Certificate revocation system
First Claim
Patent Images
1. A method of managing certificates in a communication system having a certifying authority, comprising the steps of:
- having the certifying authority generate a certificate that includes a public key pk of a digital signature scheme; and
at a later point time, having the certifying authority produce a digital signature relative to pk that authenticates that the certificate is currently valid.
8 Assignments
0 Petitions
Accused Products
Abstract
A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
-
Citations
34 Claims
-
1. A method of managing certificates in a communication system having a certifying authority, comprising the steps of:
-
having the certifying authority generate a certificate that includes a public key pk of a digital signature scheme; and at a later point time, having the certifying authority produce a digital signature relative to pk that authenticates that the certificate is currently valid. - View Dependent Claims (2, 3, 4, 5, 7, 8)
-
-
6. A method of managing certificates in a communication system having a certifying authority, comprising steps of:
-
having the certifying authority generate certificates that include a public key pk of a digital signature scheme; having a corresponding secret key sk that is known to a second entity; and having the second entity authenticate that the certificate is valid by producing a digital signature relative to pk.
-
-
9. A method of certifying information about a plurality of certificates, each of which corresponds to a serial number, comprising the steps of:
-
obtaining a bit string wherein at least some bits of the bit string correspond to serial numbers of given certificates, each bit having a value depending on a given property of a corresponding one of the certificates; and having an entity certify information about the certificate by digitally signing the bit string. - View Dependent Claims (10, 11)
-
-
12. A method of certifying information about issued certificates, comprising the steps of:
-
encoding in a bit string information indicating all certificates that have been issued; and having an entity certify information about the issued certificate by digitally signing the bit string.
-
-
13. A method of providing certified information about certificates, comprising the steps of:
-
having a first party query a second party about a certificate that has not been issued; and in response to the query, having the second party provide certified information about the certificate by authenticating that the certificate has not been issued. - View Dependent Claims (14, 15)
-
-
16. A method of managing a plurality of certificates, comprising the steps of:
-
having a certifying authority provide a second party with authenticated information about certificates; having a third party request information from the second party about an unissued certificate; and having the second party use the authenticated information to provide the third party with information authenticating that the given certificate was not issued.
-
-
17. A method of extending the validity of authenticated data, comprising the steps of:
-
(a) digitally signing the data together with a public key, pk, of a digital signature scheme to obtain authenticated data; and (b) extending the validity of the authenticated data by producing a second digital signature, relative to pk. - View Dependent Claims (18, 19, 20)
-
-
21. A method of proving that previously certified information is valid at each date in a sequence of dates, comprising the steps of:
-
(a) at each date of the sequence of dates, determining whether the previously certified information is valid; and (b) if the certified information is valid at one of the dates d of the sequence of dates, producing an off-line digital signature authenticating that the previously certified information is valid at date d.
-
-
22. A method of authenticating that each member of a subset of certificate information that binds given keys to given users is valid at a given date, comprising the steps of:
-
(a) determining each of the members of the subset that are valid at a given date specific to the member; and (b) for each member of the subset that is determined valid, authenticating that the member is valid at the given date by producing an off line digital signature, unique to the member. - View Dependent Claims (23, 24, 25)
-
-
26. A method of extending validity through a given date of previously certified information that binds given keys to given users, comprising the steps of:
-
(a) selecting a subset of the previously certified information; and (b) for each member of the subset, authenticating that the validity of the member is extended through the given date by producing an off-line digital signature, unique to the member. - View Dependent Claims (27, 28, 29)
-
-
30. A method of extending the validity of a subset of certificates in a set of previously issued certificates that bind given keys to given users, comprising the steps of:
-
(a) determining which certificates belong to the subset; and (b) for each certificate in the subset, producing an off-line digital signature unique to the certificate indicating that the certificate is valid through a given date. - View Dependent Claims (31, 32, 33, 34)
-
Specification