Certificate revocation notification systems

Download PDF
3 downloads 155209 Views 3MB Size Report
Comment
Sep 24, 2004 - con?rming the status of a digital signature and other data.” ..... 6:00 PM v4kn. [0072] All ?elds in each roW other than the App Server. Name are ...
US 20050114653A1

(19) United States (12) Patent Application Publication (10) Pub. No.: US 2005/0114653 A1 (43) Pub. Date:

Sudia (54) CERTIFICATE REVOCATION Frank W. Sudia, San Francisco, CA

?led on Aug. 6, 1999. Provisional application No. 60/149,315, ?led on Aug. 17, 1999. Provisional appli cation No. 60/154,088, ?led on Sep. 15, 1999. Pro visional application No. 60/ 168,002, ?led on Nov. 30,

(Us)

1999.

NOTIFICATION SYSTEMS

(76)

Inventor:

May 26, 2005

Correspondence Address: Patent Group

Publication Classi?cation

Choate, Hall & Stewart

(51)

Int. Cl.7 ..................................................... .. H04L 9/00

Exchange Place

(52)

US. Cl. ............................................................ .. 713/158

53 State Street

Boston, MA 02109-2804 (US)

(21) Appl. No.:

10/949,713

(22) Filed:

Sep. 24, 2004

(57)

A revocation noti?cation system for a public key certi?cate and associated method are provided. At the time of issuance,

Related US. Application Data

(63) (60)

ABSTRACT

Continuation of application No. 09/617,050, ?led on Jul. 14, 2000. Provisional application No. 60/143,852, ?led on Jul.

15, 1999. Provisional application No. 60/147,696,

a CA requests and receives from an independent revocation service provider entity a THV corresponding to an IRV under the sole control of said revocation service provider. It

then embeds such THV into the public key certi?cate and

digitally signs the public key certi?cate With a private key. An entity requests revocation from the revocation service provider. The revocation service provider ceases publication of valid PFI updates for the public key certi?cate.

Application to Secure E-Mail X.509v3 CAI Certi?cate Authority

CA Name

Can also support

Serial Number

Generate and store IRV Hash forward 365 times

Plaoe THV In certi?cate

Subject Name

* 2.|-|°ur|y

Subject Public Key

" ggr'rvrlly t

. .

.

'

validity pen-0d

CA publishes

PFI Extension [THV]

"next" value

-

lTHVITer-rninalttashVelue _

inu es

'- 10 Minutes ‘l

Signature

PFI = periodic freshness

indicator

Relying Party

Delivery or Retrieval Message or Transaction

Signer I Sender Subscriber

K.“

Sender retrieves PFI value Places in signature block Signs and sends message

1 public key operation is equivalent to (approx) 10.000 hash operations. D

Recipient performs no

Sig-Block r

online communication.

- Signature

Receive and verify signature Extract PFI from sig block Hash forward D days

Compare _wlth THV from cert

(c) F.Sudia, 6-28-99

Patent Application Publication May 26, 2005 Sheet 4 0f 4

US 2005/0114653 A1

m

BONMEP u>E2