METHOD AND SYSTEM FOR RECURSIVELY EMBEDDED CERTIFICATE RENEWAL AND REVOCATION
First Claim
1. A method for managing a certificate, comprising:
- providing a certificate with an extension field, whereinthe extension field comprises renewal information andthe extension field is secured.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system are disclosed for renewing and revoking certificates. In one embodiment, a certificate may include a renewal extension field with renewal information. Multiple sets of renewal information may be recursively embedded. Upon determining that a certificate will shortly expire, a server may determine that the certificate has a renewal extension field with renewal information, and may request a symmetric key from a certificate authority to decrypt the renewal information. The certificate authority may respond by providing a symmetric key, and the server may use the symmetric key to decrypt the renewal information, which may include updated field values for the certificate. If a server requests a symmetric key too early, i.e., too long before a certificate expires, then certificate authority may deny the request, and the server may determine to wait and then try requesting the symmetric key again. In another embodiment, a certificate authority may revoke a certificate by providing a short lifespan and not providing a symmetric key to decrypt the renewal information.
16 Citations
34 Claims
-
1. A method for managing a certificate, comprising:
providing a certificate with an extension field, wherein the extension field comprises renewal information and the extension field is secured. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method for managing a certificate, comprising:
-
determining that a certificate has an extension field comprising secured renewal information; requesting a key for accessing the secured renewal information. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A certificate management system, comprising:
a certificate generation module configured to provide a certificate with an extension field, wherein the extension field comprises renewal information and the extension field is secured. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
Specification