logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9553732 B1

PDFFull Text
Date of Patent:
Jan. 24, 2017

Filed:

Aug. 01, 2014

Certificate evaluation for certificate authority reputation advising

Applicant:

Microsoft Corporation, Redmond, WA (US);

Inventors:

Anooshiravan Saboori, Seattle, WA (US);

Muhammad Umar Janjua, Bellevue, WA (US);

Nelly Porter, Kirkland, WA (US);

Philip Hallin, Port Townsend, WA (US);

Haitao Li, Sammamish, WA (US);

Xiaohong Su, Sammamish, WA (US);

Kelvin Yiu, Bellevue, WA (US);

Anthony Paul Penta, Bellevue, WA (US);

Assignee:

Microsoft Technology Licensing LLC, Redmond, WA (US);

Attorneys:

Timothy Churna

Judy Yee

Sandip Minhas

Primary Examiner:

Edward Zee

Int. Cl.
CPC ...
H04L 29/06 (2006.01); H04L 9/32 (2006.01);
U.S. Cl.
CPC ...
H04L 9/3268 (2013.01); H04L 9/321 (2013.01); H04L 9/3263 (2013.01); H04L 9/3265 (2013.01); H04L 63/0823 (2013.01);
Abstract

In many information security scenarios, a certificate issued by a certificate authority on behalf of a domain is presented to a client in order to verify the identity of the domain. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult for an individual client to determine. Presented herein are techniques for advising clients of the trustworthiness of respective certificate authorities by evaluating the certificates issued by such certificate authorities for suspicious indicators, such as hashcode collisions with other certificates and public key re-use. A trust level may be identified of respective certificate authorities according to the presence or absence of suspicious indicators in the certificates issued by the certificate authority, and a certificate authority trust set may be distributed to advise clients of the trustworthiness of certificates issued by the respective certificate authorities.

Find Patent Forward Citations

Loading…