Processing

Please wait...

PATENTSCOPE will be unavailable a few hours for maintenance reason on Saturday 31.10.2020 at 7:00 AM CET
Settings

Settings

Goto Application

1. WO2012059794 - METHOD AND APPARATUS FOR PROVIDING EFFICIENT MANAGEMENT OF CERTIFICATE REVOCATION

Publication Number WO/2012/059794
Publication Date 10.05.2012
International Application No. PCT/IB2010/055047
International Filing Date 05.11.2010
IPC
H04W 12/06 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
06Authentication
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04W 12/04 2009.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
04Key management
CPC
H04L 63/0823
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
0823using certificates
H04L 63/20
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
20for managing network security; network security policies in general
H04L 9/3268
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3263involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
3268using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Y04S 40/20
YSECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
40Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
20Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Applicants
  • NOKIA CORPORATION [FI]/[FI] (AllExceptUS)
  • NOKIA, INC. [US]/[US] (LC)
  • MASHATAN, Atefeh [CA]/[CH] (UsOnly)
  • AAD, Imad [LB]/[CH] (UsOnly)
  • CHAABOUNI, Rafik [CH]/[CH] (UsOnly)
  • NIEMI, Pentti Valtteri [FI]/[CH] (UsOnly)
  • VAUDENAY, Serge [FR]/[CH] (UsOnly)
Inventors
  • MASHATAN, Atefeh
  • AAD, Imad
  • CHAABOUNI, Rafik
  • NIEMI, Pentti Valtteri
  • VAUDENAY, Serge
Agents
  • THORSON, Chad L.
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND APPARATUS FOR PROVIDING EFFICIENT MANAGEMENT OF CERTIFICATE REVOCATION
(FR) PROCÉDÉ ET APPAREIL DE FOURNITURE D'UNE GESTION EFFICACE DE RÉVOCATION DE CERTIFICATS
Abstract
(EN)
A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided. A method for certificate authorities (CA) that use Bloom filters for certificate revocation list (CRL) compression that enables the CA to hash only the entry that is to be un-revoked so that a good compression rate may be provided while avoiding computation of the entire CRL for each un-revocation.
(FR)
La présente invention porte sur un procédé destiné à fournir une gestion efficace de la révocation de certificats comprenant la mise en mémoire d'une liste d'identifiants de certificats numériques contenant une liste de révocation définissant une liste de certificats révoqués dans un accumulateur, la mise en mémoire d'une valeur témoin associée à au moins certaines entrées de la liste de révocation, la valeur témoin fournissant une preuve de l'appartenance ou de la non-appartenance d'un identifiant à la liste de révocation, l'activation de la génération d'un nouvel accumulateur et d'une nouvelle valeur témoin en réponse à chaque insertion ou suppression d'une entrée de la liste de révocation, et l'activation de mises à jour par lots de la liste de révocation au moyen d'une valeur de longueur de bit réduite générée en fonction d'un rapport d'une valeur générée en fonction d'éléments ajoutés à la liste de révocation sur une valeur générée en fonction d'éléments supprimés de la liste de révocation. Un appareil correspondant est également décrit. Un procédé d'autorités de certification (CA) qui utilisent des filtres de Bloom pour la compression d'une liste de révocation de certificats (CRL) afin de permettre au CA le hachage d'uniquement l'entrée qui doit être dé-révoquée de sorte qu'un bon taux de compression puisse être fourni tout en évitant le calcul de la totalité de la CRL pour chaque dé-révocation.
Also published as
Latest bibliographic data on file with the International Bureau