WO2007096858A2 - Efficient certificate revocation - Google Patents

Efficient certificate revocation Download PDF

Info

Publication number
WO2007096858A2
WO2007096858A2 PCT/IL2006/000261 IL2006000261W WO2007096858A2 WO 2007096858 A2 WO2007096858 A2 WO 2007096858A2 IL 2006000261 W IL2006000261 W IL 2006000261W WO 2007096858 A2 WO2007096858 A2 WO 2007096858A2
Authority
WO
WIPO (PCT)
Prior art keywords
certificates
certificate
devices
component
components
Prior art date
Application number
PCT/IL2006/000261
Other languages
French (fr)
Other versions
WO2007096858A3 (en
Inventor
Erez Waisbard
Reuben Sumner
Original Assignee
Nds Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nds Limited filed Critical Nds Limited
Priority to PCT/IL2006/000261 priority Critical patent/WO2007096858A2/en
Publication of WO2007096858A2 publication Critical patent/WO2007096858A2/en
Publication of WO2007096858A3 publication Critical patent/WO2007096858A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to digital certificates, and in particular relates to a system and method of efficient digital certificate revocation.
  • systems often include different devices that implement substantially the same functionality.
  • STBs set-top boxes
  • different mobile telephones may have different hardware and/or software including drivers, players and operating systems.
  • Fig. 1 is a partly pictorial, partly block diagram view of a digital certificate system 10.
  • the digital certificate system 10 includes a root certificate authority 12 having a root certificate 14.
  • the root certificate authority 12 issues leaf certificates 16 to a plurality of devices 18.
  • the devices 18 include various combinations of hardware and software for example, OSl, OS2, HWl and HW2.
  • the devices 18 are mobile telephones. If an exploit (security hole) is discovered in one of the components, for example, FfWl, then the digital certificate system 10 needs to revoke the leaf certificates 16 of the devices 18 having HWl as one of the components. Revocation is typically performed by adding the revoked certificates to a certificate revocation list 20, which is made available for inspection and/or circulation.
  • the leaf certificates 16 of the devices 1, 3, 4, 5, and 8 are revoked. It will be appreciated that in a real-life scenario there may be many thousands, if not millions, of devices which may need to be revoked. Therefore, the system used in Fig. 1 is generally impractical in most scenarios.
  • the present invention seeks to provide an efficient certificate revocation system.
  • the system of the present invention in preferred embodiments thereof, includes a digital certificate issuing subsystem to issue each device with a certificate chain which is based on the major components that are prone to be exploited, for example, the hardware and software components.
  • the certificate chain of each device includes at least one component certificate disposed between a root certificate and a device-specific leaf certificate. If an exploit (security hole) is discovered relating to a particular component of the devices, then one or more of the component certificates are revoked instead of the individual device-specific leaf certificates:
  • the system only adds a single entry to a certificate revocation list in order to invalidate the certificate chains of all the problematic devices.
  • the system adds two or more entries to the certificate revocation list in order to invalidate the certificate chains of all the problematic devices.
  • the required number of entries needed in the certificate revocation list is generally substantially less than would be required if the individual device-specific leaf certificates were revoked.
  • the number of entries needed in the certificate revocation list is generally less than number of exploited devices.
  • a digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common
  • the system including a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including a root certificate associated with the root certificate authority, a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and a plurality of component certificates issued by the root certificate authority, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates
  • the system includes a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component.
  • the digital certificate revocation subsystem revokes the component certificates by adding at least two different entries to a certificate revocation list.
  • digital certificate issuing subsystem includes a plurality of intermediate certificate authorities, each of the component certificates being issued to one of the intermediate certificate authorities, each of the intermediate certificate authorities issuing the leaf certificates to devices having at least two of the components in common.
  • each of the intermediate certificate authorities is a virtual certificate authority.
  • the software components include an operating system.
  • the software components include a device driver. Additionally in accordance with a preferred embodiment of the present invention the software components include a media player.
  • a digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common
  • the system including a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including a root certificate associated with the root certificate authority, a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and a plurality of component certificates, the certificate chain of each of the devices including at least two of the component certificates between the root certificate and an associated one of the leaf certificates, each of the
  • the system includes a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component. Further in accordance with a preferred embodiment of the present invention the digital certificate revocation subsystem revokes the component certificates by adding a sole entry to a certificate revocation list.
  • the certificate chain of each of the devices with at least one of the components in common includes one of the component certificates having a same public key.
