Handling of digital certificates
First Claim
1. A method for handling digital certificates in a communication network, the communication network comprising a first certificate authority having issued at least one digital certificate, the method comprising:
- determining whether a revocation condition for revoking the at least one digital certificate is fulfilled, wherein;
the at least one digital certificate was issued by the first certificate authority;
the at least one digital certificate is valid and not presently revoked; and
any given digital certificate that is not revoked is uniquely identified by a unique identifier;
based on a result of the determining;
revoking, by the first certificate authority, the at least one digital certificate; and
issuing, by a second certificate authority, at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for handling digital certificates in a communication network is described. The communication network comprises a first certificate authority (110-116) having issued at least one digital certificate. The method comprises determining (216) whether a revocation condition for revoking the at least one digital certificate is fulfilled. The at least one digital certificate has been issued by the first certificate authority, wherein the at least one digital certificate is valid and is not revoked. The method further comprises, based on a result of the step of determining (216), revoking (404), by the first certificate authority (110-116), the at least one digital certificate, and based on the result of the step of determining (216), issuing, by a second certificate authority (110-116), at least one further digital certificate for the revoked at least one digital certificate. An associated system, methods in involved network entities, the involved network entities, and computer programs are also described. Therefore security handling in the communication network which may be fluctuating with respect to its number of network nodes and/or which may comprise numerous network nodes may be performed in an easy and efficient way.
-
Citations
29 Claims
-
1. A method for handling digital certificates in a communication network, the communication network comprising a first certificate authority having issued at least one digital certificate, the method comprising:
-
determining whether a revocation condition for revoking the at least one digital certificate is fulfilled, wherein; the at least one digital certificate was issued by the first certificate authority; the at least one digital certificate is valid and not presently revoked; and any given digital certificate that is not revoked is uniquely identified by a unique identifier; based on a result of the determining; revoking, by the first certificate authority, the at least one digital certificate; and issuing, by a second certificate authority, at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, in a controlling certificate authority, for handling digital certificates in a communication network, the controlling certificate authority comprising first and second certificate authorities, wherein the first certificate authority has issued at least one digital certificate, the method comprising:
-
determining whether a revocation condition for revoking the at least one certificate is fulfilled, the at least one digital certificate having been issued by the first certificate authority, the at least one digital certificate being valid and not presently revoked, and any given digital certificate that is not revoked is uniquely identified by a unique identifier; based on a result of the determining; trigger the first certificate authority to revoke the at least one digital certificate; and trigger the second certificate authority to issue at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked. - View Dependent Claims (20)
-
-
21. A method, in a network node, for handling digital certificates in a communication network, the network node maintaining a digital certificate issued by a first certificate authority of the communication network, the method comprising:
-
sending a request for issuing, by a second certificate authority of the communication network, a further digital certificate, wherein the request for issuing a further digital certificate comprises an identifier uniquely identifying the digital certificate issued by the first certificate authority, and the further digital certificate is identified by the same identifier in the request; and receiving the further digital certificate, the further digital certificate having been issued by the second certificate authority, wherein the further digital certificate replaces the digital certificate issued and revoked by the first certificate authority. - View Dependent Claims (22)
-
-
23. A method, in a network managing node, for handling digital certificates in a communication network, the communication network comprising a first certificate authority having issued at least one digital certificate, the method comprising:
-
sending information, to a network node of the communication network for the network node, requesting a further digital certificate to be issued by a second certificate authority for a digital certificate; wherein the information requesting a further digital certificate comprises an identifier uniquely identifying a digital certificate issued by the first digital certificate authority, and the further digital certificate comprises the same identifier in the request; and wherein the further digital certificate replaces the digital certificate, which is issued and revoked by the first certificate authority. - View Dependent Claims (24)
-
-
25. A controlling certificate authority for handling digital certificates in a communication network, the controlling certificate authority comprising:
-
one or more processing circuits configured to function as first and second certificate authorities, wherein the first certificate authority has issued at least one digital certificate; wherein the controlling certificate authority is configured to; determine whether a revocation condition for revoking the at least one first digital certificate is fulfilled, the at least one digital certificate having been issued by the first certificate authority, the at least one digital certificate being valid and not presently revoked, and any given digital certificate that is not revoked is uniquely identified by a unique identifier; based on a result of the determining, trigger the first certificate authority to revoke the at least one digital certificate; and based on the result of the determining, trigger the second certificate authority to issue at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked.
-
-
26. A network node for handling digital certificates in a communication network, the network node maintaining a digital certificate issued by a first certificate authority of the communication network, the network node comprising:
one or more processing circuits configured to cause the network node to; send a request for issuing, by a second certificate authority of the communication network, a further digital certificate, wherein the request for issuing a further digital certificate comprises an identifier uniquely identifying the digital certificate issued by the first digital certificate authority, and the further digital certificate is identified by the same identifier in the request; and receive the further digital certificate, the further digital certificate having been issued by the second certificate authority, wherein the further digital certificate replaces the digital certificate issued and revoked by the first digital certificate authority.
-
27. A network managing node for handling digital certificates in a communication network, the communication network comprising:
-
a first certificate authority having issued at least one digital certificate; and one or more processing circuits configured to cause the network managing node to send information, to a network node of the communication network for the network node, requesting a further digital certificate to be issued by a second certificate authority for a digital certificate; and wherein the information requesting a further digital certificate comprises an identifier uniquely identifying a digital certificate issued by the first certificate authority, and the further digital certificate comprises the same identifier in the request; and wherein the further digital certificate replaces the digital certificate, which is issued and revoked by the first certificate authority.
-
-
28. A computer program product stored in a non-transitory computer readable medium for controlling the handling of digital certificates in a communication network, the communication network comprising a first certificate authority having issued at least one digital certificate, the computer program product comprising software instructions which, when run on one or more processors of the communication network, causes the communication network to:
-
determine whether a revocation condition for revoking the at least one digital certificate is fulfilled, wherein; the at least one digital certificate was issued by the first certificate authority; the at least one digital certificate is valid and not presently revoked; any given digital certificate that is not revoked is uniquely identified by a unique identifier; based on a result of the determining; revoke, by the first certificate authority, the at least one digital certificate; and issue, by a second certificate authority, at least one further digital certificate to have a same unique identifier as one of the at least one digital certificate that is revoked. - View Dependent Claims (29)
-
Specification