Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority
First Claim
1. A digital certificate for authenticating a corresponding element, the certificate issued by an issuer for being verified by a trusted component of a computing device to authenticate the element, the verification including ensuring that the certificate is not revoked, the certificate comprising:
- an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list; and
at least one revocation condition relating to possible revocation of the certificate, each revocation condition having to be satisfied when the certificate is employed to authenticate the element.
2 Assignments
0 Petitions
Accused Products
Abstract
A digital certificate identifies an entity as having authority over the certificate to revoke same as delegated by the issuer. The certificate also has at least one revocation condition relating to possible revocation of the certificate. To authenticate the certificate, the identification of the delegated revocation authority, a location from which a revocation list is to be obtained, and any freshness requirement to be applied to the revocation list are determined from the certificate. It is then ensured that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement, that the revocation list is promulgated by the delegated revocation authority identified in the certificate, and that the certificate is not identified in the revocation list as being revoked.
58 Citations
22 Claims
-
1. A digital certificate for authenticating a corresponding element, the certificate issued by an issuer for being verified by a trusted component of a computing device to authenticate the element, the verification including ensuring that the certificate is not revoked, the certificate comprising:
-
an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list; and
at least one revocation condition relating to possible revocation of the certificate, each revocation condition having to be satisfied when the certificate is employed to authenticate the element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for authenticating a digital certificate for a corresponding element on a computing device, the certificate being issued by an issuer for being authenticated by a trusted component of the computing device to authenticate the element, the method comprising:
-
determining from the certificate an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list;
determining from the certificate a location from which the revocation list is to be obtained;
determining from the certificate any freshness requirement to be applied to the revocation list;
ensuring that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement;
ensuring that the present revocation list is promulgated by the delegated revocation authority identified in the certificate; and
ensuring that the certificate is not identified in the present revocation list as being revoked. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
Specification