Certificate revocation system
First Claim
Patent Images
1. A method of conveying information about certificates, comprising:
- at every date D of a sequence of dates, having an authority produce a digitally signed certificate revocation status using a single digital signature that provides a positive and explicit statement about the validity status at date D of each not-yet-expired certificate in a plurality of certificates;
providing the digitally signed certificate revocation status to a directory; and
having the directory store the latest received digitally signed certificate revocation status to be provided as a response to an inquiry about revocation status of a particular one of the plurality of certificates.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of managing certificates in a communication system having a certifying authority and a directory. Preferably, the method begins by having the certifying authority generate certificates by digitally signing a given piece of data. At a later point time, the certifying authority may produce a string that proves whether a particular certificate is currently valid without also proving the validity of at least some other certificates. The technique obviates use of certification revocation lists communicated between the certifying authority and the directory.
-
Citations
29 Claims
-
1. A method of conveying information about certificates, comprising:
-
at every date D of a sequence of dates, having an authority produce a digitally signed certificate revocation status using a single digital signature that provides a positive and explicit statement about the validity status at date D of each not-yet-expired certificate in a plurality of certificates; providing the digitally signed certificate revocation status to a directory; and having the directory store the latest received digitally signed certificate revocation status to be provided as a response to an inquiry about revocation status of a particular one of the plurality of certificates. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of conveying information about certificates, comprising:
-
having an authority digitally sign, using a first digital signature scheme, the public key pk of a second signature scheme, wherein pk'"'"'s secret key is known to an other entity; at every date D of a sequence of dates, having the other entity produce a digitally signed certificate revocation status, signed with respect to pk, using a single digital signature that provides a positive and explicit statement about the validity status at date D of each not-yet-expired certificate in a plurality of certificates; providing the digitally signed certificate revocation status to a directory; and having the directory store the latest received digitally signed certificate revocation status to be provided as a response to an inquiry about revocation status of a particular one of the plurality of certificates. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of obtaining information about a particular certificate, comprising:
-
receiving from an other entity a digitally signed certificate revocation status that uses a single digital signature to provide a positive and explicit statement about the validity status of each not-yet-expired certificate in a plurality of certificates at date D in a sequence of dates, wherein the plurality of certificates includes the particular certificate; confirming that the certificate revocation status has been digitally signed by a trusted entity; and if the certificate revocation status has been digitally signed by a trusted entity, extracting the information about the particular certificate from the certificate revocation status. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of providing information about a particular certificate, comprising:
-
receiving from an other entity a digitally signed certificate revocation status that uses a single digital signature to provide a positive and explicit statement about the validity status of each not-yet-expired certificate in a plurality of certificates at date D in a sequence of dates, wherein the plurality of certificates includes the particular certificate; and providing the digitally signed certificate revocation status to a user. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification