Mechanisms for Certificate Revocation Status Verification on Constrained Devices
First Claim
1. A method comprising:
- using a nonce of an authentication protocol request message to derive a nonce for a revocation status protocol request; and
deriving a secure nonce with a processor, using the nonce from the authentication protocol request as an operator of a key derivation function.
2 Assignments
0 Petitions
Accused Products
Abstract
A process is provided for communication security certificate revocation status verification by using the client device as a proxy in online status verification protocol. The process utilizes a nonce of an authentication protocol request message (nonce_A) to derive the nonce for the revocation status protocol request (nonce_S) to reduce the number of message exchanges needed between the client and the verifier devices, and a mechanism to send the nonce (nonce_S) prior to actual authentication protocol execution to ease the connectivity requirement of client device from on-demand connectivity to periodic connectivity. Similar functionality is achieved using a random seed established between the verifier and client. The verifier picks a seed for random number generation and sends that seed to the client. The client derives the nonce_S from the seed before status protocol execution, and the verifier derives the nonce_S from the seed before proxied status response verification.
-
Citations
28 Claims
-
1. A method comprising:
-
using a nonce of an authentication protocol request message to derive a nonce for a revocation status protocol request; and deriving a secure nonce with a processor, using the nonce from the authentication protocol request as an operator of a key derivation function. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving a random nonce at a client device before authentication protocol execution; obtaining revocation status information using the random nonce in the client device when network connectivity is available; and executing the authentication protocol with a processor. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving a random seed value at a client device from a verifier device; deriving at the client device a revocation status nonce for a revocation status protocol request; verifying an authentication protocol response with an authentication protocol nonce; and verifying the revocation status response with the revocation status nonce. - View Dependent Claims (13, 14, 15)
-
-
16. An apparatus comprising a processor, a memory in communication with the processor and having computer coded instructions stored therein, said instructions configured, when executed by the processor, to cause the apparatus to perform:
-
using a nonce of an authentication protocol request message to derive a nonce for a revocation status protocol request; and deriving a secure nonce using the nonce from the authentication protocol request as an operator of a key derivation function. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus comprising a processor, a memory in communication with the processor and having computer coded instructions stored therein, said instructions configured, when executed by the processor, to cause the apparatus to perform:
-
receiving a random nonce at a client device before authentication protocol execution; obtaining revocation status information using the random nonce in the client device when network connectivity is available; and executing the authentication protocol. - View Dependent Claims (22, 23, 24, 25)
-
-
26. An apparatus comprising a processor, a memory in communication with the processor and having computer coded instructions stored therein, said instructions configured, when executed by the processor, to cause the apparatus to perform:
-
receiving a random seed value at a client device from a verifier device; deriving at the client device a revocation status nonce for a revocation status protocol request; verifying an authentication protocol response with an authentication protocol nonce; and verifying the revocation status response with the revocation status nonce. - View Dependent Claims (27, 28)
-
Specification