Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority

US 20040168056A1
Filed: 02/26/2003
Published: 08/26/2004
Est. Priority Date: 02/26/2003
Status: Active Grant

First Claim

Patent Images

1. A digital certificate for authenticating a corresponding element, the certificate issued by an issuer for being verified by a trusted component of a computing device to authenticate the element, the verification including ensuring that the certificate is not revoked, the certificate comprising:

an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list; and

at least one revocation condition relating to possible revocation of the certificate, each revocation condition having to be satisfied when the certificate is employed to authenticate the element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital certificate identifies an entity as having authority over the certificate to revoke same as delegated by the issuer. The certificate also has at least one revocation condition relating to possible revocation of the certificate. To authenticate the certificate, the identification of the delegated revocation authority, a location from which a revocation list is to be obtained, and any freshness requirement to be applied to the revocation list are determined from the certificate. It is then ensured that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement, that the revocation list is promulgated by the delegated revocation authority identified in the certificate, and that the certificate is not identified in the revocation list as being revoked.

58 Citations

View as Search Results

22 Claims

1. A digital certificate for authenticating a corresponding element, the certificate issued by an issuer for being verified by a trusted component of a computing device to authenticate the element, the verification including ensuring that the certificate is not revoked, the certificate comprising:
- an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list; and
  
  at least one revocation condition relating to possible revocation of the certificate, each revocation condition having to be satisfied when the certificate is employed to authenticate the element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The certificate of claim 1 wherein the identification of the delegated revocation authority comprises a public key thereof, and wherein the revocation list from the delegated revocation authority is digitally signed by a private key of the delegated revocation authority corresponding to the public key thereof and is verifiable by such public key.
  - 3. The certificate of claim 1 comprising an identification of a plurality of delegated revocation authorities.
  - 4. The certificate of claim 1 wherein the revocation condition specifies a location from which a revocation list must be obtained.
  - 5. The certificate of claim 4 wherein the identification of the delegated revocation authority comprises a public key thereof, and wherein the revocation list from the location specified in the revocation condition is from the delegated revocation authority, is digitally signed by a private key of the delegated revocation authority corresponding to the public key thereof, and is verifiable by such public key.
  - 6. The certificate of claim 4 wherein the identification of the delegated revocation authority comprises a public key thereof, and wherein the revocation list from the location specified in the revocation condition is not from the delegated revocation authority, is not digitally signed by a private key of the delegated revocation authority corresponding to the public key thereof, and is not verifiable by such public key.
  - 7. The certificate of claim 1 wherein the revocation condition specifies a freshness requirement regarding a revocation list, the freshness requirement stating a maximum age that the revocation list can reach before a fresher copy of the revocation list must be obtained.
  - 8. The certificate of claim 1 in combination with the revocation list from the location specified in the revocation condition, wherein the identification of the delegated revocation authority comprises a public key thereof, and wherein the revocation list is from the delegated revocation authority, is digitally signed by a private key of the delegated revocation authority corresponding to the public key thereof, and is verifiable by such public key.
  - 9. The certificate and revocation list of claim 8 wherein the revocation list specifies a non-trustworthy principal that is to be excluded in connection with using the certificate.
  - 10. The certificate and revocation list of claim 9 wherein the revocation list specifies a plurality of non-trustworthy principals that are to be excluded in connection with using the certificate.
  - 11. The certificate and revocation list of claim 9 wherein the excluded principal specified in the revocation list is another certificate.
  - 12. The certificate and revocation list of claim 9 wherein the excluded principal specified in the revocation list is selected from a group consisting of a public key, a user, an application, an operating system, a piece of hardware, a piece of software, a piece of content, and a digital license.
  - 13. The certificate of claim 1 wherein the identified delegated revocation authority is the issuer.

14. A method for authenticating a digital certificate for a corresponding element on a computing device, the certificate being issued by an issuer for being authenticated by a trusted component of the computing device to authenticate the element, the method comprising:
- determining from the certificate an identification of an entity as having authority over the certificate to revoke same as delegated by the issuer, the delegated revocation authority revoking the certificate by identifying same in a revocation list;
  
  determining from the certificate a location from which the revocation list is to be obtained;
  
  determining from the certificate any freshness requirement to be applied to the revocation list;
  
  ensuring that the revocation list from the location is present and that the present revocation list satisfies the freshness requirement;
  
  ensuring that the present revocation list is promulgated by the delegated revocation authority identified in the certificate; and
  
  ensuring that the certificate is not identified in the present revocation list as being revoked.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14 wherein ensuring that the revocation list is present and that the present revocation list satisfies the freshness requirement comprises obtaining the revocation list from the location.
  - 16. The method of claim 14 wherein ensuring that the revocation list is present and that the present revocation list satisfies the freshness requirement comprises ensuring that the revocation list from such location is already present and that such present revocation list has an issue time that satisfies the freshness requirement.
  - 17. The method of claim 14 wherein the revocation list is digitally signed by a private key of the delegated revocation authority, the method signature comprising:
    - determining from the certificate as the identification of the delegated revocation authority a public key thereof corresponding to the private key thereof; and
      
      ensuring that the present revocation list is promulgated by the delegated revocation authority identified in the certificate by verifying the signature of the revocation list with the public key of the delegated revocation authority.
  - 18. The method of claim 14 wherein the revocation list specifies a non-trustworthy principal, the method further comprising ensuring that the non-trustworthy principal is excluded in connection with using the certificate.
  - 19. The method of claim 18 wherein the revocation list specifies a plurality of non-trustworthy principals, the method further comprising ensuring that each non-trustworthy principal is excluded in connection with using the certificate.
  - 20. The method of claim 18 wherein the revocation list specifies a non-trustworthy principal that is another certificate, the method further comprising ensuring that the non-trustworthy another certificate is excluded in connection with using the certificate.
  - 21. The method of claim 18 wherein the revocation list specifies a non-trustworthy principal that is selected from a group consisting of a public key, a user, an application, an operating system, a piece of hardware, a piece of software, a piece of content, and a digital license another certificate, the method further comprising ensuring that the non-trustworthy principal is excluded in connection with using the certificate.
  - 22. The method of claim 14 comprising determining from the certificate an identification of the issuer as being the delegated revocation authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rose, Charles F. III, LaMacchia, Brian A., Malaviarachchi, Rushmi U., Manferdelli, John L., Dillaway, Blair Brewster, Lafornara, Philip

Granted Patent

US 7,543,140 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/603   Digital right managament [DRM]

H04L 9/3268   using certificate validatio...

Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Revocation of a certificate and exclusion of other principals in a digital rights management (DRM) system based on a revocation list from a delegated revocation authority

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links