Cryptography – Particular algorithmic function encoding – Nbs/des algorithm
Patent
1995-10-26
1997-11-11
Cangialosi, Salvatore
Cryptography
Particular algorithmic function encoding
Nbs/des algorithm
380 30, H04L 900
Patent
active
056872356
ABSTRACT:
The present invention is an improved certificate revocation process that improves the efficiency of an authentication exchange in a public key distributed network system. Specifically, the present invention includes a novel revocation service (RS) that, in response to a unique request from a server node, selects certain revoked certificates from a current CRL to include in its reply so as to consume minimal system bandwidth. The unique request includes a number of parameters for consideration by the RS in generating its reply, including a maximum CRL size and/or a timestamp. The maximum CRL size indicates the largest number of revoked certificate serial numbers that the server node can process and thus receive in the revocation service reply, whereas the timestamp indicates the latest certificate revocation date of the certificates included in the CRL presently retained by the server node. Significantly, the RS generates an optimal CRL for its reply that contains all, part, or none of the current CRL revoked certificate serial numbers. Determination of the optimal CRL entails consideration of any number and combination of optimization factors, including the number of revoked certificates stored in the CRL storage facility and the time remaining before the current CRL is to be updated by a certificate authority (CA), the expiration date of the certificates, as well as the maximum CRL size and/or timestamp parameters provided to the RS in the server node request. The server node may control whether it will receive an optimal CRL and if so, what portion of the current CRL it will include by manipulating the parameters it provides to the RS. This enables each server node to request the CRL based upon its own specific security needs while optimizing the certificate revocation process. Further, the RS and/or server node may discard certificate serial numbers as their expiration dates come to pass.
REFERENCES:
patent: 5261002 (1993-11-01), Perlman et al.
patent: 5371794 (1994-12-01), Piffie et al.
patent: 5418854 (1995-05-01), Kaufman et al.
patent: 5481613 (1996-01-01), Ford et al.
patent: 5535276 (1996-07-01), Ganesan
Technical Corrigenda to Rec. X.500/ISO/IEC 9594 resulting from Defect Reports 9594/128 by ISO/IEC JTC 1/SC 21/WG4 and ITU-T Q15/7 Collaborative Editing Meeting on the Directory, Ottawa, Canada, Jul. 1995.
Draft Amendments DAM 4 to ISO/IEC 9594-2, DAM 2 to ISO/IEC 9594-6, DAM 1 to ISO/IEC 9594-7, and DAM 1 and ISO/IEC 9594-8 on Certificate Extension by ISO/IEC 1/SC 21/WG4 and ITU-T Q15/7 Collaborative Editing Meeting on the Directory, Ottawa Canada, Jul. 1995.
Carter Tammy G.
Perlman Radia J.
Reed Edwards E.
Cangialosi Salvatore
Novell Inc.
LandOfFree
Certificate revocation performance optimization does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Certificate revocation performance optimization, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Certificate revocation performance optimization will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1235139