Certificate revocation system
First Claim
Patent Images
1. A method of generating a certificate for data, comprising the steps of:
- (a) generating a final value by iterating a one-way function on a secret first value;
(b) generating certificate information that includes the data and the final value; and
(c) generating the certificate by digitally signing the certificate information.
8 Assignments
0 Petitions
Accused Products
Abstract
A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
-
Citations
15 Claims
-
1. A method of generating a certificate for data, comprising the steps of:
-
(a) generating a final value by iterating a one-way function on a secret first value; (b) generating certificate information that includes the data and the final value; and (c) generating the certificate by digitally signing the certificate information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of proving that previously certified information is valid at each date in a sequence of dates, comprising the steps of:
-
(a) at each of the sequence of dates, determining whether the previously certified information is valid; and (b) if the certified information is valid at a date within the sequence of dates, producing a string unique to the certified information authenticating that the previously certified information is valid at the date. - View Dependent Claims (9, 10, 11)
-
-
12. A method of authenticating that each member of a subset of certifies that bind given keys to given users is valid at a given date, comprisign the steps of:
-
(a) determining each of the members of the subset that are valid at a given date specific to the member; and (b) for each member of the subset that is determined to be valid, authenticating that the member is valid at the given date by producing a string unique to the member. - View Dependent Claims (13, 14, 15)
-
Specification