Certificate evaluation for certificate authority reputation advising

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anooshiravan Saboori · Seattle, US
• Muhammad Umar Janjua · Bellevue, US
• Nelly Porter · Kirkland, US
• Philip J. Hallin · Port Townsend, US
• Haitao Li · Dongguan, CN
• Xiaohong Su · Issaquah, US
• Kelvin Yiu · Bellevue, US
• Anthony Penta · Bellevue, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0823
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In many information security scenarios, a certificate issued by a certificate authority on behalf of a domain is presented to a client in order to verify the identity of the domain. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult for an individual client to determine. Presented herein are techniques for advising clients of the trustworthiness of respective certificate authorities by evaluating the certificates issued by such certificate authorities for suspicious indicators, such as hashcode collisions with other certificates and public key re-use. A trust level may be identified of respective certificate authorities according to the presence or absence of suspicious indicators in the certificates issued by the certificate authority, and a certificate authority trust set may be distributed to advise clients of the trustworthiness of certificates issued by the respective certificate authorities.