Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1998-10-14
2001-11-20
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S168000
Reexamination Certificate
active
06321333
ABSTRACT:
RELATED APPLICATIONS
“Efficient Digital Data Encoding in a Data Processing System,” is a co-pending application assigned to the assignee of the present application, serial number 1126P, filed Sep. 30, 1998.
FIELD OF THE INVENTION
The present invention relates to electronic transactions in a computer system and more particularly to efficiently processing digital certificates for the electronic transactions in a secure environment within the computer system.
BACKGROUND OF THE INVENTION
Computer networks have emerged as a principal medium for conducting electronic commerce and other types of electronic transactions. However, computer networks provide an environment which is fraught with security breaches that allow computer hackers or rogue programs to compromise the integrity and validity of digital data processing applications including electronic transactions. As a result, electronic transaction protocols and digital certificate technologies have emerged for entity authentication purposes.
For example, electronic commerce transaction protocols utilize message construction methods for encoding the messages. Typically, these methods are transparent to the operating environment and allow encoding of messages to occur uniformly without regard to the type of operating system within a particular computer system. One such method, known as Tag-Length-Value (TLV) encoding, is described in co-pending application Serial No. (1126P), entitled “Efficient Digital Data Encoding in a Data Processing System,” filed Sep. 30, 1998, and assigned to the assignee of the present application.
Digital certificates are commonly used in digital data processing applications, including multi-party electronic transactions, as a mechanism for verifying the identity of entities which use them. Entities use their given identities in communicating with each other when participating in electronic transactions, including electronic commerce.
Digital certificate technology commonly uses a hierarchical organization of digital certificates in which a root certificate ranks at the top and other digital certificates rank below it. In this hierarchical organization, each digital certificate is signed by an issuer which ranks above it. The issuers certificate, in turn, is signed by its issuer who ranks above it. This mechanism goes up the chain of hierarchy to the root certificate which is a self-signed certificate. The signing of digital certificates is akin to authorization of the digital certificates. The root certificate is commonly trusted by all entities which use the certificate hierarchy that the root presides over.
Verifying a chain of digital certificates up to the root certificate is known as certificate chain verification. In a conventional digital certificate technology based system the certificate chain verification must be performed every time a digital certificate is received thereby. To verify digital certificates, conventional data processing environments utilizes significant amounts of memory space and consume numerous processor cycles. The more complex the digital certificate hierarchy is, the more resources the certificate chain verification consumes.
Hence, what is needed is a method and system for efficient digital certificate processing which overcomes the above-described deficiencies of conventional data processing systems. Moreover, a method and system is needed for efficient certificate processing which is safeguarded against attack by unauthorized participants and rogue programs. Furthermore, the system and method for efficient digital certificate processing needs to be easily implemented in a cost effective manner. These needs are addresses by the present invention as set forth herein below.
SUMMARY OF THE INVENTION
The present invention is directed toward efficient digital certificate processing. In one aspect a system for efficient digital certificate processing comprises a computer and a secure certificate cache coupled to a computer. The secure certificate cache stores pre-verified digital certificates.
In a second aspect, a method for efficient digital certificate processing in a data processing system comprises providing a secure certificate cache and receiving a digital certificate. The method further includes determining if the digital certificate is within the secure certificate cache. The method finally includes verifying the validity of the digital certificate if the digital certificate is within the secure certificate cache.
The system and method in accordance with the present invention provides efficient processing of digital certificates in that it advantageously avoids unnecessary repetitive verification of commonly used digital certificates and also requires less memory to verify a certificate chain than conventional systems. Pre-verified digital certificates are maintained in the secure certificate cache to facilitate accelerated certificate chain validation and avoid repeat verification in the future.
REFERENCES:
Menezes, “Handbook of Applied Cryptography”, 1996, sec. 13.6.3, 13.4.5, 13.6.2.
Baker & Botts L.L.P.
Peeso Thomas R.
Wave Systems Corporation
LandOfFree
Efficient digital certificate processing in a data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Efficient digital certificate processing in a data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Efficient digital certificate processing in a data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2599409