Communication-efficient real time credentials for OCSP and distributed OCSP

US 7,966,487 B2
Filed: 01/10/2005
Issued: 06/21/2011
Est. Priority Date: 01/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method of facilitating a transaction between a first party and a second party, comprising:

prior to initiating the transaction, one of the parties obtaining and storing in a computer readable storage medium an artificially pre-computed OCSP response about a specific digital certificate, wherein the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, wherein the artificially pre-computed OCSP response is generated independently of a request by either party about validity of the specific digital certificate;

one of the parties initiating the transaction;

in connection with the transaction, the first party providing the specific digital certificate to the second party; and

the second party retrieving the artificially pre-computed OCSP response, the artificially pre-computed OCSP response having been previously stored in the computer storage medium prior to initiation of the transaction, and verifying the validity of the specific digital certificate using the artificially pre-computed OCSP response.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Facilitating a transaction between a first party and a second party includes, prior to initiating the transaction, one of the parties obtaining an artificially pre-computed OCSP response about a specific digital certificate, where the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, one of the parties initiating the transaction, in connection with the transaction, the first party providing the specific digital certificate to the second party, and the second party verifying the specific digital certificate using the artificially pre-computed OCSP response. The second party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The second party may cache the artificially pre-computed OCSP response for future transactions. The first party may obtain the artificially pre-computed OCSP response prior to the transaction being initiated. The first party may cache the artificially pre-computed OCSP response for future transactions.

190 Citations

16 Claims

1. A method of facilitating a transaction between a first party and a second party, comprising:
- prior to initiating the transaction, one of the parties obtaining and storing in a computer readable storage medium an artificially pre-computed OCSP response about a specific digital certificate, wherein the artificially pre-computed OCSP response is generated by an entity other than the first party and the second party, wherein the artificially pre-computed OCSP response is generated independently of a request by either party about validity of the specific digital certificate;
  
  one of the parties initiating the transaction;
  
  in connection with the transaction, the first party providing the specific digital certificate to the second party; and
  
  the second party retrieving the artificially pre-computed OCSP response, the artificially pre-computed OCSP response having been previously stored in the computer storage medium prior to initiation of the transaction, and verifying the validity of the specific digital certificate using the artificially pre-computed OCSP response.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method, according to claim 1, wherein the second party obtains and stores the artificially pre-computed OCSP response prior to the transaction being initiated.
  - 3. A method, according to claim 2, wherein the second party caches the artificially pre-computed OCSP response for future transactions.
  - 4. A method, according to claim 1, wherein the first party obtains and stores the artificially pre-computed OCSP response prior to the transaction being initiated.
  - 5. A method, according to claim 4, wherein the first party caches the artificially pre-computed OCSP response for future transactions.
  - 6. A method, according to claim 4, further comprising:
    - the first party providing the artificially pre-computed OCSP response to the second party after the transaction being initiated.

7. A method of ascertaining validity of a digital certificate, comprising:
- generating a digitally signed artificially pre-computed message including information about the validity of the digital certificate;
  
  examining the digitally signed artificially pre-computed message about the validity of the digital certificate, wherein the artificially pre-computed message is digitally signed by a special entity different from an entity that issued the digital certificate, wherein the digitally signed artificially pre-computed message about the validity of the digital certificate is generated independently of a request to the special entity inquiring about the validity of the digital certificate, and wherein the information about the validity of the digital certificate is obtained and stored in a computer-readable storage medium by the special entity independently of the request to the special entity about the validity of the digital certificate; and
  
  verifying the digitally signed artificially pre-computed message using information from at least one of;
  
  the digital certificate and a certificate authenticating the entity that issued the digital certificate.
- View Dependent Claims (8, 9)
- - 8. A method, according to claim 7, wherein the information is a public key corresponding to a secret key used to digitally sign the artificially pre-computed message.
  - 9. A method, according to claim 7, wherein the information corresponds to a special digital certificate authenticating the special entity that digitally signed the artificially pre-computed message.

