×

Public key infrastructure scalability certificate revocation status validation

  • US 7,437,551 B2
  • Filed: 04/02/2004
  • Issued: 10/14/2008
  • Est. Priority Date: 04/02/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for authenticating a user certificate received from a user requesting access to a secure web service, said user certificate including user certificate data, said method comprising:

  • receiving a request from a user for access to the web service, said request including partial data supporting the user certificate data;

    retrieving revoked certificate data from a plurality of certificate issuers, wherein the revoked certificate data identifies one or more revoked certificates, said each of the one or more identified revoked certificates including a next update time for retrieving an update to each of the revoked certificates and an address identifying a location for retrieving the update;

    storing the revoked certificate data in a central location;

    determining if the user certificate data has expired;

    if the determining indicates that the received user certificate data has expired, denying the user accessing the secure web service;

    if the determining indicates that the received user certificate data has not expired;

    comparing the user certificate data included in the received request to the revoked certificate data stored in the central location;

    if the comparing indicates that the user certificate data from the requested user certificate matches one of the revoked certificate data stored in the central location, denying the user access to the secure web service;

    if the comparing indicates that the user certificate data from the requested user certificate does not match the revoked certificate data stored in the central location, determining if the update to one of the revoked certificates is available based on the next update time;

    if the determining indicates that no update is available, authenticating the user to access the secured web service;

    if the determining indicates that the update is available, retrieving the update from the address;

    in response to the retrieved update, storing the update to one of the revoked certificates in the central location;

    if the comparing indicates that the user certificate data matches the updated revoked certificate data in the central location, denying the user access to the secure web service;

    if the comparing indicates that the user certificate data does not match one of the updated revoked certificate data in the central location;

    authenticating the user;

    providing the user access to the requested web service;

    detecting an event including a new entry in the central location, a current time equals to the next update time of one of the revoked certificate data or the current time equals to the next update time of one of the updated revoked certificate data;

    organizing the user certificate data in the revoked certificate data in a sequence according to the next update time for each of the plurality of certificate issuers; and

    in response to the detected event and the next update time, retrieving another update of one of the revoked certificate in the central location according to the organized sequence.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×