Method and system for configuring highly available online certificate status protocol responders
First Claim
1. A method for providing certificate status from a distributed computing environment, wherein the distributed computing environment comprises a set of OCSP responders, the method comprising:
- configuring each OCSP responder in the set of OCSP responders so that each OCSP responder can generate a group digital signature;
receiving from an OCSP client an OCSP request message at an OCSP responder in the set of OCSP responders; and
returning to the OCSP client an OCSP response message comprising a group digital signature.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.
128 Citations
27 Claims
-
1. A method for providing certificate status from a distributed computing environment, wherein the distributed computing environment comprises a set of OCSP responders, the method comprising:
-
configuring each OCSP responder in the set of OCSP responders so that each OCSP responder can generate a group digital signature;
receiving from an OCSP client an OCSP request message at an OCSP responder in the set of OCSP responders; and
returning to the OCSP client an OCSP response message comprising a group digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing system for providing certificate status, wherein the data processing system comprises a set of OCSP responders, the data processing system comprising:
-
means for configuring each OCSP responder in the set of OCSP responders so that each OCSP responder can generate a group digital signature;
means for receiving from an OCSP client an OCSP request message at an OCSP responder in the set of OCSP responders; and
means for returning to the OCSP client an OCSP response message comprising a group digital signature. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product in a computer readable medium for use in a data processing system for providing certificate status within a distributed computing environment comprising a set of OCSP responders, the computer program product comprising:
-
means for configuring each OCSP responder in the set of OCSP responders so that each OCSP responder can generate a group digital signature;
means for receiving from an OCSP client an OCSP request message at an OCSP responder in the set of OCSP responders; and
means for returning to the OCSP client an OCSP response message comprising a group digital signature. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification