Efficient Secure Cloud-Based Processing of Certificate Status Information
First Claim
1. A secure computer-implemented method of processing digital certificate status information, the method comprising:
- receiving over a network, at a status server that is coupled to a data store, from a terminal of a relying party, a request message seeking certificate status information, the request message including data associated with the certificate and a nonce, and the request message encrypted by the terminal using a public key of the status server;
wherein the data store has stored a last status message, received from a certificate authority server, concerning the certificate, such status message stored in a location address determinable by an algorithm applied to data of the certificate;
decrypting the request message at the status sever using a private key of the status server;
at the status server, applying the algorithm to the certificate data in the decrypted request message to identify the location address of the data store for status information pertaining to the certificate and causing retrieval of the stored last status message;
at the status server, updating the retrieved status message with a current time-stamp, expanding the message to include the nonce from the decrypted request message, encrypting the expended status message with a public key of the relying party, and sending the encrypted expanded status message to the terminal of the relying party, so that the terminal of the relying party on receipt of the expanded status message can decrypt the expanded status message and determine, based on appearance of the nonce in the decrypted expanded status message, the reliability of the status information therein.
2 Assignments
0 Petitions
Accused Products
Abstract
A cloud-based system having a secure database of certificate information and associated methods are provided. The system and methods may be used to supplement or replace traditional OCSP processing systems. Responses to OCSP requests are digitally signed and cached in a cloud database server remote from the requester. Other servers in the cloud may access the cached OCSP responses from the database server, rather than the originating certificate authority. Thus, the work traditionally done by the certificate authority is moved to the cloud, which eliminates a single point of failure and improves the resources available to perform transactional processing.
18 Citations
2 Claims
-
1. A secure computer-implemented method of processing digital certificate status information, the method comprising:
-
receiving over a network, at a status server that is coupled to a data store, from a terminal of a relying party, a request message seeking certificate status information, the request message including data associated with the certificate and a nonce, and the request message encrypted by the terminal using a public key of the status server; wherein the data store has stored a last status message, received from a certificate authority server, concerning the certificate, such status message stored in a location address determinable by an algorithm applied to data of the certificate; decrypting the request message at the status sever using a private key of the status server; at the status server, applying the algorithm to the certificate data in the decrypted request message to identify the location address of the data store for status information pertaining to the certificate and causing retrieval of the stored last status message; at the status server, updating the retrieved status message with a current time-stamp, expanding the message to include the nonce from the decrypted request message, encrypting the expended status message with a public key of the relying party, and sending the encrypted expanded status message to the terminal of the relying party, so that the terminal of the relying party on receipt of the expanded status message can decrypt the expanded status message and determine, based on appearance of the nonce in the decrypted expanded status message, the reliability of the status information therein. - View Dependent Claims (2)
-
Specification