System and method for implementing digital certificate revocation in an ad-hoc network

US 7,853,785 B1
Filed: 09/09/2005
Issued: 12/14/2010
Est. Priority Date: 09/09/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented system for implementing maintenance and distribution of revocation information within an ad-hoc network, comprising:

at least one network node configured to serve as a certifier node for the ad-hoc network, wherein the network node includes a computer implemented application configured to maintain revocation information in computer memory and distribute the revocation information to other network nodes using four types of revocation message, including individual revocation messages, incremental revocation messages, differential revocation messages, and cumulative revocation messages, wherein the at least one network node is further configured to determine whether a region of the ad-hoc network should be assigned another certifier node, and wherein the network node is configured to create a new certifier node and to establish a parent-child relationship between the network node and the new certifier node by updating the digital certificates of both the network node and the new certifier node to indicate the parent node status of the network node and the child node status of the new certifier node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system for implementing maintenance and distribution of revocation information within an ad-hoc network. The system includes at least one network node. The network node includes a computer implemented application configured to maintain revocation information in computer memory and distribute the revocation information to other network nodes using a two stage distribution method. The distribution method includes a first stage wherein the revocation message is transmitted to all certifier nodes within the ad-hoc network, and a second stage wherein each certifier node distributes the revocation message to at least one non-certifier node associated with the certifier node.

Citations

20 Claims

1. A computer-implemented system for implementing maintenance and distribution of revocation information within an ad-hoc network, comprising:
- at least one network node configured to serve as a certifier node for the ad-hoc network, wherein the network node includes a computer implemented application configured to maintain revocation information in computer memory and distribute the revocation information to other network nodes using four types of revocation message, including individual revocation messages, incremental revocation messages, differential revocation messages, and cumulative revocation messages, wherein the at least one network node is further configured to determine whether a region of the ad-hoc network should be assigned another certifier node, and wherein the network node is configured to create a new certifier node and to establish a parent-child relationship between the network node and the new certifier node by updating the digital certificates of both the network node and the new certifier node to indicate the parent node status of the network node and the child node status of the new certifier node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the individual revocation message is transmitted based on revocation of a digital certificate by a certifier node for a single network node.
  - 3. The system of claim 1, wherein each of the four types of revocation message is configured to include a sequence number for the revocation message.
  - 4. The system of claim 3, wherein maintaining revocation information in computer memory includes receiving the revocation messages from other nodes and verifying the sequence number in a received revocation message.
  - 5. The system of claim 3, wherein a sequence number for a cumulative revocation message is configured to reference a periodic-differential sequence number.
  - 6. The system of claim 1, wherein the certifier node stores the hierarchical structure for the child parent relationship for the certifier node only.
  - 7. The system of claim 1, wherein distribution of the revocation information to other network nodes include a two stage distribution process including a first stage wherein the revocation message is transmitted to all certifier nodes within the ad-hoc network and a second stage wherein each certifier node distributes the revocation message to at least one non-certifier node associated with the certifier node.

8. A computer-implemented system for implementing maintenance and distribution of revocation information within an ad-hoc network, comprising:
- at least one network node configured to serve as a certifier node for the ad-hoc network, wherein the network node includes a computer implemented application configured to maintain revocation information in computer memory and distribute the revocation information to other network nodes using a two stage distribution method, the distribution method using three types of revocation message, including individual revocation messages, incremental revocation messages, and periodic attempt type of revocation messages, wherein the two stage distribution method includesa first stage wherein the revocation information is transmitted to all certifier nodes within the ad-hoc network, anda second stage wherein the network node distributes the revocation message to at least one non-certifier node associated with the network node,wherein node the network node stores a parent child relationship associated with a parent node of the network node, the parent node certifying the network node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the distribution method is configured to be utilized based on revocation of a digital certificate by a certifier node for a single network node.
  - 10. The system of claim 8, wherein distribution of the revocation information to other network nodes include four types of revocation message, including individual revocation messages, incremental revocation messages, differential revocation messages, and cumulative revocation messages.
  - 11. The system of claim 10, wherein each of the four types of revocation message is configured to include a sequence number for the revocation message.
  - 12. The system of claim 11, wherein maintaining revocation information in computer memory includes receiving the revocation messages from other nodes and verifying the sequence number in a received revocation message.
  - 13. The system of claim 11, wherein a sequence number for a cumulative revocation message is configured to reference a periodic-differential sequence number.
  - 14. The system of claim 8, wherein the network nodes are nodes within an ad-hoc network and wherein the network nodes are configured into a plurality of certifier regions.

15. A computer implemented method for distribution of revocation information within an ad-hoc network, comprising:
- receiving a revocation message at a first certifier node within the ad-hoc network, three types of revocation message, including individual revocation messages, incremental revocation messages, and periodic attempt type of revocation messages anddistributing the received revocation message to at least one non-certifier node associated with the first certifier node, wherein the first certifier node is further configured to determine whether a region of the ad-hoc network should be assigned another certifier node, and wherein the network node is configured to create a new certifier node and to establish a parent-child relationship between the network node and the new certifier node by updating the digital certificates of both the network node and the new certifier node to indicate the parent node status of the network node and the child node status of the new certifier node.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the revocation message is a revocation of a digital certificate for a single network node transmitted by a second certifier node.
  - 17. The method of claim 15, wherein received revocation message is one of four types of revocation message, including an individual revocation message, an incremental revocation message, a differential revocation message, and a cumulative revocation message.
  - 18. The method of claim 17, wherein receiving a revocation message includes verifying the revocation message based on a sequence number contained in the revocation message.
  - 19. The method of claim 15, wherein verifying the revocation message includes determining that a sequence number for a cumulative revocation message references a latest periodic-differential sequence number.
  - 20. The method of claim 15, wherein distributing the received revocation message to at least one non-certifier node associated with the first certifier node includes utilizing a limited broadcast algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Original Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Inventors
Hoech, Karl F., Thurman, Sally C., Hummer, Frank A.
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/223,607
Time in Patent Office

1,922 Days
Field of Search

713156-158, 713/175, 713/176, 380/247, 380/273, 726/10
US Class Current

713/158
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/007   involving hierarchical stru...

H04L 9/3268   using certificate validatio...

H04W 12/043   using a trusted network nod...

H04W 84/18   Self-organising networks, e...

System and method for implementing digital certificate revocation in an ad-hoc network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing digital certificate revocation in an ad-hoc network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links