Server authentication using multiple authentication chains
US10171452B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 31, 2016 |
| Grant date | Jan 1, 2019 |
| Priority date | — |
| Expiry date | Oct 8, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/0823
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A client seeking to establish a cryptographically-secure channel to a server has an associated public key acceptance policy. The policy specifies a required number of certificates that must be associated with the server's public key, as well as one or more conditions associated with those certificates, that must be met before the client “accepts” the server's public key. The one or more conditions typically comprise a trust function that must be satisfied before a threshold level of trust of the client is met. A representative public key acceptance policy would be that certificate chains for the public key are valid and non-overlapping with different root CAs, and that some configurable number of those chains be present. The technique may be implemented within the context of an existing client-server SSL/TLS handshake.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.