Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Digital Mobile License Method to Limit Certificate Compromise

IP.com Disclosure Number: IPCOM000238561D
Publication Date: 2014-Sep-03
Document File: 3 page(s) / 65K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method for creating, disposing, revoking and rotating digital mobile certificates for licenses is disclosed. The disclosed system limits the population size of compromised certificates.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 01 of 3

Digital Mobile License Method to Limit Certificate Compromise

Disclosed is a system and method for creating, disposing, revoking and rotating digital mobile certificates for licenses. The disclosed system limits the population size of compromised certificates.

The system utilizes a Digital Mobile License (DML) server that utilizes a limited number of certificates. The DML server provides certificate term management and construction to issue digital mobile licenses. Distributing the DML among a set of certificate limits the size of a possible compromise. The term window can be adjusted which will adjust the number of license that are issued in a term.

Figure 1

Certificates are issued every 180 days (6 months) and the term for a certificate is 720 days (close to 2 years). Certificates should only exist for 540 days (eighteen months) and are rotated out of the list of certificates checked in order of issue. A DML license is valid for one year 365 days. A term can be shortened which of course will reduce the number of licenses that would face compromise if a security threat has been successful for a certificate compromised. Remember that a certificate in DML is actually two certificates one for Elliptic Curve Digital Signature Algorithm (ECDSA) and one for RSA but are considered a single certificate for a term. Different technologies are used to strengthen security.

Figure 2 depicts a table illustrating certificates that exist after being issued. On day zero the first certificate is issued and used to issue DMLs for the next 6 months (180 days). It is the current certificate that is used to issue Digital Mobile Licenses (DSAs). The Authorizing application would only have one Certificate on the mobile device to start.

1


Page 02 of 3

Issue Day

X509.0

X509.1

X509.3

X509.4

current

0

A

A

180

A

B

B

360

A

B

C

C

540

B

C

D

E

E

720

C

D

E

F

F

Figure 2

Through this process the number of Digital Mobile Licenses (DMLs) issued on a certificate is spread among a set of certificates whi...