  • the software components include an operating system. Moreover in accordance with a preferred embodiment of the present invention the software components include a device driver.
  • the software components include a media player.
  • a digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method including issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including issuing a root certificate associated with a root certificate authority, issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and issuing a plurality of component certificates, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates, different component certificates being issued for the devices having different combinations of the components.
  • the method includes invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component.
  • a digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method including issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including issuing a root certificate associated a the root certificate authority, issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and issuing a plurality of component certificates, the
  • the method includes invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component.
  • Fig. 1 is a partly pictorial, partly block diagram view of a digital certificate system
  • Fig. 2 is a partly pictorial, partly block diagram view of a digital certificate system constructed and operative in accordance with a preferred embodiment of the present invention
  • Fig. 3 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system of Fig. 2;
  • Fig. 4 is a partly pictorial, partly block diagram view of a digital certificate system constructed and operative in accordance with an alternative preferred embodiment of the present invention
  • Fig. 5 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system of Fig. 4;
  • Fig. 6 is a block diagram view of a digital certificate management system constructed and operative in accordance with a preferred embodiment of the present invention
  • Fig. 7 is a flow chart showing a preferred method of operation of the system of Fig. 6;
  • Fig. 8 is a flow chart showing an alternative preferred method of operation of the system of Fig. 6.
  • Fig. 2 is a partly pictorial, partly block diagram view of a digital certificate system 22 constructed and operative in accordance with a preferred embodiment of the present invention.
  • the digital certificate system 22 issues a root certificate 24, typically associated with a root certificate authority (not shown).
  • the digital certificate system 22 preferably includes a plurality of devices 26 (devices Dl to DlO).
  • Each of the devices 26 typically includes a plurality of components, shown as OSl (operating system 1), OS2 (operating system 2), HWl (hardware 1) or HW2 (hardware 2) in Fig. 2.
  • the components typically include: at least two hardware components; or at least two software components; or at least one hardware component and at least one software component. Some of the devices have different combinations of the components while having at least one of the components in common.
  • the device Dl includes OSl and HWl
  • device D2 includes OSl and HW2. Therefore, the device Dl and the device D2 have a common operating system (OSl) but different hardware (HWl for the device Dl and HW2 for the device D2).
  • the components identified for the devices 26 are those components which are most likely to be exploited.
  • the devices typically include other hardware and/or software elements. However, the other elements are not shown nor considered as they are less likely to be exploited.
  • the devices 26 are described as having two components (most likely to be exploited). However, it will be appreciated by those ordinarily skilled in the art that each of the devices 26 can include more than two components.
  • Each of the devices 26 is typically issued with a certificate chain 28 extending from the root certificate 24 to a device-specific leaf certificate 30.
  • the certificate chain 28 also includes a plurality of component certificates 32. For the sake of simplicity, only the certificate chain 28 of device Dl has been labeled.
  • the leaf certificate 30 for each device 26 is unique, such that revocation of any one leaf certificate 30 only results in invalidating the certificate chain 28 for the single device 26 associated with the revoked leaf certificate 30.
  • the component certificates 32 are preferably not unique.
  • Each of the certificate chains 28 typically includes a component certificate for each of the components of the corresponding device 26. So therefore, device Dl, which includes OSl and HWl, includes a component certificate for OSl and a component certificate for HWl.
  • the same component certificates 32 are repeated as necessary across the certificate chains 28.
  • Devices having at least one component in common also have at least one component certificate in common.
  • the component certificates are "common" for revocation purposes and not necessarily identical in all other aspects. The aspect of revocation is described in more detail below.
  • the certificate chains 28 of all the devices 26 having the particular component are invalidated by revoking the component certificates 32 relating to the problematic component.
  • Revocation is typically performed by adding identifying details to a certificate revocation list 34.
  • a root certificate authority which issues certificates to a plurality of intermediate certificate authorities (ICAs).
  • the ICAs in turn either issue certificates to leaf devices or to another lower level of ICAs.
  • Each certificate in the certificate chain is identified by the issuer of the certificate and by a serial number which is typically related to the public key of the certificate holder. The serial number is typically used for revoking certificates.
  • the ICAs are generally virtual entities whereby the component certificates 32 and the leaf certificates 30 are all issued by a single entity for example, the RCA (not shown).
  • the virtual entities are necessary in order to maintain the links in the certificate chains 28 (for example, for validation purposes). Therefore, for each certificate the issuing entity is identified as the entity above the certificate in the certificate chain 28.
