Tree-based certificate revocation system
First Claim
Patent Images
1. A method for using at least one Merkle tree to authenticate revocation status about a plurality of certificates, comprising:
- (a) generating a plurality of values, wherein each of the values indicates that at least one of the certificates has been revoked and wherein for each certificate, there is at least one value indicating status of the certificate;
(b) constructing at least one Merkle tree containing on a plurality of its nodes at least one of the plurality of values indicating whether at least one of the certificates has been revoked; and
(c) authenticating, with a digital signature, a root node of the at least one Merkle tree to provide an authenticated root.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and system for overcoming the problems associated with certificate revocation lists (CRL'"'"'s), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.
-
Citations
23 Claims
-
1. A method for using at least one Merkle tree to authenticate revocation status about a plurality of certificates, comprising:
-
(a) generating a plurality of values, wherein each of the values indicates that at least one of the certificates has been revoked and wherein for each certificate, there is at least one value indicating status of the certificate;
(b) constructing at least one Merkle tree containing on a plurality of its nodes at least one of the plurality of values indicating whether at least one of the certificates has been revoked; and
(c) authenticating, with a digital signature, a root node of the at least one Merkle tree to provide an authenticated root. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
introducing dummy items.
-
-
23. A method, according to claim 22, wherein the number of dummy items that is introduced plus the number of other items is a power of two.
Specification