Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1997-12-18
2002-11-26
Hayes, Gail (Department: 2766)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
Reexamination Certificate
active
06487658
ABSTRACT:
TECHNICAL FIELD
The present invention relates generally to secure communications and more particularly to schemes for certificate management.
BACKGROUND OF THE INVENTION
In a digital signature scheme, each user U chooses a signing key SKu and a matching verification key, PKu. User U uses SKu to compute easily his digital signature of a message m, SIGu(m), while anyone knowing that PKu is U's public key can verify that SIGu(m) is U's signature of m. Computing the signature SIGu(m) without knowing SKU is practically impossible. On the other hand, knowledge of PKu does not give any practical advantage in computing SKu. For this reason, it is in U's interest to keep SKu secret (so that only he can digitally sign for U) and to make PKu as public as possible (so that everyone dealing with U can verify U's digital signatures). Indeed, SKu is often referred to as U's secret key, and PKu as U's public key.
Note that, to verify that SIGu(m) really is the digital signature of user U for the message m, not only should a verifier know PKU, but he should also know that PKu really is U's public key. Thus, to ensure the smooth flow of business and communications in a world with millions of users, users' public keys are digitally certified by proper authorities to belong to their legitimate users.
At the same time, it is also necessary to revoke some previously issued certificates (e.g., because the secret key corresponding to a given certified public key has been compromised). Unfortunately, this may not be easy. Indeed, a digital certificate cannot just be “taken away:” such a certificate is, in essence, a number, and arbitrarily many copies of it may be made and illegitimately used. Current public-key infrastructures (PKIs) rely on Certificate Revocation Lists (CRLs) for handling certificate revocation. Unfortunately, CRLs are not very efficient in several scenarios.
BRIEF SUMMARY OF THE INVENTION
A more efficient public-key infrastructure is provided by providing new technologies for convenient, secure, and cost-effective certificate revocation. To do this, we present three types of contributions:
1. We identify a structural problem potentially affecting traditional CRL-based PKIs , and suggesting a variety of ways for fixing it. Essentially we show that, in prior systems, an untrusted Directory cannot answer certain legitimate queries, leaving the systems vulnerable to denial-of-service attacks. Our fixes to this structural problem are quite simple to implement and do not require significant costs.
2. We suggest various improvements to traditional CRL design that yield certificate revocation systems more efficient than the original ones. These improvements do not dismiss CRL constructs, but optimize them (by simply adopting better encodings, utilizing a suitable subset of information, etc.).
3. We put forward totally new systems for certificate revocation that are much more efficient than traditional ones. These systems do not rely on CRLs at all.
REFERENCES:
patent: 5005200 (1991-04-01), Fischer
patent: 5261002 (1993-11-01), Perlman et al.
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5371794 (1994-12-01), Diffie et al.
patent: 5450493 (1995-09-01), Maher
patent: 5537475 (1996-07-01), Micali
patent: 5551027 (1996-08-01), Choy et al.
patent: 5604804 (1997-02-01), Micali
patent: 5606617 (1997-02-01), Brands et al.
patent: 5659616 (1997-08-01), Sudia
patent: 5659617 (1997-08-01), Fischer
patent: 5666416 (1997-09-01), Micali
patent: 5677955 (1997-10-01), Doggett et al.
patent: 5687235 (1997-11-01), Perlman et al.
patent: 5699431 (1997-12-01), Van Oorschot et al.
patent: 5717757 (1998-02-01), Micali
patent: 5717758 (1998-02-01), Micali
patent: 5748738 (1998-05-01), Bisbee et al.
patent: 5774552 (1998-06-01), Grimmer
patent: 5793868 (1998-08-01), Micali
patent: 5826262 (1998-10-01), Bui et al.
patent: 6097811 (2000-08-01), Micali
A Dictionary of Modern Legal Usage,Oxford Univeristy Press 1987, p. 930.
Applied Crypotography by Bruce Schneier, 2nd edition, pp. 573-577, Oct. 1995.
Escrowed Encryption Standard (EES) FIPS Pub. 185, Feb. 9, 1994.
Farrell, S., et al., “Internet Public Key Infrastructure Part III: Cartificate Management Protocols,” Dec. 1996, published on the World Wide Web, 83 printed pages.
Menezes, A.J.,Handbook of Applied Cryptography,1996, pp. 566, 576-577, 588-589, 706, 716, 721, 728-729, 737 and 751.
International Search Report from PCT/US96/17374 dated Feb. 19, 1997, 5 pages.
Toward a national public key infrastructure,IEEE Communications Magazine, Sep. 1994, vol. 32, No. 9, ISSN 0163-6804, pp. 70-74.
The Digital Distributed System Security Architecture,Proceedings of the 12thNational Computr Security Conference, 1989, pp. 305-319.
Rivest, Ronald et al, “SDSI—A Simple Distributed Security Infrastructure,” Sep. 15, 1996, published on the World Wide Web.
Chaum, D., “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,”Communications of the ACM,vol. 24, No. 2, Feb. 1981, pp. 84-88.
Gennaro, Rosario et al., “Robust Threshold DSS Signatures,” Abstract fromEuroCrypt '96.
CygnaCom Solutions, Inc., “Federal Public Key Infrastructure (PKI) Technical Specifications Part D—Interoperability Profiles, ”Published on the World Wide Web, Sep. 27, 1995, 91 pages.
Nazario, N., Federal Public Key Infrastructure (PKI) Version 1 Technical Specifications: Part B—Technical Security Policy, Published on the World Wide Web, Mar. 13, 1996, 20 pages.
Polk, W., editor, “Federal Public Infrastructure (PKI) Technical Specifications (Version 1) Part A: Requirements,” Published on the World Wide Web, Dec. 6, 1996, 18 pages.
Ford, Warwick, “A Public Key Infrastructure for U.S. Unclassified but Sensitive Applications,” Published on the World Wide Web, Sep. 1, 1995, 93 pages.
Chokhani, Santosh et al., “Certificate Policy and Certification Practice Statement Framework”, Published on the World Wide Web, Nov. 3, 1996.
Burr, William E. et al., “A Proposed Federal PKI Using X.509 V3 Certificates,” Published on the World Wide Web.
Burr, W. E., “Public Key Infrastructure (PKI) Technical Specifications (Version 1): Part C—Concept of Operations,” Published on the World Wide Web, Feb. 12, 1996, 30 pages.
Ford, Warwick, “Public-Key Infrastructure Standards,” Published on the World Wide Web, Oct. 1996, 15 pages.
Polk, William T., “Minimum Interoperability Specifications for PKI Components,” Published on the World Wide Web, Nov. 1996.
Chokhani, Santosh, “Security Considerations in Using X.509 Certificates,” Published on the World Wide Web.
Dodson, Donna F., “NIST PKI Implementation Projects,” Published on the World Wide Web.
Burr, William, “A Proposed Federal PKI Using X.509 V3 Certificates: The NISSC Presentation,” published on the World Wide Web.
Nazario, Noel et al., “Management Model for the Federal Public Key Infrastructure,” published on the World Wide Web, Oct. 24, 1996.
Nazario, Noel A., “Security Policies for the Federal Public Key Infrastructure,” published on the World Wide Web, Oct. 24, 1996.
Burr, William, et al., “MISPC: Minimum Interoperability Specifications for PKI Components,” Published on the World Wide Web, Dec. 2, 1996.
Choate Hall & Stewart
Corestreet Security, Ltd.
Di Lorenzo Anthony
Hayes Gail
LandOfFree
Efficient certificate revocation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Efficient certificate revocation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Efficient certificate revocation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2950042