Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: The disclosed computer-implemented method for protecting personally identifiable information during electronic data exchanges may include (i) receiving, from a computing device, an authentication token for a proposed electronic data exchange, (ii) preventing the user's personally identifiable information from entering the proposed electronic data exchange by identifying the user using the anonymized identifier rather than using the user's personally identifiable information, (iii) authenticating the user identified in the data exchange information, and (iv) in response to authenticating the user, authorizing completion of the proposed electronic data exchange. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs.

Abstract: A system for two-way authentication using two-dimensional codes is provided. The system includes a memory and a processor coupled to the memory. The processor is to generate a two-dimensional code to be used by a user of a mobile device for accessing a remote resource. The processor is to generate the code in response to a request from the remote resource for the code. The processor is further to receive an authentication request from the mobile device to authenticate the remote resource. The authentication request includes information obtained from the two-dimensional code, the information including an authentication request identifier. The processor is also to compare the authentication request identifier to an expected value to create an authentication indication and to transmit the authentication indication and an authentication credential to the mobile device to authenticate the user to the remote resource.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once the computing asset has been classified, a monitoring system may use the assigned classifications to prioritize security incidents for review.

Abstract: A method for managing payment of digital certificates includes receiving a request to issue a digital certificate to a subscriber, capturing and saving payment information of the subscriber, performing a first authentication and verification of the subscriber at a first time, and performing at least one additional authentication and verification of the subscriber at least once every authentication period. A long-lived certificate is issued to the subscriber provided the subscriber is authenticated and verified. The long-lived certificate is valid for an expiration period. However, the long-lived certificate is revoked if (1) the additional authentications and verification produce invalid results, or (2) if payment is not received during a payment period. The authentication period is shorter than the expiration period and there are at least a first and a second authentication period within the expiration period. The expiration period is longer than the authentication period.

Abstract: A method of renewing a plurality of digital certificates includes receiving, at a first time, a request from a user to renew a first digital certificate and determining an expiration date for the first digital certificate. The method also includes receiving, at a second time, a request from the user to renew a second digital certificate and determining an expiration date for the second digital certificate. The expiration date for the second certificate is later than the expiration date for the first certificate. The method further includes determining a new expiration date occurring after the first time and the second time and renewing the first digital certificate. An expiration date for the renewed first digital certificate is equal to the new expiration date. Moreover, the method includes renewing the second digital certificate. An expiration date for the renewed second digital certificate is equal to the new expiration date.

Abstract: A system for two-way authentication using two-dimensional codes is provided herein. The system includes a memory and a processor coupled to the memory. The processor is to receive a request from a remote device to access a web resource and to generate a two-dimensional code to be sent from the remote device to an authentication service to authenticate the web resource. The two-dimensional code includes an authentication request identifier. The processor is further to receive an authentication credential from the remote device, the authentication credential being obtained from the authentication service, and to authenticate the user of the remote device to the web resource using the authentication credential.

Abstract: Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once classified, a monitoring system may use the assigned classifications to prioritize security incidents for review.

Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.

Abstract: A method of combining digital certificates at a prescheduled time is provided. The method includes receiving, by a processor, data from a first certificate and data from a second certificate and determining a certificate combination date. The certificate combination date directs a combining of the first certificate and the second certificate to form a combined certificate. The method further includes detecting the occurrence of the certificate combination date and combining the first certificate and the second certificate to form the combined certificate in response to detecting the occurrence of the certificate combination date.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs.