Revocation method and apparatus for secure content
First Claim
1. A method of revoking a host device on a file-by-file basis, comprising:
- receiving at a storage engine a certificate from the host device, the certificate containing a digital signature;
authenticating the digital signature;
establishing a secure session by transmitting a session key to the host device; and
during the secure session;
receiving at the storage engine a file request from the host device, the file request being directed to a file stored on a storage medium accessible to the storage engine;
reading a revocation list associated with the file from the storage medium, the revocation list containing at least one rule, the at least one rule associating data in the revocation list with data in the certificate;
applying the at least one rule on the data in the revocation list and the associated data in the certificate; and
if the application of the at least one rule provides a failing result, denying the file request.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for revoking a device. A method includes receiving a certificate from the device, the certificate including one or more of fields, at least one of the fields holding a signature, attempting to verify the signature, receiving a revocation list from a source, the revocation list identifying one or more data on the certificate as valid or invalid, the data including at least one of the fields of the certificate; and if one of one or more signatures identified unsuccessfully verified and one or more data is identified as invalid, preventing the transmission of a session key to the device, the session key being required to establish a secure communication channel.
13 Citations
5 Claims
-
1. A method of revoking a host device on a file-by-file basis, comprising:
-
receiving at a storage engine a certificate from the host device, the certificate containing a digital signature; authenticating the digital signature; establishing a secure session by transmitting a session key to the host device; and during the secure session; receiving at the storage engine a file request from the host device, the file request being directed to a file stored on a storage medium accessible to the storage engine; reading a revocation list associated with the file from the storage medium, the revocation list containing at least one rule, the at least one rule associating data in the revocation list with data in the certificate; applying the at least one rule on the data in the revocation list and the associated data in the certificate; and if the application of the at least one rule provides a failing result, denying the file request. - View Dependent Claims (2, 3, 4, 5)
-
Specification