Efficient certificate revocation
First Claim
Patent Images
1. A method for authenticating validity information about certificates, comprising:
- having a Directory periodically receive data signed by a Certifying Authority, wherein the data includes at least one of;
a certificate and a Certificate Revocation List (CRL);
having theDirectory make a record of the data;
having the Directory receive a query from a user about the validity of a certificate having an identifier X;
having the Directory consult the data to deduce that the certificate with identifier X is valid;
having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and additional information; and
having the Directory send the digital signature to the user.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for overcoming the problems associated with certificate revocation lists (CRL'"'"'s), for example, in a public key infrastructure. The invention uses a tree-based scheme to replace the CRL.
220 Citations
3 Claims
-
1. A method for authenticating validity information about certificates, comprising:
-
having a Directory periodically receive data signed by a Certifying Authority, wherein the data includes at least one of;
a certificate and a Certificate Revocation List (CRL);having theDirectory make a record of the data; having the Directory receive a query from a user about the validity of a certificate having an identifier X; having the Directory consult the data to deduce that the certificate with identifier X is valid; having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and additional information; and having the Directory send the digital signature to the user. - View Dependent Claims (2)
-
-
3. A method to provide authenticated information about validity of individual certificates, comprising:
-
having a Directory receive a Certificate Revocation List (CRL) from a Certifying Authority; having the Directory receive a query from a user about the validity of a certificate having an identifier X; having the Directory consult the CRL to deduce that the certificate with identifier X is valid; having the Directory produce a digital signature binding together the identifier X, an indication that the certificate is valid, and at least one of;
the date of the CRL and the date of the next CRL; andhaving the Directory provide the digital signature to the user.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAssa Abloy AB
-
Original AssigneeCorestreet, Ltd. (Assa Abloy AB)
-
InventorsMicali, Silvio
-
Primary Examiner(s)Skeikh; Ayaz
-
Assistant Examiner(s)Sherkat; Arezoo
-
Application NumberUS10/395,017Publication NumberTime in Patent Office1,803 DaysField of Search713155-158US Class Current713/157CPC Class CodesG06Q 20/02 involving a neutral party, ...G07C 9/23 by means of a passwordG07C 9/257 electronically G07C9/26 tak...H04L 2209/30 Compression, e.g. Merkle-Da...H04L 9/3255 using group based signature...H04L 9/3268 using certificate validatio...H04L 9/50 using hash chains, e.g. blo...
