Generating a CRL using a sub-system having resources separate from a main certificate authority sub-system
First Claim
Patent Images
1. A method comprising:
- receiving, by a first server computer, a command from a second server computer to update revocation data;
generating, using computing resources of the first server computer separate from computing resources of the second server computer, updated revocation data in view of the command;
generating, using the computing resources of the first server computer separate from computing resources of the second server computer, a certificate revocation list (CRL) in view of the updated revocation data;
receiving a status request regarding the first server computer;
transmitting a response for the status request, the response comprising data indicating whether the first server computer is not busy, a scheduled time for generating the CRL, an amount of time to generate the CRL and a time the CRL is last generated;
receiving, by the first server computer, a command to override the scheduled time for generating the CRL in view of the response;
providing, by the first server computer, the CRL to the second server computer to update certificate records stored in a data store that is coupled to the second server computer, wherein the update is to cause at least one of;
a digital certificate to be generated in view of the CRL, the digital certificate to be issued, or the CRL to be published;
receiving, by the first server computer, a command to update configuration data for the CRL stored in a cache memory that is separate from the second server computer, wherein the configuration data comprising a schedule to generate the CRL; and
providing a status update comprising a time the cache memory is last updated.
1 Assignment
0 Petitions
Accused Products
Abstract
A server computing system initiates a first sub-system to generate a certificate revocation list (CRL) using resources that are separate from resources of a second sub-system that performs certificate authority (CA) management functions other than generating a CRL. The first sub-system receives a command from the second sub-system to update revocation data in a cache that is coupled to the first sub-system and generates a CRL using the updated revocation data in the cache. The first sub-system provides the CRL to the second sub-system.
13 Citations
14 Claims
-
1. A method comprising:
-
receiving, by a first server computer, a command from a second server computer to update revocation data; generating, using computing resources of the first server computer separate from computing resources of the second server computer, updated revocation data in view of the command; generating, using the computing resources of the first server computer separate from computing resources of the second server computer, a certificate revocation list (CRL) in view of the updated revocation data; receiving a status request regarding the first server computer; transmitting a response for the status request, the response comprising data indicating whether the first server computer is not busy, a scheduled time for generating the CRL, an amount of time to generate the CRL and a time the CRL is last generated; receiving, by the first server computer, a command to override the scheduled time for generating the CRL in view of the response; providing, by the first server computer, the CRL to the second server computer to update certificate records stored in a data store that is coupled to the second server computer, wherein the update is to cause at least one of;
a digital certificate to be generated in view of the CRL, the digital certificate to be issued, or the CRL to be published;receiving, by the first server computer, a command to update configuration data for the CRL stored in a cache memory that is separate from the second server computer, wherein the configuration data comprising a schedule to generate the CRL; and providing a status update comprising a time the cache memory is last updated. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
a first server computer comprising; a first memory; and a first processing device operatively coupled to the first memory, the first processing device to; receive a command from a second server computer to update revocation data; generate updated revocation data in view of the command using computing resources of the first server computer separate from computing resources of the second server computer; generate the CRL in view of the updated revocation data using computing resources of the first server computer separate from computing resource of the second server computer; receive a status request by the first server computer; transmit a response for the status request comprising data indicating;
whether the first server computer is not busy, whether the first server is to perform an action to generate the CRL, an amount of time to generate the CRL and a time the CRL is last generated;receive a command to override the scheduled time for generating the CRL in view of the response; provide the CRL to the second server computer to update certificate records stored in a data store that is coupled to the second server computer, wherein the update is to cause at least one of;
a digital certificate to be generated in view of the CRL, the digital certificate to be issued, or the CRL to be published;receive a command to update configuration data for the CRL stored in a cache memory that is separate from the second server computer, wherein the configuration data comprising a schedule to generate the CRL; and provide a status update comprising a time the cache memory is last updated. - View Dependent Claims (8, 9)
-
10. A non-transitory computer-readable medium including instructions that, when executed by a first processing device, cause the first processing device to:
-
receive a command from a second processing device to update revocation data; generate, using computing resources of the first processing device separate from computing resources of the second processing device, updated revocation data in view of the command; generate, using the computing resources of the first processing device separate from computing resources of the second processing device, a certificate revocation list (CRL) in view of the updated revocation data; receive a status request by the first processing device; transmit a response for the status request comprising data indicating whether the first processing device is not busy, a scheduled time to generate the CRL, an amount of time to generate the CRL and a time the CRL is last generated; receive a command to override the scheduled time for generating the CRL in view of the response; provide the CRL to the second processing device to update certificate records stored in a data store that is coupled to the second processing device, wherein the update is to cause at least one of;
a digital certificate to be generated in view of the CRL, the digital certificate to be issued, or the CRL to be published;receive a command to update configuration data for the CRL stored in a cache memory that is separate from the processing device, wherein the configuration data comprising a schedule to generate the CRL; and provide a status update comprising a time the cache memory is last updated. - View Dependent Claims (11, 12, 13, 14)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRed Hat, Inc. (International Business Machines Corporation)
-
Original AssigneeRed Hat, Inc. (International Business Machines Corporation)
-
InventorsWnuk, Andrew
-
Primary Examiner(s)Edwards, Linglan
-
Application NumberUS13/190,297Publication NumberTime in Patent Office1,849 DaysField of Search713/158US Class Current1/1CPC Class CodesH04L 63/0823 using certificates cryptogr...H04L 9/3268 using certificate validatio...
