Efficient Secure Cloud-Based Processing of Certificate Status Information

1. A secure computer-implemented method of processing digital certificate status information, the method comprising:

• receiving over a network, at a status server that is coupled to a data store, from a terminal of a relying party, a request message seeking certificate status information, the request message including data associated with the certificate and a nonce, and the request message encrypted by the terminal using a public key of the status server;
  
  wherein the data store has stored a last status message, received from a certificate authority server, concerning the certificate, such status message stored in a location address determinable by an algorithm applied to data of the certificate;
  
  decrypting the request message at the status sever using a private key of the status server;
  
  at the status server, applying the algorithm to the certificate data in the decrypted request message to identify the location address of the data store for status information pertaining to the certificate and causing retrieval of the stored last status message;
  
  at the status server, updating the retrieved status message with a current time-stamp, expanding the message to include the nonce from the decrypted request message, encrypting the expended status message with a public key of the relying party, and sending the encrypted expanded status message to the terminal of the relying party, so that the terminal of the relying party on receipt of the expanded status message can decrypt the expanded status message and determine, based on appearance of the nonce in the decrypted expanded status message, the reliability of the status information therein.