What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 06 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Accelerating OCSP responses via content delivery network collaboration

US9887982B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9887982-B2
Application number	US-201314050245-A
Country	US
Kind code	B2
Filing date	Oct 9, 2013
Priority date	Oct 9, 2013
Publication date	Feb 6, 2018
Grant date	Feb 6, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method for distributing certificate validity messages to a content delivery network (CDN), the method comprising: identifying, via a processor, a set of certificate validity messages to update; generating, for each certificate validity message in the set, an updated certificate validity message to replace each certificate validity message; pre-generating, for each updated certificate validity message at a certificate authority (CA) server separate from the CDN, an associated cache key before generation of the associated cache key at the CDN; and sending the updated certificate validity messages and associated cache keys to the CDN to enable the CDN to use the associated cache keys to store the updated certificate validity messages into a cache without generating the associated cache keys at the CDN. 2. The method of claim 1 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 3. The method of claim 1 , wherein identifying the set of certificate validity messages to update comprises: receiving a cache utilization measure from the CDN; identifying, from the cache utilization measure, a distribution of requests for a plurality of certificates; and selecting the set of certificate validity messages based on the distribution. 4. The method of claim 3 , further comprising, upon the CDN receiving a request from a relying party for certificate validity message not stored in the cache, sending the request to the CA server. 5. The method of claim 1 , wherein the cache key is generated using a key generation algorithm used by the CDN. 6. The method of claim 1 , wherein the CDN sends a corresponding certificate status validity message to a relying party upon receiving a request from the relying party. 7. The method of claim 1 , wherein the CDN stores the updated certificate validity messages in the cache. 8. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, perform an operation for distributing certificate validity messages to a content delivery network (CDN), the operation comprising: identifying, via the processor, a set of certificate validity messages to update; generating, for each certificate validity message in the set, an updated certificate validity message to replace each certificate validity message; pre-generating, for each updated certificate validity message at a certificate authority (CA) server separate from the CDN, an associated cache key before generation of the associated cache key at the CDN; and sending the updated certificate validity messages and associated cache keys to the CDN to enable the CDN to use the associated cache keys to store the updated certificate validity messages into a cache without generating the associated cache keys at the CDN. 9. The computer-readable storage medium of claim 8 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 10. The computer-readable storage medium of claim 8 , wherein identifying the set of certificate validity messages to update comprises: receiving a cache utilization measure from the CDN; identifying, from the cache utilization measure, a distribution of requests for a plurality of certificates; and selecting the set of certificate validity messages based on the distribution. 11. The computer-readable storage medium of claim 10 , wherein the operation further comprises, upon the CDN receiving a request from a relying party for certificate validity message not stored in the cache, sending the request to the CA server. 12. The computer-readable storage medium of claim 8 , wherein the cache key is generated using a key generation algorithm used by the CDN. 13. The computer-readable storage medium of claim 8 , wherein the CDN sends a corresponding certificate status validity message to a relying party upon receiving a request from the relying party. 14. The computer-readable storage medium of claim 8 , wherein the CDN stores the updated certificate validity messages in the cache. 15. A system, comprising: a processor and a memory hosting an application, which, when executed on the processor, performs an operation for distributing certificate validity messages to a content delivery network (CDN), the operation comprising: identifying, via the processor, a set of certificate validity messages to update; generating, for each certificate validity message in the set, an updated certificate validity message to replace each certificate validity message; pre-generating, for each updated certificate validity message at a certificate authority (CA) server separate from the CDN, an associated cache key before generation of the associated cache key at the CDN; and sending the updated certificate validity messages and associated cache keys to the CDN to enable the CDN to use the associated cache keys to store the updated certificate validity messages into a cache without generating the associated cache keys at the CDN. 16. The system of claim 15 , wherein the certificate validity message is an online certificate status protocol (OCSP) response. 17. The system of claim 15 , wherein identifying the set of certificate validity messages to update comprises: receiving a cache utilization measure from the CDN; identifying, from the cache utilization measure, a distribution of requests for a plurality of certificates; and selecting the set of certificate validity messages based on the distribution. 18. The system of claim 17 , wherein the operation further comprises, upon the CDN receiving a request from a relying party for certificate validity message not stored in the cache, sending the request to the CA server. 19. The system of claim 15 , wherein the cache key is generated using a key generation algorithm used by the CDN. 20. The system of claim 15 , wherein the CDN sends a corresponding certificate status validity message to a relying party upon receiving a request from the relying party. 21. The system of claim 15 , wherein the CDN stores the updated certificate validity messages in the cache.

Assignees

Digicert Inc

Inventors

Classifications

H04L9/3268
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/04
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
H04L67/2842
Electricity · mapped topic
H04L67/568
Storing data temporarily at an intermediate stage, e.g. caching · CPC title

Patent family

Related publications grouped by family.

View patent family 52777926

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9887982B2 cover?: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certif…
Who is the assignee on this patent?: Digicert Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 06 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).