Reducing certificate revocation lists at access points in a wireless access network
First Claim
1. A method comprising:
- receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network;
assigning a subscription identifier to the user terminal at the ISP in response to the subscription request;
generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP;
adding the service certificate to a certificate revocation list (CRL) maintained by the ISP;
receiving the service certificate from the user terminal at the ISP;
checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and
providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate.
4 Assignments
0 Petitions
Accused Products
Abstract
The certificate revocation lists at access points of a wireless access network can be reduced. In one embodiment, an Internet Service Provider (“ISP”) connected to the wireless access network can receive a subscription request from a user terminal capable of accessing the ISP using the wireless access network. When the ISP assigns a subscription identifier to the user terminal, it also provides a service certificate signed by a certificate authority including the subscription identifier. In addition, the ISP also provides the user terminal one or more session certificates to be used to access the wireless access network, where the session certificates having a shorter validity period than the service certificate.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network; assigning a subscription identifier to the user terminal at the ISP in response to the subscription request; generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP; adding the service certificate to a certificate revocation list (CRL) maintained by the ISP; receiving the service certificate from the user terminal at the ISP; checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate. - View Dependent Claims (2, 3, 4, 5, 18)
-
-
6. A method comprising:
-
receiving a digital certificate at an access point of an access network from a user terminal seeking access to the access network, the digital certificate to be used to authenticate the user terminal; determining, at the access point, a type of the digital certificate; if the certificate is a session certificate, then determining the validity of the digital certificate by searching a certificate revocation list (CRL) at the access point that is associated with session certificates; and if the certificate is a service certificate, then sending the certificate to an Internet Service Provider (ISP) to determine the validity of the certificate. - View Dependent Claims (7, 8, 9)
-
-
10. A user terminal capable of communicating with an access network, the user terminal comprising:
-
a memory to store; a service certificate issued by an Internet Service Provider (“
ISP”
) and signed by a certificate authority, the service certificate having a first validity period, the service certificate corresponding with a subscription of the user terminal with the ISP and including a subscription identifier, the service certificate to be used by the access network to authenticate the user terminal with the ISP; anda session certificate issued by the ISP and signed by the certificate authority, the session certificate having a second validity period that is shorter in duration than the first validity period, the session certificate corresponding with a session subscribed to by the user terminal and to be used by the access network to authenticate the user terminal to an access point of the access network. - View Dependent Claims (11, 12, 19, 20)
-
-
13. A machine-readable storage medium having stored thereon data representing instructions that, when executed by a processor of an Internet Service Provider (“
- ISP”
), cause the processor to perform operations comprising;receiving a subscription request at an Internet Service Provider (ISP) from a user terminal through an access point of an access network; assigning a subscription identifier to the user terminal at the ISP in response to the subscription request; generating at the ISP a service certificate signed by a certificate authority and that includes the subscription identifier to identify a subscription of the user terminal with the ISP; adding the service certificate to a certificate revocation list (CRL) maintained by the ISP; receiving the service certificate from the user terminal at the ISP; checking the service certificate against the certificate revocation list (CRL) maintained by the ISP; and providing from the ISP, to the user terminal, if the service certificate is valid, a session certificate to be used to access the access network through the access point, the session certificate having a shorter validity period than the service certificate. - View Dependent Claims (14, 15, 16, 17)
- ISP”
Specification