公开(公告)号：US20140101442A1

公开(公告)日：2014-04-10

申请号：US14103782

申请日：2013-12-11

Applicant: BARRACUDA NETWORKS, INC.

Inventor： Stephen Pao ,  Fleming Shi

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  G06F21/44 ,  G06F21/85 ,  G06F2221/2119 ,  G06F2221/2129 ,  H04L9/0891 ,  H04L63/0823 ,  H04L63/1483 ,  H04L63/166 ,  H04L63/20

Abstract: Network security administrators are enabled to revoke certificates with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server when a CA is deprecated or has fraudulent certificate generation. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus protects an endpoint from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.

Abstract translation: 启用网络安全管理员可以使用可自定义的证书颁发机构信誉策略存储区撤销证书，当存在CA不推荐使用或产生欺诈性证书时，它将由独立的证书颁发机构信誉服务器通知。 自定义策略存储覆盖操作系统Web网络层或第三方浏览器可访问的受信任的根证书存储。 导入撤销列表或更新浏览器或操作系统是多余的。 当证书颁发机构已经失去对TLS中使用的证书的控制时，该设备保护端点免受中间人攻击。