-
公开(公告)号:US08041943B2
公开(公告)日:2011-10-18
申请号:US12223642
申请日:2006-10-03
IPC分类号: H04L9/00
CPC分类号: G06F21/31 , H04L9/3268
摘要: A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included.
摘要翻译: 一种用于在验证证书中强制使用证书吊销列表的方法,该列表与一系列列表生成索引相关联,使得每个列表被分配一个根据列表生成时间而前进的索引,列表和索引为 所述方法包括接收一个列表和相关联的索引作为一个列表的标识符,根据列表检查证书,将已经检查的每个证书与列表相关联,并将其与索引相关联, 与最新使用的列表相关联的执行生成索引(EGI),将EGI存储为最后一个已知的EGI,并且如果一个证书的一个索引比最后一个已知的EGI更早,则拒绝执行与证书相关联的动作 EGI。 还包括相关的装置和方法。
-
公开(公告)号:US20090113206A1
公开(公告)日:2009-04-30
申请号:US12223642
申请日:2006-10-03
IPC分类号: G06F21/20
CPC分类号: G06F21/31 , H04L9/3268
摘要: A method for enforcing use of certificate revocation lists in validating certificates, the lists being associated with a series of list generation indices such that each list is assigned one index which advances according to a time of generation of the list, the lists and the indices being cryptographically signed, the method including receiving one of the lists and an associated index as an identifier of the one list, checking the certificates against the list, associating each of the certificates, which have been checked against the list, with the index, receiving an enforcement generation index (EGI) associated with a latest list in use, storing the EGI as a last known EGI, and refusing performance of an action associated with a certificate if the one index of the one certificate is earlier in the series than the last known EGI. Related apparatus and methods are also included.
摘要翻译: 一种用于在验证证书中强制使用证书吊销列表的方法,该列表与一系列列表生成索引相关联,使得每个列表被分配一个根据列表生成时间而前进的索引,列表和索引为 所述方法包括接收一个列表和相关联的索引作为一个列表的标识符,根据列表检查证书,将已经检查的每个证书与列表相关联,并将其与索引相关联, 与最新使用的列表相关联的执行生成索引(EGI),将EGI存储为最后一个已知的EGI,并且如果一个证书的一个索引比最后一个已知的EGI更早,则拒绝执行与证书相关联的动作 EGI。 还包括相关的装置和方法。
-