Secure connection certificate verification
US-9300656-B2 · Mar 29, 2016 · US
Secure connection certificate verification
US9602291B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9602291-B2 |
| Application number | US-201514728092-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 2, 2015 |
| Priority date | Aug 21, 2014 |
| Publication date | Mar 21, 2017 |
| Grant date | Mar 21, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the second certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for determining a policy action for a connection in which certificates are utilized in a secure network connection, the method comprising: identifying, by one or more computer processors, a first certificate that is used to establish a secure Internet connection; identifying, by one or more computer processors, a stored second certificate that shares at least one attribute with the first certificate, wherein identifying a stored second certificate includes comparing one or more attributes of the first certificate with one or more attributes from each stored certificate from a plurality of stored certificates; and determining, by one or more computer processors, a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the stored second certificate. 2. The method of claim 1 , further comprising: executing, by one or more computer processors, the determined policy action on a client computing device. 3. The method of claim 1 , wherein identifying a first certificate that is used to establish a secure Internet connection comprises: identifying, by one or more computer processors, a certificate that is utilized to establish a secure Internet connection via deep-packet inspection; and storing, by one or more computer processors, the identified certificate in a storage device. 4. The method of claim 1 , wherein the secure Internet connection is one or both of a cryptographic protocol, or an encryption protocol, wherein the one or both of the cryptographic protocol, or the encryption protocol, is one or more of a secure socket layer connection, or a transport layer security. 5. The method of claim 1 , wherein the stored second certificate is located in a database that is at least in part managed by an in-line computing device. 6. The method of claim 1 , wherein determining the policy action occurs after the secure Internet connection has been established. 7. The method of claim 1 , wherein determining, by one or more computer processors, a policy action based, at least in part, on a result of a comparison between an attribute of the first certificate and an attribute of the stored second certificate comprises: determining, by one or more computer processors, that a type of attribute of the first certificate includes content that is different than a content of a same type of attribute of the second certificate; and executing, by one or more computer processors, the policy action based, at least in part, on a difference in the content of the type of attribute of the first certificate and the content of the same type of attribute of the second certificate. 8. The method of claim 5 , wherein the stored second certificate was received during the establishment of a previous secure Internet connection.
Assignees
Inventors
Classifications
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L9/3263Primary
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9602291B2 cover?
- One or more computer processors identify a first certificate that is used to establish a secure Internet connection. One or more computer processors identify a stored second certificate that shares at least one attribute with the first certificate. One or more computer processors determine a policy action based, at least in part, on a result of a comparison between an attribute of the first cer…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).