Efficient certificate revocation
First Claim
Patent Images
1. A method for authenticating certificate revocation information about a plurality of certificates, each having a certificate identifier belonging to a set of possible identifiers, comprising the steps of:
- (a) for all of the certificate identifiers, mapping the revocation information into a plurality of certificate revocation values;
(b) constructing a tree having certificate nodes containing the certificate revocation values, wherein, for each possible certificate identifier, the tree is guaranteed to contain at least one node having a certificate revocation value indicating whether a certificate corresponding to the certificate identifier is revoked;
(c) storing values within internal nodes of the tree, wherein the values stored in the internal nodes authenticate values contained in children thereof; and
(d) authenticating a root certificate node of the tree to provide an authenticated root.
4 Assignments
0 Petitions
Accused Products
Abstract
We propose new systems for certificate revocation that are more economical and efficient than traditional ones. We also point out what we believe to be a structural problem in traditional public-key infrastructures, and various ways to solve it.
132 Citations
18 Claims
-
1. A method for authenticating certificate revocation information about a plurality of certificates, each having a certificate identifier belonging to a set of possible identifiers, comprising the steps of:
-
(a) for all of the certificate identifiers, mapping the revocation information into a plurality of certificate revocation values;
(b) constructing a tree having certificate nodes containing the certificate revocation values, wherein, for each possible certificate identifier, the tree is guaranteed to contain at least one node having a certificate revocation value indicating whether a certificate corresponding to the certificate identifier is revoked;
(c) storing values within internal nodes of the tree, wherein the values stored in the internal nodes authenticate values contained in children thereof; and
(d) authenticating a root certificate node of the tree to provide an authenticated root. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification