Advising clients about certificate authority trust
US-2016036593-A1 · Feb 4, 2016 · US
Method and system for certificate discovery and ranking certificate authorities
US9479338B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9479338-B2 |
| Application number | US-201514659889-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 17, 2015 |
| Priority date | Mar 17, 2015 |
| Publication date | Oct 25, 2016 |
| Grant date | Oct 25, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Certificate detectors scan a network for certificate resource information and send the information to a certificate database. A correlation engine extracts and correlates this information. A ranker uses the information about the certificates and certificate authorities to generate and provide a security score and/or ranking. A requester may view the certificate ranking and/or and certificate authority ranking after passing a domain validation authorization. An Internet browser may obtain a security score and/or ranking for a certificate authority and, based on this information, may determine to trust or not trust some or all certificates issued by that certificate authority, or to require corroborating evidence before trusting a certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for determining trustworthiness of a certificate authority, comprising: obtaining a security score for the certificate authority, comprising; obtaining certificate resource information from one or more networks; analyzing the certificate resource information; assigning a security score to the certificate authority based at least in part on the analysis of the certificate resource information; and relying, based on the security score, on a certificate issued by the certificate authority, comprising at least two of: determining to trust the certificate, based on the security score, for a set of some but not all websites; determining to trust the certificate, based on the security score, if a second certificate from a second certificate authority corroborates the certificate; and determining to trust the certificate, based on the security score, if no certificates from higher-ranked certificate authorities are available; wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, at least two of: that a domain from which the at least one certificate was received is a phishing attempt; that the certificate has internal names in the certificate's subject alternative name field; that the issuing certificate authority has received bad press. 2. The method of claim 1 , wherein the security score is a ranking for the certificate authority. 3. The method of claim 1 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, for a set of some but not all websites. 4. The method of claim 1 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, if a second certificate from a second certificate authority corroborates the certificate. 5. The method of claim 1 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, if no certificates from higher-ranked certificate authorities are available. 6. The method of claim 1 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, that a domain from which the at least one certificate was received is a phishing attempt. 7. The method of claim 1 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, that the issuing certificate authority has received bad press. 8. The method of claim 1 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, at least one of: that the domain from which the at least one certificate was received has received bad press; and that the owner of the domain has received bad press. 9. A computing device for determining trustworthiness of a certificate authority, the computing device comprising a processor and a memory, wherein the memory stores instructions that, when executed on the processor, cause the computing device to perform a method comprising: obtaining a security score for the certificate authority, comprising; obtaining certificate resource information from one or more networks; analyzing the certificate resource information; assigning a security score to the certificate authority based at least in part on the analysis of the certificate resource information; and relying, based on the security score, on a certificate issued by the certificate authority, comprising at least two of: determining to trust the certificate, based on the security score, for a set of some but not all websites; determining to trust the certificate, based on the security score, if a second certificate from a second certificate authority corroborates the certificate; and determining to trust the certificate, based on the security score, if no certificates from higher-ranked certificate authorities are available; wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, at least two of: that a domain from which the at least one certificate was received is a phishing attempt; that the certificate has internal names in the certificate's subject alternative name field; that the issuing certificate authority has received bad press that a that the issuing certificate authority has received bad press. 10. The computing device of claim 9 , wherein the security score is a ranking for the certificate authority. 11. The computing device of claim 9 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, for a set of some but not all websites. 12. The computing device of claim 9 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, if a second certificate from a second certificate authority corroborates the certificate. 13. The computing device of claim 9 , wherein relying, based on the security score, on a certificate issued by the certificate authority, comprises determining to trust the certificate, based on the security score, if no certificates from higher-ranked certificate authorities are available. 14. The computing device of claim 9 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, that a domain from which the at least one certificate was received is a phishing attempt. 15. The computing device of claim 9 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, that the issuing certificate authority has received bad press. 16. The computing device of claim 9 , wherein analyzing the certificate resource information comprises determining, for at least one certificate in the certificate resource information, at least one of: that the domain from which the at least one certificate was received has received bad press; and that the owner of the domain has received bad press. 17. A non-transitory computer-readable medium storing instructions that, when executed on a processor of a computing device, cause the computing device to perform a method for determining trustworthiness of a certificate authority, comprising: obtaining a security score for the certificate authority, comprising; obtaining certificate resource information from one or more networks; analyzing the certificate resource information; assigning a security score to the certificate authority based at least in part on the analysis of the certificate resource information; and relying, based on the security score, on a certificate issued by the certificate authority, comprising at least two of: determining to trust the certificate, based on the security score, for a set of some but not all websites; determining to trust the certificate, based on the security score, if a second certificate from a second certificate authority corroborates the certificate; and determining to trust th
Assignees
Inventors
Classifications
- H04L9/3263Primary
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving a third party or a trusted authority · CPC title
using a third party · CPC title
the source of the received data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9479338B2 cover?
- Certificate detectors scan a network for certificate resource information and send the information to a certificate database. A correlation engine extracts and correlates this information. A ranker uses the information about the certificates and certificate authorities to generate and provide a security score and/or ranking. A requester may view the certificate ranking and/or and certificate au…
- Who is the assignee on this patent?
- Digicert Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 25 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).