Advising clients about certificate authority trust

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anooshiravan Saboori · Seattle, US
• Muhammad Umar Janjua · Bellevue, US
• Nelly Porter · Kirkland, US
• Philip J. Hallin · Port Townsend, US
• Haitao Li · Dongguan, CN
• Xiaohong Su · Issaquah, US
• Kelvin Yiu · Bellevue, US
• Anthony Penta · Bellevue, US
• Vassil Dimitrov Bakalov · Redmond, US
• Bryston Nitta · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0823
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In many information security scenarios, a certificate issued by a certificate authority may be presented to a client in order to assert a trust level of a certificated item, such as a message or a web page. However, due to a decentralized structure and incomplete coordination among certificate authorities, the presence and exploitation of security vulnerabilities to issue untrustworthy certificates may be difficult to determine, particularly for an individual client. Presented herein are techniques for advising clients of the reputations of respective certificate authorities by evaluating the certificates issued by such certificate authorities, such as the number and types of domains certified by the certificate; the number and pattern of certificates issued for the domain; and the certification techniques used to issue the certificates. Such evaluation enables a determination of a certificate authority trust level that may be distributed to the clients in a certificate authority trust set.