公开(公告)号：US20210211308A1

公开(公告)日：2021-07-08

申请号：US17146174

申请日：2021-01-11

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Ning Chai

IPC分类号： H04L9/32 ,  H04L29/06

摘要： Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

公开(公告)号：US10911246B2

公开(公告)日：2021-02-02

申请号：US15851562

申请日：2017-12-21

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Ning Chai

IPC分类号： H04L9/32 ,  H04L29/06

摘要： Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

公开(公告)号：US10110592B2

公开(公告)日：2018-10-23

申请号：US14135277

申请日：2013-12-19

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Ning Chai ,  Richard F. Andrews ,  Quentin Liu

IPC分类号： H04L21/00 ,  H04L29/06 ,  H04L9/32 ,  H04L29/08

摘要： Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs.

公开(公告)号：US09882727B1

公开(公告)日：2018-01-30

申请号：US14874310

申请日：2015-10-02

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Ning Chai

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L9/3268 ,  H04L9/3263 ,  H04L29/06775 ,  H04L63/0823

摘要： Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

公开(公告)号：US11641285B2

公开(公告)日：2023-05-02

申请号：US17146174

申请日：2021-01-11

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Ning Chai

IPC分类号： H04L9/32 ,  H04L9/40

摘要： Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.

公开(公告)号：US10277406B1

公开(公告)日：2019-04-30

申请号：US14478398

申请日：2014-09-05

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Gaurav Khanna

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L9/32 ,  H04L9/30 ,  H04L9/08

摘要： Embodiments presented herein provide techniques for managing a digital certificate enrollment process. In particular, embodiments presented herein provide techniques for a certificate authority to issue short-lived SSL certificates and an authentication method for validating certificate signing requests (CSR) for short-lived certificates.

公开(公告)号：US20180123805A1

公开(公告)日：2018-05-03

申请号：US15851562

申请日：2017-12-21

申请人： DigiCert, Inc.

发明人： Hari Veladanda ,  Hoa Ly ,  Ning Chai

IPC分类号： H04L9/32 ,  H04L29/06

CPC分类号： H04L9/3268 ,  H04L9/3263 ,  H04L29/06775 ,  H04L63/0823

摘要： Certificates issued by a CA are distributed across multiple CRLs. Each certificate issued by the CA is assigned to a specific CRL, and the address of that CRL is written to the appropriate field of the certificate, such that an authenticating application can subsequently determine if the certificate is revoked. When the CA revokes a specific one of the issued certificates, it determines to which CRL the revoked certificate is assigned, and updates the specific CRL accordingly. In some embodiments, a single one of the multiple CRLs is active for assignment of certificates at any given time, and each certificate issued by the CA is assigned to the currently active CRL. In other embodiments, assignments of issued certificates are distributed between different ones of a pre-determined number of multiple CRLs by applying a statistical distribution formula to each issued certificate to determine a corresponding target CRL.