Revocation method and apparatus for secure content
First Claim
1. A method of revoking a device, the method comprising:
- receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature;
attempting to verify the signature;
receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and
if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for revoking a device. A method includes receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature, attempting to verify the signature, receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel.
53 Citations
35 Claims
-
1. A method of revoking a device, the method comprising:
-
receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature;
attempting to verify the signature;
receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and
if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
20. The method of claim I wherein the information as to whether certificates and/or public keys have been revoke1 is stamped on the media.
-
33. An apparatus for revoking a host, the apparatus comprising:
-
means for receiving a certificate from a host, the certificate including a plurality of fields including a field holding a protocol public key signed by a certifying authority;
means for verifying signatures on the certificate, the verifying including;
verifying the certifying authority signature using the protocol public key; and
verifying a host signature using a host public key on the certificate; and
means for receiving validation data from a source, the validation data identifying one or more data on the certificate as valid or invalid according to a revocation list; and
means for preventing the transmission of a session key to the host to establish a secure communication channel if the signatures are invalid.
-
-
34. An engine configured to revoke a host, the engine comprising:
-
a block configured to receive a certificate from a host, the certificate including a plurality of fields including a field holding a protocol public key signed by a certifying authority;
a block configured to verify signatures on the certificate, the verifying including;
verifying the certifying authority signature using the protocol public key; and
verifying a host signature using a host public key on the certificate; and
a block configured to receive validation data from a source, the validation data identifying one or more data on the certificate as valid or invalid according to a revocation list; and
a block configured to preventing the transmission of a session key to the host to establish a secure communication channel if the signatures are invalid.
-
-
35. A computer program product, the computer program product comprising:
signal bearing media bearing digital information adapted to be operable with a firmware), the digital information including programming including;
a block configured to receive a certificate from a host, the certificate including a plurality of fields including a field holding a protocol public key signed by a certifying authority;
a block configured to verify signatures on the certificate, the verifying including;
verifying the certifying authority signature using the protocol public key; and
verifying a host signature using a host public key on the certificate; and
a block configured to receive validation data from a source, the validation data identifying one or more data on the certificate as valid or invalid according to a revocation list; and
a block configured to preventing the transmission of a session key to the host to establish a secure communication channel if the signatures are invalid.
Specification