Method for efficient management of certificate revocation lists and update information
First Claim
1. In a secure telecommunication system which includes an authorization agent such as a certification authority and other entities authorized by said certification authority for digitally issuing a certificate, a method of conveying additional information which alters actions taken by a system processing said certificate, comprising steps of:
- i) storing additional information at a plurality of data storage locations;
ii) extracting from said certificate accessing information which specifies how said additional information is to be obtained;
iii) verifying the authenticity of said additional information through digital verifying techniques such as digital signature verification;
iv) processing said verified additional information obtained from any of the plurality of data storage locations; and
v) performing on said certificate the action altered by the additional information.
8 Assignments
0 Petitions
Accused Products
Abstract
A method which allows implementation of the revocation of public-key certificates facilitates engineering of certificate revocation lists (CRLs). It solves the practical problem of CRLs potentially growing to unmanageable lengths by allowing CRLs to be segmented, based on size considerations or priority considerations related to revocation reasons. The method is used to distribute CRL information to users of certificate-based public-key systems. It is also applied more generally to update any field in a certificate by reference to a secondary source of authenticated information.
203 Citations
20 Claims
-
1. In a secure telecommunication system which includes an authorization agent such as a certification authority and other entities authorized by said certification authority for digitally issuing a certificate, a method of conveying additional information which alters actions taken by a system processing said certificate, comprising steps of:
-
i) storing additional information at a plurality of data storage locations; ii) extracting from said certificate accessing information which specifies how said additional information is to be obtained; iii) verifying the authenticity of said additional information through digital verifying techniques such as digital signature verification; iv) processing said verified additional information obtained from any of the plurality of data storage locations; and v) performing on said certificate the action altered by the additional information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
9. The method according to claim, wherein the certificate is a public-key certificate for any type of public key, including Diffie-Hellman public keys.
Specification