The method of claim 6 , wherein the first and fourth digital certificate validation security policies each specify a different group of network endpoints. 8. The method of claim 6 , wherein the second and fourth digital certificate validation security policies each specify a different group of network endpoints. 9. The method of claim 3 , wherein the specifications of the digital certificate validation security policies for the server within the intranet environment specify a third one of the digital certificate validation security policies to be applied for a second network connection to a second destination outside the intranet environment, and the third one of the digital certificate validation security policies specifies a fallback digital certificate validation security policy. 10. The method of claim 3 , wherein the specifications of the digital certificate validation security policies for the server within the intranet environment specify a third one of the digital certificate validation security policies, the third one of the digital certificate validation security policies specifying a fallback digital certificate validation security policy, and wherein the fallback digital certificate validation security policy corresponds to the second one of the digital certificate validation security policies. 11. A system, comprising: one or more processors; a network communication interface, wherein the network communication interface is connected to an intranet environment; and a memory coupled to the one or more processors, wherein the memory is configured to provide the one or more processors with instructions which when executed cause the one or more processors to: receive specifications of digital certificate validation security policies, where a first one of the digital certificate validation security policies is specified to be applied for a network connection within the intranet environment and a second one of the digital certificate validation security policies is specified to be applied for a network connection to a destination outside the intranet environment, and each of the first and second digital certificate validation security policies includes a plurality of different configurable individual settings to enable or disable corresponding individual components of a plurality of different component digital certificate validation checks including a first individually configurable setting included in the plurality of different configurable individual settings to enable or disable a hostname validation check and a second individually configurable setting included in the plurality of different configurable individual settings to enable or disable a certificate chain validation check; determine to establish a connection with a network destination; receive a digital certificate from the network destination; identify at least one of the digital certificate validation security policies to apply for the connection; for each of the plurality of different component digital certificate validation checks, determine based on the identified digital certificate validation security policy for the connection whether to perform the component digital certificate validation check for the received digital certificate; and perform any of the plurality of different component digital certificate validation checks determined to be performed. 12. The system of claim 11 , wherein versions of the specifications of the digital certificate validation security policies are stored in a cloud-based datastore. 13. The system of claim 12 , wherein the cloud-based datastore is utilized by a cloud-based application service, and wherein the cloud-based application service provides a graphical user interface for configuring the specifications of the digital certificate validation security policies. 14. The system of claim 13 , wherein the memory is further configured to provide the one or more processors with instructions which when executed cause the one or more processors to: update the specifications of the digital certificate validation security policies based on an update to the versions of the specifications of the digital certificate validation security policies stored in the cloud-based datastore. 15. The system of claim 13 wherein the specifications of the digital certificate validation secur
Assignees
Inventors
Classifications
- H04L9/3265Primary
using certificate chains, trees or paths; Hierarchical trust model · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11973805B2 cover?
- Specifications of digital certificate validation security policies for a server within an intranet environment are received. A first one of the policies is specified to be applied for an intranet network connection and a second for a network connection outside the intranet. Each of the first and second policies includes a plurality of different configurable individual settings to enable or disa…
- Who is the assignee on this patent?
- Servicenow Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3265. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 30 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).