System and method for electronic certificate revocation

US 20030079125A1
Filed: 09/26/2002
Published: 04/24/2003
Est. Priority Date: 09/28/2001
Status: Active Grant

First Claim

Patent Images

1. A system for verifying the status of an electronic certificate having a serial number comprising:

a computer readable medium;

a set of certificate revocation records, derived from a certificate authority, contained in said computer readable medium; and

, a set of computer readable instructions embodied in said computer readable medium for receiving a certificate status request for the electronic certificate from a requesting party, querying said set of certificate revocation records having revocation information representing the status of the electronic certificate embodied in said computer readable medium according to said certificate status request, and, transmitting said revocation information to the requesting party if said certificate revocation record is successfully retrieve from said set of certificate revocation records so that said requesting party can be informed of the status of the electronic certificate.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of verifying whether a certificate has been revoked by providing a DNS responder containing a certificate revocation list (CRL), parsing the CRL into DNS zones, and distributing this information to the respective primary DNS responders based upon DNS zones. Information about a specific certificate is gathered by querying a DNS responder for certificate validation information, receiving such information, and reporting the results of the queries to a client software application so that the user of the system can be informed as to whether the certificate has been revoked or not.

28 Citations

View as Search Results

21 Claims

1. A system for verifying the status of an electronic certificate having a serial number comprising:
- a computer readable medium;
  
  a set of certificate revocation records, derived from a certificate authority, contained in said computer readable medium; and
  
  , a set of computer readable instructions embodied in said computer readable medium for receiving a certificate status request for the electronic certificate from a requesting party, querying said set of certificate revocation records having revocation information representing the status of the electronic certificate embodied in said computer readable medium according to said certificate status request, and, transmitting said revocation information to the requesting party if said certificate revocation record is successfully retrieve from said set of certificate revocation records so that said requesting party can be informed of the status of the electronic certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 wherein said set of computer readable instructions include instructions for determining a fingerprint for the electronic certificate'"'"'s issuer;
    - appending said fingerprint to said serial number;
      
      formatting said fingerprint and appended serial number into a dotted decimal format; and
      
      , including said serial number and said fingerprint in dotted decimal format within said certificate status request.
  - 3. The system of claim 1 wherein said computer readable medium is embodied in a primary DNS responder.
  - 4. The system of claim 3 wherein said set of computer readable instructions include instructions for:
    - receiving certificate revocation information from said certificate authority;
      
      parsing said certificate revocation information;
      
      adding revocation records to said set of certificate revocation records according to said certificate revocation information received from said certificate authority.
  - 5. The system of claim 4 wherein said certificate revocation information is a certification revocation list provided by said certificate authority.
  - 6. The system of claim 1 wherein said computer readable medium is embodied in a secondary DNS responder.
  - 7. The system of claim 6 wherein said computer readable instructions include instructions for:
    - receiving a primary set of certificate revocation records from a primary DNS responder; and
      
      , updating said set of certificate revocation records according to said primary set of certificate revocation records.
  - 8. The system of claim 1 including:
    - a digital signature associated with said computer readable medium; and
      
      , said set of computer readable instructions include instructions for digitally signing said revocation information with said digital signature association with said computer readable medium so that said requesting party can authenticate said revocation information.

9. A system for verifying the status of an electronic certificate comprising:
- a computer readable medium; and
  
  , a set of computer readable instructions embodied within said computer readable medium for receiving a certificate revocation list from a certificate authority, creating a set of certificate revocation records, each having revocation information representing revoked electronic certificates, according to said certificate revocation list, organizing said set of certificate revocation records by DNS zone, and, making available said set of certificate revocation records to requesting parties so that the requesting party can determine the status of a particular electronic certificate organized by DNS zone.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9 wherein:
    - said electronic certificate has an associated serial number; and
      
      said set of computer readable instructions includes instructions for determining a fingerprint of said certificate authority, associating said fingerprint with said serial number for each certificate represented by said certificate revocation list, and, associating said fingerprint and said serial number within said set of certificate revocation records.
  - 11. The system of claim 10 wherein said set of computer readable instructions include instructions for formatting said fingerprint and serial number into a dotted decimal format.
  - 12. The system of claim 9 wherein said computer readable medium is embodied within a primary DNS responder.
  - 13. The system of claim 12 wherein said set of computer readable instructions include instructions for providing said set of certificate revocation records to at least one secondary DNS responder.
  - 14. The system of claim 12 including:
    - a digital signature associated with said primary DNS responder; and
      
      , said set of computer readable instructions include instructions for electronically signing certificate revocation records with said digital signature prior to making available said set of revocation records to requesting parties.

15. A system for verifying the status of an electronic certificate comprising:
- a computer readable medium; and
  
  , a set of computer readable instructions contained within said computer readable medium for;
  
  creating a certificate status request having certificate authority information, querying a DNS responder for a DNS responder list representing DNS responders having a set of certificate revocation records according to said certificate authority information, receiving said DNS responder list, querying each DNS responder according to said certificate status request until a termination event is encountered, receiving certificate revocation information from said certificate revocation record from said queried DNS responders if said certificate revocation record is discovered, and, providing certificate revocation information according to said requesting party if said certificate revocation record is discovered so that the requesting party is provided the status of the certificate according to said certificate revocation request.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15 wherein said terminating event is the discovery of a said certificate revocation record responsive to said certificate status request.
  - 17. The system of claim 15 wherein said terminating event is the exhaustion of said DNS responder list.
  - 18. The system of claim 15 wherein said terminating event is the exhaustion of a predetermined period of time in which said certificate revocation record is not discovered that is responsive to said certificate status request.
  - 19. The system of claim 15 including a fingerprint of the certificate issuer associated with the electronic certificate embodied within said certificate status request.
  - 20. The system of claim 15 including a serial number associated with the electronic certificate embodied within said certificate status request.
  - 21. The system of claim 15 including:
    - a fingerprint of the certificate issuer associated with the electronic certificate embodied within said certificate status request;
      
      a serial number associated with said electronic certificate embodied within said certificate status request; and
      
      , said fingerprint and said serial number are in dotted decimal format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GlobalCerts, LLC
Original Assignee
GlobalCerts, LC
Inventors
Smith, Michael, Filipi-Martin, Adrian, Hope, Brian A.

Granted Patent

US 7,120,793 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 9/3268 using certificate validatio...

System and method for electronic certificate revocation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for electronic certificate revocation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links