Certificate revocation system

US 5,960,083 A
Filed: 03/24/1997
Issued: 09/28/1999
Est. Priority Date: 10/24/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method of generating a certificate for data, comprising the steps of:

(a) generating a final value by iterating a one-way function on a secret first value;

(b) generating certificate information that includes the data and the final value; and

(c) generating the certificate by digitally signing the certificate information.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.

Citations

15 Claims

1. A method of generating a certificate for data, comprising the steps of:
- (a) generating a final value by iterating a one-way function on a secret first value;
  
  (b) generating certificate information that includes the data and the final value; and
  
  (c) generating the certificate by digitally signing the certificate information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the data includes a public key of a public-key cryptosystem.
  - 3. A method according to claim 1, wherein a first entity generates the final value and a second entity digitally signs the certificate information.
  - 4. A method according to claim 3, wherein the second entity is a CA.
  - 5. A method according to claim 1, wherein the one-way function is a hash function.
  - 6. A method according to claim 1, further comprising the step of:
    - (d) providing at least one additional value as an input to at least one iteration of the one-way function.
  - 7. A method according to claim 1, further comprising the step of:
    - (d) providing at least one additional value as an input to every iteration of the one-way function.

8. A method of proving that previously certified information is valid at each date in a sequence of dates, comprising the steps of:
- (a) at each of the sequence of dates, determining whether the previously certified information is valid; and
  
  (b) if the certified information is valid at a date within the sequence of dates, producing a string unique to the certified information authenticating that the previously certified information is valid at the date.
- View Dependent Claims (9, 10, 11)
- - 9. A method according to claim 8, wherein the string is a digital signature.
  - 10. A method according to claim 9, wherein the digital signature is off-line.
  - 11. A method according to claim 9, wherein a certifying authority produces the digital signature.

12. A method of authenticating that each member of a subset of certifies that bind given keys to given users is valid at a given date, comprisign the steps of:
- (a) determining each of the members of the subset that are valid at a given date specific to the member; and
  
  (b) for each member of the subset that is determined to be valid, authenticating that the member is valid at the given date by producing a string unique to the member.
- View Dependent Claims (13, 14, 15)
- - 13. A method according to claim 12, wherein the string is a digital signature.
  - 14. A method according to claim 13, wherein the digital signature is off-line.
  - 15. A method according to claim 13, wherein a certifying authority produces the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Silvio Micali
Inventors
Micali, Silvio
Primary Examiner(s)
GREGORY, BERNARR E

Application Number

US08/823,354
Time in Patent Office

918 Days
Field of Search

380/9, 380/21, 380/23, 380/25, 380/29, 380/30, 380/49, 380/50
US Class Current

713/175
CPC Class Codes

G06Q 20/02 involving a neutral party, ...

H04L 9/3268 using certificate validatio...

Certificate revocation system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Certificate revocation system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links