10. A method of providing information about digital certificate validity, comprising:
- ascertaining digital certificate validity status for each certificate in a set of digital certificates;
  
  periodically generating a plurality of digitally signed artificially pre-computed messages about the validity status of at least a subset of the set of digital certificates, wherein the digitally signed artificially pre-computed messages are generated independently of a request inquiring about the validity status of the digital certificate; and
  
  periodically forwarding the digitally signed artificially pre-computed messages to a plurality of responders that service requests by relying parties inquiring about the validity status of digital certificates in the set of digital certificates, wherein messages about some certificates are forwarded at a different frequency than messages about other certificates, and wherein the digitally signed artificially pre-computed messages are forwarded to and stored on the plurality of responders independently of the requests by the relying parties inquiring about the validity status of the digital certificates.
- View Dependent Claims (11)
- - 11. A method, according to claim 10, wherein a frequency of forwarding messages about revoked certificates is less than a frequency of forwarding messages about valid certificates.

12. A non-transitory computer readable storage medium storing software executable by at least one processor, that ascertains validity of a digital certificate, the computer software stored on the non-transitory computer readable storage medium comprising:
- generating a digitally signed artificially pre-computed message including information about the validity of the digital certificate;
  
  examining the digitally signed artificially pre-computed message about the validity of the digital certificate, wherein the artificially pre-computed message is digitally signed by a special entity different from an entity that issued the digital certificate, wherein the digitally signed artificially pre-computed message about the validity of the digital certificate is generated independently of a request to the special entity inquiring about the validity of the digital certificate, and wherein information about the validity of the digital certificate is obtained and stored in a computer-readable storage medium by the special entity independently of the request to the special entity about the validity of the digital certificate; and
  
  verifying the digitally signed message using information from at least one of;
  
  the digital certificate and a certificate authenticating the entity that issued the digital certificate.
- View Dependent Claims (13, 14)
- - 13. The non-transitory computer readable storage medium, according to claim 12, wherein the information is a public key corresponding to a secret key used to digitally sign the artificially pre-computed message.
  - 14. The non-transitory computer readable storage medium, according to claim 12, wherein the information corresponds to a special digital certificate authenticating the special entity that digitally signed the artificially pre-computed message.

15. A non-transitory computer readable storage medium storing computer software, executable by at least one processor, that provides information about digital certificate validity, the computer software stored on the non-transitory computer readable storage medium comprising:
- executable code that ascertains digital certificate validity status for each certificate in a set of digital certificates;
  
  executable code that periodically generates a plurality of digitally signed artificially pre-computed messages about the validity status of at least a subset of the set of digital certificates, wherein the digitally signed artificially pre-computed messages are generated independently of a request inquiring about the validity status of the digital certificate; and
  
  executable code that periodically forwards the digitally signed artificially pre-computed messages to a plurality of responders that service requests by relying parties inquiring about the validity status of digital certificates in the set of digital certificates, wherein messages about some certificates are forwarded at a different frequency than messages about other certificates, and wherein the digitally signed artificially pre-computed messages are forwarded to and stored on the plurality of responders independently of the requests by the relying parties inquiring about the status of the digital certificates.
- View Dependent Claims (16)
- - 16. The non-transitory computer readable storage medium, according to claim 15, wherein a frequency of forwarding messages about revoked certificates is less than a frequency of forwarding messages about valid certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Corestreet, Ltd. (Assa Abloy AB)
Inventors
Libin, Phil, Engberg, David, Micali, Silvio
Primary Examiner(s)
Korzuch; William R
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US11/032,520
Publication Number

US 20050193204A1
Time in Patent Office

2,353 Days
Field of Search

None
US Class Current

713/156
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Communication-efficient real time credentials for OCSP and distributed OCSP

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

190 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Communication-efficient real time credentials for OCSP and distributed OCSP

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links