Efficient digital certificate processing in a data processing system
First Claim
1. A system for efficient digital certificate processing comprising:
- a computer; and
a secure certificate cache coupled to the computer, the secure certificate cache for storing pre-verified digital certificates.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed toward efficient digital certificate processing. In one aspect a system for efficient digital certificate processing comprises a computer and a secure certificate cache coupled to a computer. The secure certificate cache stores pre-verified digital certificates. In a second aspect, a method for efficient digital certificate processing in a data processing system comprises providing a secure certificate cache and receiving a digital certificate. The method further includes determining if the digital certificate is within the secure certificate cache. The method finally includes verifying the validity of the digital certificate if the digital certificate is within the secure certificate cache. The system and method in accordance with the present invention provides efficient processing of digital certificates in that it advantageously avoids unnecessary repetitive verification of commonly used digital certificates and also requires less memory to verify a certificate chain than conventional systems. Pre-verified digital certificates are maintained in the secure certificate cache to facilitate accelerated certificate chain validation and avoid repeat verification in the future.
-
Citations
19 Claims
-
1. A system for efficient digital certificate processing comprising:
-
a computer; and
a secure certificate cache coupled to the computer, the secure certificate cache for storing pre-verified digital certificates. - View Dependent Claims (2, 3, 4)
means for receiving a digital certificate;
means for determining whether the digital certificate is within the secure certificate cache; and
means for verifying the validity of the digital certificate if the digital certificate is within the secure certificate cache.
-
-
3. The system of claim 2 wherein the computer further includes:
-
means for determining whether an issuer digital certificate exists in the secure certificate cache if the digital certificate cache is not in the secure certificate cache;
first means for verifying that signature for the issue digital certificate exists in the secure certificate cache if issuer digital certificate exists in the secure certificate cache;
second means for verifying the validity and extensions of the digital certificate responsive to the first verifying means; and
means for providing a cache entry in the secure certificate cache responsive to the digital certificate being valid.
-
-
4. The system of claim 3, wherein the validity and extensions comprise the start and stop dates on the digital certificate.
-
5. A method for efficient digital certificate processing in a data processing system comprising the steps of:
-
a) providing a secure certificate cache for storing digital certificates which have been validated;
b) receiving a digital certificate;
c) determining if the received digital certificate is within the secure certificate cache; and
d) validating the received digital certificate if the digital certificate is within the secure certificate cache. - View Dependent Claims (6, 7, 8)
e) determining whether an issuer digital certificate exists in the secure certificate cache if the digital certificate is not in the secure certificate cache;
f) verifying that a signature for the issuer exists in the secure certificate cache if the issuer digital certificate exists in the secure certificate cache;
g) verifying the validity and extensions of the digital certificate if the signature exists in the secure certificate cache; and
h) providing a cache entry in the secure certificate cache responsive to the digital certificate being valid.
-
-
8. The method of claim 7 wherein the validity and extensions comprise the start and stop dates on the digital certificate.
-
9. A system for efficient digital certificate processing comprising:
-
a non-secure computing environment;
a secure computing environment;
a host interface coupled between the non-secure computing environment and the secure computing environment by the host interface so that access by the non-secure computer environment to data processed in the secure environment is restricted; and
a certificate cache within the secure computing environment, the certificate cache coupled to the host interface for storing pre-verified digital certificates. - View Dependent Claims (10, 11, 12, 13, 14, 15)
means for receiving a digital certificate;
means for determining whether the digital certificate is within the secure certificate cache; and
means for verifying the validity of the digital certificate if the digital certificate is within the secure certificate cache.
-
-
11. The system of claim 9 wherein the secure computing environment further includes:
-
means for determining whether an issuer digital certificate exists in the secure certificate cache if the digital certificate cache is not in the secure certificate cache;
first means for verifying that signature for the issue digital certificate exists in the secure certificate cache if issuer digital certificate exists in the secure certificate cache;
second means for verifying the validity and extensions of the digital certificate responsive to the first verifying means; and
means for providing a cache entry in the secure certificate cache responsive to the digital certificate being valid.
-
-
12. The system of claim 11, wherein the validity and extensions comprise the start and stop dates on the digital certificate.
-
13. The system of claim 12, wherein the secure computing environment further includes a co-processor coupled between the host interface and the certificate cache for controlling secure data processing.
-
14. The system of claim 13, wherein the host interface further includes a virtual firewall interface for implementing the restriction of access to data processed in the secure environment including the digital certificates data stored in the secure certificate cache.
-
15. The system of claim 14, wherein the virtual firewall interface includes an interface communication protocol for managing digital certificates.
-
16. A computer readable medium containing program instructions for efficient digital certificate processing in a data processing system, the program instructions for:
-
providing a secure certificate cache;
receiving a digital certificate;
determining if the digital certificate is within the secure certificate cache; and
verifying the validity of the digital certificate if the digital certificate is within the secure certificate cache. - View Dependent Claims (17, 18, 19)
determining whether an issuer digital certificate exists in the secure certificate cache if the digital certificate is not in the secure certificate cache;
verifying that a signature for the issuer exists in the secure certificate cache if the issuer digital certificate exists in the secure certificate cache;
verifying the validity and extensions of the digital certificate if the signature exists in the secure certificate cache; and
providing a cache entry in the secure certificate cache responsive to the digital certificate being valid.
-
-
19. The computer readable medium of claim 18 wherein the validity and extensions comprise the start and stop dates on the digital certificate.
Specification