Tree-based certificate revocation system
First Claim
Patent Images
1. A method for using at least one Merkle tree for authenticating revocation status about a plurality or certificates issued by a certifying authority, comprising thc steps of:
- (a) generating a plurality of values indicating that a plurality of certificates have been revoked, wherein for each certificate, there is at least one value indicating status of the certificate;
(b) an entity other than the certification authority constructing at least one Merkle tree containing on a plurality of its nodes its plurality of values indicating the certificates that have been revoked; and
(c) authenticating, with a digital signature, a root node of the at least one Merkle tree to provide an authenticated root.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for overcoming the problems associated with certificate revocation lists (CRL'"'"'s), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.
197 Citations
44 Claims
-
1. A method for using at least one Merkle tree for authenticating revocation status about a plurality or certificates issued by a certifying authority, comprising thc steps of:
-
(a) generating a plurality of values indicating that a plurality of certificates have been revoked, wherein for each certificate, there is at least one value indicating status of the certificate; (b) an entity other than the certification authority constructing at least one Merkle tree containing on a plurality of its nodes its plurality of values indicating the certificates that have been revoked; and (c) authenticating, with a digital signature, a root node of the at least one Merkle tree to provide an authenticated root. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for using at least one Merkle tree for authenticating revocation status about a plurality of certificates, comprising:
-
(a) generating a plurality of values indicating that a plurality of certificates have been revoked, wherein for each certificate, there is at least one value indicating status of the certificate; (b) constructing at least one Merkle tree containing on a plurality of its nodes the plurality of values indicating the certificates that have been revoked; and (c) authenticating, with a digital signature, a root node of the at least one Merkle tree to provide an authenticated root. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification