Certificate revocation notification systems
4 Assignments
0 Petitions
Accused Products
Abstract
A revocation notification system for a public key certificate and associated method are provided. At the time of issuance, a CA requests and receives from an independent revocation service provider entity a THV corresponding to an IRV under the sole control of said revocation service provider. It then embeds such THV into the public key certificate and digitally signs the public key certificate with a private key. An entity requests revocation from the revocation service provider. The revocation service provider ceases publication of valid PFI updates for the public key certificate.
174 Citations
2 Claims
-
1. (canceled)
-
2. A method of managing revocation status for public key certificates, comprising:
-
determining an initial random value;
applying a one-way hash function N times to the initial random value to obtain a final hashed value;
a certificate authority issuing a public key certificate that includes the final hashed value digitally signed by the certificate authority;
a third party receiving the digital certificate and a first periodic freshness indicator at a first time T1;
the third party applying the one-way hash function to the first periodic freshness indicator M times to obtain a first final value and caching intermediate results thereof, where M is a number of refresh intervals from the date of issuance of the digital certificate to T1;
the third party confirming that the digital certificate has not been revoked prior to T1 by confirming that the first final value equals the final hashed value of the digital certificate; and
in response to receiving a second periodic freshness indicator at a time T2 that is after T1, the third party using one of the cached intermediate values corresponding to T2 to confirm that the certificate has not been revoked prior to T2.
-
Specification