Communication-efficient real time credentials for OCSP and distributed OCSP
First Claim
1. A method of facilitating a transaction between a first party and a second party, comprising:
- prior to initiating the transaction, one of the parties obtaining and storing in a computer readable storage medium an artificially pre-computed OCSP response about a specific digital certificate, wherein the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, wherein the artificially pre-computed OCSP response is generated independently of a request by either party about validity of the specific digital certificate;
one of the parties initiating the transaction;
in connection with the transaction, the first party providing the specific digital certificate to the second party; and
the second party retrieving the artificially pre-computed OCSP response, the artificially pre-computed OCSP response having been previously stored in the computer storage medium prior to initiation of the transaction, and verifying the validity of the specific digital certificate using the artificially pre-computed OCSP response.
5 Assignments
0 Petitions
Accused Products
Abstract
Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The first party may cache the artificially pre-computed OCSP response for future transactions.
190 Citations
16 Claims
-
1. A method of facilitating a transaction between a first party and a second party, comprising:
-
prior to initiating the transaction, one of the parties obtaining and storing in a computer readable storage medium an artificially pre-computed OCSP response about a specific digital certificate, wherein the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, wherein the artificially pre-computed OCSP response is generated independently of a request by either party about validity of the specific digital certificate; one of the parties initiating the transaction; in connection with the transaction, the first party providing the specific digital certificate to the second party; and the second party retrieving the artificially pre-computed OCSP response, the artificially pre-computed OCSP response having been previously stored in the computer storage medium prior to initiation of the transaction, and verifying the validity of the specific digital certificate using the artificially pre-computed OCSP response. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of ascertaining validity of a digital certificate, comprising:
-
generating a digitally signed artificially pre-computed message including information about the validity of the digital certificate; examining the digitally signed artificially pre-computed message about the validity of the digital certificate, wherein the artificially pre-computed message is digitally signed by a special entity different from an entity that issued the digital certificate, wherein the digitally signed artificially pre-computed message about the validity of the digital certificate is generated independently of a request to the special entity inquiring about the validity of the digital certificate, and wherein the information about the validity of the digital certificate is obtained and stored in a computer-readable storage medium by the special entity independently of the request to the special entity about the validity of the digital certificate; and verifying the digitally signed artificially pre-computed message using information from at least one of;
the digital certificate and a certificate authenticating the entity that issued the digital certificate. - View Dependent Claims (8, 9)
-
-
10. A method of providing information about digital certificate validity, comprising:
-
ascertaining digital certificate validity status for each certificate in a set of digital certificates; periodically generating a plurality of digitally signed artificially pre-computed messages about the validity status of at least a subset of the set of digital certificates, wherein the digitally signed artificially pre-computed messages are generated independently of a request inquiring about the validity status of the digital certificate; and periodically forwarding the digitally signed artificially pre-computed messages to a plurality of responders that service requests by relying parties inquiring about the validity status of digital certificates in the set of digital certificates, wherein messages about some certificates are forwarded at a different frequency than messages about other certificates, and wherein the digitally signed artificially pre-computed messages are forwarded to and stored on the plurality of responders independently of the requests by the relying parties inquiring about the validity status of the digital certificates. - View Dependent Claims (11)
-
-
12. A non-transitory computer readable storage medium storing software executable by at least one processor, that ascertains validity of a digital certificate, the computer software stored on the non-transitory computer readable storage medium comprising:
-
generating a digitally signed artificially pre-computed message including information about the validity of the digital certificate; examining the digitally signed artificially pre-computed message about the validity of the digital certificate, wherein the artificially pre-computed message is digitally signed by a special entity different from an entity that issued the digital certificate, wherein the digitally signed artificially pre-computed message about the validity of the digital certificate is generated independently of a request to the special entity inquiring about the validity of the digital certificate, and wherein information about the validity of the digital certificate is obtained and stored in a computer-readable storage medium by the special entity independently of the request to the special entity about the validity of the digital certificate; and verifying the digitally signed message using information from at least one of;
the digital certificate and a certificate authenticating the entity that issued the digital certificate. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer readable storage medium storing computer software, executable by at least one processor, that provides information about digital certificate validity, the computer software stored on the non-transitory computer readable storage medium comprising:
-
executable code that ascertains digital certificate validity status for each certificate in a set of digital certificates; executable code that periodically generates a plurality of digitally signed artificially pre-computed messages about the validity status of at least a subset of the set of digital certificates, wherein the digitally signed artificially pre-computed messages are generated independently of a request inquiring about the validity status of the digital certificate; and executable code that periodically forwards the digitally signed artificially pre-computed messages to a plurality of responders that service requests by relying parties inquiring about the validity status of digital certificates in the set of digital certificates, wherein messages about some certificates are forwarded at a different frequency than messages about other certificates, and wherein the digitally signed artificially pre-computed messages are forwarded to and stored on the plurality of responders independently of the requests by the relying parties inquiring about the status of the digital certificates. - View Dependent Claims (16)
-
Specification