Method of caching digital certificate revocation lists
First Claim
1. In a method for updating a locally cached revocation list in a client computer with a database of revoked certificates stored in a host computer, the method comprising:
- establishing a communication link by the client computer with the host computer based upon circumstances defined at the client computer; and
requesting by the client computer of an updated revocation list of digital certificates from the host computer, the updated revocation list being generated by a bloom filter having parameters selectable by the client computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of updating a locally cached revocation list of digital certificates in a client computer with a current data base of revoked certificates stored in a host computer. Upon receipt of a digital certificate submitted to the client computer for verification, the client computer checks the submitted digital certificate against the locally cached revocation list. If the submitted digital certificate is not on the locally cached revocation list, the client computer confirms the validity of the submitted digital certificate and the transaction is consummated. If however, the submitted digital certificate is on the revocation list, the client computer establishes a communication link with the host computer and determines if the submitted digital certificate is in the data base of revoked certificates on the host computer. Without breaking the communication link, the client may request that an updated revocation list to be downloaded.
251 Citations
28 Claims
-
1. In a method for updating a locally cached revocation list in a client computer with a database of revoked certificates stored in a host computer, the method comprising:
-
establishing a communication link by the client computer with the host computer based upon circumstances defined at the client computer; and requesting by the client computer of an updated revocation list of digital certificates from the host computer, the updated revocation list being generated by a bloom filter having parameters selectable by the client computer. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
(a) initiating a communication link by a client computer with a host computer, the host computer contains a database of revoked digital certificates; (b) establishing the communication link; and (c) requesting by the client computer of an updated revocation list of digital certificates, from the host computer, said updated revocation list being generated by a bloom filter having parameters selected by said client computer. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A method comprising:
-
(a) checking a digital certificate submitted to a client computer against a revocation list stored in the client computer, the revocation list being generated by a bloom filter having parameters selectable by the client computer; (b) if the submitted digital certificate is on the revocation list, initiating a communication link by the client computer with a host computer, the host computer contains a database of revoked digital certificates and the client computer contains a current revocation list; (c) establishing the communication link; (d) requesting by the client computer of the current revocation list from the host computer; and (e) loading the current revocation list into the client computer. - View Dependent Claims (14, 15, 16, 17)
-
-
18. In a method for updating a locally cached revocation list of digital certificates in a client computer with a database of revoked certificates stored in a host computer, the method comprising:
-
receiving a digital certificate submitted to the client computer for verification; checking the submitted digital certificate against the locally cached revocation list by the client computer; if the submitted digital certificate is not on the locally cached revocation list, confirming validity of the submitted digital certificate; if the submitted digital certificate is on the revocation list, initiating a communication link by the client computer with the host computer; and requesting by the client computer that an updated revocation list be sent to the client computer.
-
-
19. An apparatus comprising:
-
a memory containing a condensed revocation list being a value formed by applying at least one hash function to a plurality of keys; and circuitry for retrieving an updated version of the condensed revocation list, the updated version is generated by parameters selected by a source remotely located from the apparatus, the parameters are associated with a bloom filter. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer comprising:
-
a memory containing a database including a list of revoked keys; a lookup module in communication with the memory, the lookup module accessing the database in response to a lookup request inquiring whether a selected key has been revoked; a control module in communication with the lookup module, the control module controlling the access of the database and responding to the lookup request by providing information whether the selected key has been revoked; and circuitry for generating a condensed revocation list being a value formed by applying at least one hash function to a plurality of keys, the circuitry comprises a bloom filter matrix, which contained bloom filters that were generated from parameters selectable by the client computer, coupled to the control module, and a bloom vector calculator coupled to the bloom filter matrix and the memory. - View Dependent Claims (28)
-
Specification