Using a fraud metric for provisioning of digital certificates
US-9215231-B1 · Dec 15, 2015 · US
Validation for requests
US9769153B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9769153-B1 |
| Application number | US-201514821477-A |
| Country | US |
| Kind code | B1 |
| Filing date | Aug 7, 2015 |
| Priority date | Aug 7, 2015 |
| Publication date | Sep 19, 2017 |
| Grant date | Sep 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. A customer can submit a request and receive a request token. The customer can generate a cryptographic hash of the request using the token, which a service provider can compare against an expected hash similarly generated. If the hashes match, an action can be taken such as a certificate issued. A customer can request one or more request tokens up front, whereby the tokens can be used to submit hashes with requests at the appropriate time. In some embodiments a customer can submit a request specifying one or more domains, and a service provider can provide a list of confirmatory email addresses from which the customer can select. The service provider can then send a message to that address that include a link for requesting a certificate.
First claim
Opening claim text (preview).
What is claimed is: 1. A system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to: receive, to a certificate authority, a certificate signing request, the certificate signing request identifying a customer and information about an application associated with the certificate signing request, the application configured to perform a task requiring verification of control over a specified domain by the customer; provide, to the customer, a request key, the customer instructed to use the request key to place a customer hash in domain name service information associated with the specified domain; generate a cryptographic hash of at least a portion of the certificate signing request using the request key; obtain the customer hash from the domain name service information, the customer hash generated using the portion of the certificate signing request and the request key; verify that the generated cryptographic hash matches the customer hash; and issue the certificate for the customer with respect to the specified domain. 2. The system of claim 1 , wherein the instructions when executed further cause the system to: receive, before receiving the certificate signing request, a request for at least one request key, the request for the at least one request key not specifying information about the application or the domain; and provide the request key to the customer before the certificate signing request is received. 3. The system of claim 2 , wherein the instructions when executed further cause the system to: receive a plurality of certificate signing requests, wherein a respective customer hash for each request of the plurality of certificate signing requests is generated using a single request key or unique request key received from the certificate authority. 4. The system of claim 1 , wherein the customer hash is a keyed hash-based message authentication code (HMAC) with an entire content of the certificate singing request used to generate the customer hash. 5. A computer-implemented method, comprising: receive, to a service provider, a request identifying a customer and information about an application associated with the request, the application configured to perform a task requiring verification of control over a specified domain by the customer; provide, to the customer, a request token, the customer instructed to use the request token to place a customer hash in domain name service information associated with the specified domain; generate a cryptographic hash of at least a portion of the request using the request token; obtain the customer hash from the domain name service information, the customer hash generated using the portion of the request and the request token; verify that the generated cryptographic hash matches the customer hash to authenticate an identity of the customer; and perform an action for the customer with respect to the specified domain, the action enabling the task to be performed by the application in response to the identity being authenticated. 6. The computer-implemented method of claim 5 , further comprising: generating the request token, the request token including at least one of a random string, a string generated based on information about the customer, a string generated based on information about the application, a password, or a key. 7. The computer-implemented method of claim 5 , further comprising: receiving, before receiving the request, a previous request for at least one request token, the previous request for the at least one request token not specifying information about the application or the domain; and providing the request token to the customer before the request is received. 8. The computer-implemented method of claim 7 , wherein the previous request is a certificate signing request that does not include information about the domain. 9. The computer-implemented method of claim 7 , further comprising: receiving a plurality of requests, wherein a respective customer hash for each request of the plurality of requests is generated using a single request token or respective unique request token received from the service provider. 10. The computer-implemented method of claim 9 , wherein at least a subset of the plurality of requests is received from a third party user associated with the customer. 11. The computer-implemented method of claim 5 , wherein the task requiring verification of control over the specified domain by the customer includes at least one of establishing an email address associated with the domain or sending a message indicating the sender as associated with the email address associated with the domain.
Assignees
Inventors
Classifications
using cryptographic hash functions · CPC title
involving a third party or a trusted authority · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9769153B1 cover?
- A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. A customer can submit a request and receive a request token. The customer can generate a cryptographic hash of the request using the token, which a service provider can compare against an expected hash similarly generated. If the hashes match, an action can be taken suc…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).