-
公开(公告)号:US20240333498A1
公开(公告)日:2024-10-03
申请号:US18192179
申请日:2023-03-29
申请人: DigiCert, Inc.
发明人: Jason Allen Sabin
IPC分类号: H04L9/08
CPC分类号: H04L9/0894 , H04L9/0816
摘要: Systems and methods for automated repositioning of secrets to a secure location include, responsive to detection of one or more secrets and corresponding storage locations of the one or more secrets, analyzing the corresponding storage locations with respect to policy for the one or more secrets; and, responsive to any of the one or more secrets being stored in a less secure location than the policy, automatically repositioning the any of the one or more secrets to a secure location and reconfiguring any service utilizing the any of the one or more secrets to update to the secure location. The one or more secrets include any of a password, a private key, an Application Programming Interface (API) key, a Secure Shell (SSH) key, a token, a certificate, and a credential.
-
公开(公告)号:US11924193B2
公开(公告)日:2024-03-05
申请号:US17559873
申请日:2021-12-22
申请人: DigiCert, Inc.
发明人: Richard F. Andrews , Quentin Liu
IPC分类号: H04L9/40 , H04L9/32 , H04L67/568
CPC分类号: H04L63/0823 , H04L9/3268 , H04L63/04 , H04L67/568
摘要: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.
-
公开(公告)号:US20230344650A1
公开(公告)日:2023-10-26
申请号:US17660130
申请日:2022-04-21
申请人: DigiCert, Inc.
发明人: Avesta Hojjati
CPC分类号: H04L9/3268 , H04L9/3247 , H04L9/3239 , H04L9/50
摘要: Features are disclosed for the validation of an image and the verification of the validation of a validated image. A computing device can receive a request to validate an image. The computing device can validate the image and generate a validated image. The computing device may embed a signed token in the validated image. The signed token may include a digital certificate associated with a publisher of the image, a hash of a portion of the image, and metadata associated with the image. The computing device may store the hash of the portion of the image on a blockchain and provide the validated image. A client computing device may verify the validation of the validated image using the digital certificate, the hash of the portion of the image stored in the signed token, the hash of the portion of the image stored on the blockchain, and the metadata.
-
公开(公告)号:US11595217B2
公开(公告)日:2023-02-28
申请号:US16696034
申请日:2019-11-26
申请人: DigiCert, Inc.
IPC分类号: H04L9/32
摘要: For zero-touch provisioning of devices at scale using device configuration templates by device type, a secure element, a provisioning wizard, a provisioning client, an enrollment client, an update client, an enrollment service, an update publisher service, signing and encryption certificates, a method including generating device configuration templates for enrollment and update by device type, sending device configuration templates signed with a device owner signing certificate, and a device owner encryption certificate to the device manufacturer, generating a device configuration for a device based on the device configuration templates using a secure element on the device for immutable device identity, an extended configuration for the device, signing the device configuration with a device manufacturer signing certificate and a secure element signing certificate, encrypting the doubly signed device configuration with an owner encryption certificate, configuring bootstrap metadata, and configuring the device provisioning client to autostart at power-on for device enrollment and update.
-
公开(公告)号:US20210211308A1
公开(公告)日:2021-07-08
申请号:US17146174
申请日:2021-01-11
申请人: DigiCert, Inc.
发明人: Hari Veladanda , Hoa Ly , Ning Chai
摘要: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.
-
公开(公告)号:US20210056198A1
公开(公告)日:2021-02-25
申请号:US17094617
申请日:2020-11-10
申请人: Digicert, Inc.
发明人: Wade Johnathon Choules , Darin Scott Andrew , Ricky Eldon Roos , Jason Allen Sabin , Daniel Robert Timpson
摘要: A method, system and apparatus for requesting a plurality of credentials from a trusted entity. A local validation device (LVD) receives a credential request or an identifier from each of a plurality of user devices. The LVD generates or compiles a bundle of credential requests corresponding to the plurality of user devices. The LVD transmits the bundle of credentials requests to the MVD. The MVD receives the bundle of request and performs a validation for each request in the bundle and then communicates the credentials and/or the results of the validations to the LVD. The LVD communicates credentials to each of the plurality of user devices. In some cases, the LVD performs the validation for each credential request. For instance, the LVD can receive a local enforcement policy from the MVD, which can provide instructions or guidance to the LVD as to how to perform the validations.
-
公开(公告)号:US10911246B2
公开(公告)日:2021-02-02
申请号:US15851562
申请日:2017-12-21
申请人: DigiCert, Inc.
发明人: Hari Veladanda , Hoa Ly , Ning Chai
摘要: Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.
-
公开(公告)号:US10326755B2
公开(公告)日:2019-06-18
申请号:US15851438
申请日:2017-12-21
申请人: DigiCert, Inc.
发明人: Kokil Bhalerao
IPC分类号: H04L29/06
摘要: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.
-
公开(公告)号:US09900157B2
公开(公告)日:2018-02-20
申请号:US13965184
申请日:2013-08-12
申请人: DigiCert, Inc.
发明人: Jason Allen Sabin
CPC分类号: H04L9/3247 , G06F9/45558 , H04L9/0894
摘要: A system and method for digitally signing an object. An object signing agent sends a signing request for an object to remote signing server, which, in response to receiving the request, generates a virtual machine executing code for signing the object. The object is signed within the virtual machine and returned to the object signing agent.
-
公开(公告)号:US20170026177A1
公开(公告)日:2017-01-26
申请号:US15200682
申请日:2016-07-01
申请人: DigiCert, Inc.
发明人: Jared Pilcher
摘要: By implementing a mutable certificates approach, a server to which a digital certificate has been issued may update one or more certificate fields without the need for a new certificate or other intervention from the issuing certificate authority. A certificate authority uses extensions to identify fields that a server may update, and to identify a set or range of allowable values for those fields. A server may use the extensions to identify one or more fields to be updated, and the values to which those fields should be updated. The server may sign those field values with its private key. A client, upon receiving a digital certificate from a server with fields for updating, validates the field values using the server's public key, and then proceeds to update the certificate field values.
摘要翻译: 通过实施可变证书方法,已经发出数字证书的服务器可以更新一个或多个证书字段,而不需要来自发证认证机构的新证书或其他干预。 证书颁发机构使用扩展来标识服务器可能更新的字段,并标识这些字段的一组或多个允许值。 服务器可以使用扩展来标识要更新的一个或多个字段,以及应更新这些字段的值。 服务器可以使用其私钥对这些字段值进行签名。 客户端在从具有更新字段的服务器接收到数字证书时,将使用服务器的公钥验证字段值,然后继续更新证书字段值。
-
-
-
-
-
-
-
-
-
搜索结果
73 条记录 (耗时 0.027 秒)
