发明授权
- 专利标题: Method and apparatus improving efficiency of end-user certificate validation
- 专利标题(中): 提高最终用户证书验证效率的方法和设备
-
申请号: US09715350申请日: 2000-11-17
-
公开(公告)号: US07290133B1公开(公告)日: 2007-10-30
- 发明人: David Montgomery
- 申请人: David Montgomery
- 申请人地址: CA Ottawa, Ontario
- 专利权人: Entrust Limited
- 当前专利权人: Entrust Limited
- 当前专利权人地址: CA Ottawa, Ontario
- 代理机构: Vedder, Price, Kaufman & Kammholz, P.C.
- 主分类号: H04L9/00
- IPC分类号: H04L9/00 ; G06F15/16 ; G06F17/00
摘要:
An apparatus and method collects, for a community of interest, at least one cross certificate associated with an anchor certificate issuing unit, and obtains at least one certificate issuing unit public key and an associated unique identifier for a cross-certified certificate issuing unit identified by the at least one cross certificate. For example, a certificate issuing unit, client unit, or other suitable unit, searches for one or up to all certification authorities or certificate issuing units that it can trust based on cross certificate chains. This is done, for example, from a given trust anchor. The apparatus selects those obtained certificates that satisfy, for example, some search criteria, such as what policy must be enforced in each certificate, for example, the allowed path length or depth that the apparatus is allowed to evaluate, and creates a signed certificate set, such as a list of all trusted certificate issuing units from the perspective of a given trust anchor. Accordingly, the apparatus and method creates a signed certificate set identifying certificate issuing units determined to be trusted by the anchor certificate issuing unit based on the cross certificates that the apparatus obtained. The signed certificate set includes at least a unique identifier of each trusted certificate issuing unit, such as the distinguished name (DN) of the certificate issuing unit, and public key of each trusted certificate issuing unit.
信息查询