Revocation method and apparatus for secure content
First Claim
1. A method of revoking a host device on a file-by-file basis, comprising:
- receiving at a storage engine a certificate from the host device, the certificate containing a digital signature;
authenticating the digital signature;
establishing a secure session by transmitting a session key to the host device; and
during the secure session;
receiving at the storage engine a file request from the host device, the file request being directed to a file stored on a storage medium accessible to the storage engine;
reading a revocation list associated with the file from the storage medium, the revocation list containing at least one rule, the at least one rule associating data in the revocation list with data in the certificate;
applying the at least one rule on the data in the revocation list and the associated data in the certificate; and
if the application of the at least one rule provides a failing result, denying the file request.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for revoking a device. A method includes receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature, attempting to verify the signature, receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel.
13 Citations
5 Claims
-
1. A method of revoking a host device on a file-by-file basis, comprising:
-
receiving at a storage engine a certificate from the host device, the certificate containing a digital signature; authenticating the digital signature; establishing a secure session by transmitting a session key to the host device; and during the secure session; receiving at the storage engine a file request from the host device, the file request being directed to a file stored on a storage medium accessible to the storage engine; reading a revocation list associated with the file from the storage medium, the revocation list containing at least one rule, the at least one rule associating data in the revocation list with data in the certificate; applying the at least one rule on the data in the revocation list and the associated data in the certificate; and if the application of the at least one rule provides a failing result, denying the file request. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
-
Current AssigneeChemtron Research LLC (Intellectual Ventures LLC)
-
Original AssigneeDPHI Acquisitions, Inc.
-
InventorsFeldman, Timothy R., Lee, Lane W., Kiwimagi, Gary G., Rayburn, Douglas M.
-
Primary Examiner(s)Fischer, Andrew J.
-
Assistant Examiner(s)ZELASKIEWICZ, CHRYSTINA E
-
Application NumberUS09/939,896Publication NumberTime in Patent Office3,109 DaysField of Search705/51, 705 54- 57, 705/67, 705/75US Class Current705/51CPC Class CodesG06F 21/10 Protecting distributed prog...G06Q 20/382 insuring higher security of...
