Method of issuance and revocation of certificates of authenticity used in public key networks and other systems
First Claim
1. A method for authenticating users of an information system, comprising the steps of:
- issuing a signed certificate for each user of an information system, wherein the signed certificate contains an issue date, a unique public key associated with the user, and other public information pertaining to the user, and wherein a valid certificate is one that authenticates an association between the user and the public key contained in the certificate, and an invalid certificate is one for which the association between the user and the public key is no longer valid;
issuing a signed list of invalid certificates, referred to as a blacklist, containing a blacklist start date, a blacklist expiration date, and an entry for each user whose certificate was issued after the blacklist start date and is invalid; and
determining whether a user'"'"'s certificate is valid by first obtaining a copy of the certificate and a copy of the signed blacklist, then determining whether the blacklist has expired, and then, if the blacklist has not expired, determining whether the certificate issued after the blacklist start date and is not on the blacklist, and is therefore valid.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for issuing and revoking user certificates of authenticity in a public key cryptography system, wherein certificates do not need expiration dates, and the inconvenience and overhead associated with routine certificate renewals are minimized or avoided entirely. A Certification Authority issues certificates as required, and issues a blacklist having a start date, an expiration date, and an entry for every invalid certificate issued after the start date. Users assume that every certificate issued prior to the blacklist start date is invalid, and that invalid certificates issued after the start date will be included in the current blacklist. A new blacklist is issued prior to expiration of the current one, and the blacklist start date is changed only when the blacklist becomes unmanageably long.
217 Citations
18 Claims
-
1. A method for authenticating users of an information system, comprising the steps of:
-
issuing a signed certificate for each user of an information system, wherein the signed certificate contains an issue date, a unique public key associated with the user, and other public information pertaining to the user, and wherein a valid certificate is one that authenticates an association between the user and the public key contained in the certificate, and an invalid certificate is one for which the association between the user and the public key is no longer valid; issuing a signed list of invalid certificates, referred to as a blacklist, containing a blacklist start date, a blacklist expiration date, and an entry for each user whose certificate was issued after the blacklist start date and is invalid; and determining whether a user'"'"'s certificate is valid by first obtaining a copy of the certificate and a copy of the signed blacklist, then determining whether the blacklist has expired, and then, if the blacklist has not expired, determining whether the certificate issued after the blacklist start date and is not on the blacklist, and is therefore valid. - View Dependent Claims (2, 3, 4)
-
-
5. A method as defined in claim and further comprising:
issuing a new blacklist prior to the blacklist expiration date. - View Dependent Claims (6)
-
7. A method for authenticating users of a public key cryptographic system, comprising the steps of:
-
issuing a signed certificate for each user of a public key cryptographic system, wherein the signed certificate contains an issue date, a unique public key associated with the user, and other public information pertaining to the user, and wherein a valid certification is one that authenticates an association between the user and the public key contained in the certificate, and an invalid certificate is one for which the association between the user and the public key is no longer valid; issuing a signed list of invalid certificates, referred to as a blacklist, containing a blacklist start date, a blacklist expiration date, and an entry for each user whose certificate was issued after the blacklist start date and is invalid; and determining whether a user'"'"'s certificate is valid by first obtaining a copy of the certificate and a copy of the signed blacklist, then determining whether the blacklist has expired, and then, if the blacklist has not expired, determining whether the certificate issued after the blacklist start date and is not on the blacklist, and is therefore valid. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for authenticating users of a public key cryotpgraphic system, comprising the steps of:
-
issuing a signed certificate for each user of a public key cryptographic system, wherein the signed certificate contains an issue sequence number, a unique public key associated with the user, and other public information pertaining to the user, and wherein a valid certificate is one that authenticates an association between the user and the public key contained in the certificate, and an invalid certificate is one for which the association between the user and the public key is no longer valid; issuing a signed list of invalid certificates, referred to as a blacklist, containing a blacklist start sequence number, a blacklist expiration date, and an entry for each user whose certificate has a sequence number greater than the blacklist start sequence number and is to be considered invalid; and determining whether a user'"'"'s certificate is valid by first obtaining a copy of the certificate and a copy of the signed blacklist, then determining whether the blacklist has expired, and then, if the blacklist has not expired, determining whether the certificate has a sequence number greater than the blacklist start sequence number and is not on the blacklist, and is therefore valid. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification