Efficient certificate revocation
First Claim
Patent Images
1. A method for authenticating validity information about certificates, comprising:
- having a Directory periodically receive data signed by a Certifying Authority, wherein the data includes at least one of;
a certificate and a Certificate Revocation List (CRL);
having theDirectory make a record of the data;
having the Directory receive a query from a user about the validity of a certificate having an identifier X;
having the Directory consult the data to deduce that the certificate with identifier X is valid;
having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and additional information; and
having the Directory send the digital signature to the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for overcoming the problems associated with certificate revocation lists (CRL'"'"'s), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.
220 Citations
3 Claims
-
1. A method for authenticating validity information about certificates, comprising:
-
having a Directory periodically receive data signed by a Certifying Authority, wherein the data includes at least one of;
a certificate and a Certificate Revocation List (CRL);having theDirectory make a record of the data; having the Directory receive a query from a user about the validity of a certificate having an identifier X; having the Directory consult the data to deduce that the certificate with identifier X is valid; having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and additional information; and having the Directory send the digital signature to the user. - View Dependent Claims (2)
-
-
3. A method to provide authenticated information about validity of individual certificates, comprising:
-
having a Directory receive a Certificate Revocation List (CRL) from a Certifying Authority; having the Directory receive a query from a user about the validity of a certificate having an identifier X; having the Directory consult the CRL to deduce that the certificate with identifier X is valid; having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and at least one of;
the date of the CRL and the date of the next CRL; andhaving the Directory provide the digital signature to the user.
-
Specification