| 发明名称 |
Methods for inspecting security certificates by network security devices to detect and prevent the use of invalid certificates |
| 摘要 |
Disclosed are methods and media for inspecting security certificates. Methods include the steps of: scanning, by a network security device, messages of a security protocol between a server and a client system; detecting the messages having a security certificate; detecting suspicious security certificates from the messages; and aborting particular sessions of the security protocol associated with the suspicious certificates. Preferably, the step of scanning is performed only on messages of server certificate records. Preferably, the method further includes the step of sending an invalid-certificate notice to the server and the client system. Preferably, the step of detecting the suspicious certificates includes detecting a use of an incorrectly-generated private key for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting an unavailability of revocation information for the certificates. Preferably, the step of detecting the suspicious certificates includes detecting a use of an invalid cryptographic algorithm for the certificates. |
| 申请公布号 |
US8850576(B2) |
申请公布日期 |
2014.09.30 |
| 申请号 |
US201213411567 |
申请日期 |
2012.03.04 |
| 申请人 |
Check Point Software Technologies Ltd. |
发明人 |
Guzner Guy;Haviv Ami;Lieblich Danny;Gal Yahav |
| 分类号 |
H04L29/06;H04L9/32 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Friedman Mark M. |
| 主权项 |
1. A method for inspecting security certificates, the method comprising the steps of by a network security device:
(a) detecting messages, of a security protocol between a server and a client system, that have a security certificate; (b) detecting suspicious security certificates from said messages, by steps including:
(i) scanning said messages for an object ID (OID) of a compromised cryptographic hash function, and(ii) scanning said messages for an OID of a certificate extension;(iii) upon detecting said OID of said certificate extension in said messages, checking a comment length of said OID of said certificate extension for invalid-certificate criteria, said invalid-certificate criteria including an excessive comment length and at least one non-ASCII character contained in said OID of said certificate extension; and (c) aborting sessions of said security protocol associated with said suspicious security certificates that are determined, by said detecting of said suspicious security certificates, to be invalid. |
| 地址 |
Tel Aviv IL |