  • the leaf certificate Dl is identified as being issued by a virtual ICA holding the component certificate HWl.
  • the component certificate HWl is identified as being issued by a virtual ICA holding the component certificate OS 1. It is seen that the component certificates 32 representing the same component may be issued by different virtual ICAs.
  • the certificate chain 28 of the device Dl has the component certificate HWl which was issued, or deemed issued, by the virtual ICA holding the component certificate OSl
  • the certificate chain 28 of the device D4 has the component certificate HWl which was issued, or deemed issued, by the virtual ICA holding the component certificate OS2. Therefore, the component certificate HWl of the device Dl has a different virtual issuer than the component certificate HWl of the device D4.
  • both the component certificates 32 associated with component HWl of the device Dl and the device D4 are identified as being issued by different virtual entities, both the component certificates 32 associated with component HWl have the same serial number and the same public key. Therefore, both the component certificates 32 associated with component HWl can typically be revoked by adding a single entry in the certificate revocation list 34 listing the serial number of the revoked certificates.
  • all component certificates 32 associated with the problematic component are preferably revoked by adding a single (or sole) entry in the certificate revocation list 34.
  • a single entry or sole entry is defined as an entry which identifies a single serial number and/or public key in order to revoke one or more digital certificates.
  • FIG. 3 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system
  • FIG. 3 shows a hierarchical structure 36 which appropriately groups the devices 26 having common components. However, it should be noted that Fig.
  • Fig. 4 is a partly pictorial, partly block diagram view of a digital certificate system 38 constructed and operative in accordance with an alternative preferred embodiment of the present invention.
  • the digital certificate system 38 is substantially the same as the digital certificate system 22 except for the differences described below.
  • the certificate chain 28 of each device 26 preferably includes a single component certificate 44 disposed between the root certificate 24 and the leaf certificate 30. For the sake of simplicity, only the certificate chain 28 of device Dl has been labeled.
  • the component certificates 44 are typically not unique. Each of the certificate chains 28 typically includes a single component certificate 44 associated with all of the components of the corresponding device 26. So therefore, device Dl, which includes components OSl and HWl, includes a component certificate 44 associated with components OSl and HWl in a single certificate. The same component certificates 44 are typically repeated as necessary across the certificate chains 28. Devices having the same components in common have component certificates in common. It should be noted that the component certificates are "common" for revocation purposes and not necessarily identical in all other aspects. If an exploit is discovered relating to a particular component, then the certificate chains 28 of all the devices 26 having the particular component are invalidated by revoking the. component certificates 44 associated with the problematic component. Revocation is typically performed by adding identifying details to a certificate revocation list 46. Revocation typically requires adding two or more entries in the certificate revocation list 46, each entry relating to a certificate serial number and/or public key.
  • HWl is identified as a problematic component. Therefore, the component certificates OSl /HWl and OS2/HW1 are revoked. In other words, all the component certificates 44 including the problematic component HWl are revoked.
  • the component certificates 44 are issued with shorter expiry dates than the expiry dates of the leaf certificates 30.
  • the component certificates 44 are issued with expiry dates such that the component certificates 44 need to be renewed regularly, for example, but not limited to, daily renewal.
  • the leaf certificates 30 are given very long expiry dates for example, one year from the issue date.
  • the component certificates 44 of OS1/HW1 and OS2/HW1 are simply not renewed without having to perform a revocation operation. In some environments it may be preferable to avoid revocation as much as possible by issuing the component certificates 44 with very short expiration dates.
  • the leaf certificate expiration is the effective expiration of the entire certificate chain and that it is forbidden for a certificate authority (CA) to sign a certificate which has an expiration date later than the expiration date of the signing CA.
  • CA certificate authority
  • the second alternative preferred . embodiment of the present invention generally requires that: an intermediate CA can sign a certificate which has an expiration date which is later than the expiration date of the current certificate held by the signing intermediate CA; and the effective expiration date of the certificate chain is typically the earliest expiration date of all the certificates in the certificate chain.
  • the second alternative preferred embodiment of the present invention requires that no check be performed on the relative expiration dates of elements of the certificate chain as an issuing CA is allowed to issue certificates having a longer expiry date than the expiry date of the certificate of the issuing CA itself.
  • a system including an intermediate certificate authority issuing certificates having a longer expiry date than the expiry date of the certificate of the issuing CA itself is described in PCT Application Serial Number IL2005/000957 of NDS Limited, filed 8 September 2005 which has been incorporated herein by reference.
  • FIG. 5 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system 38 of Fig. 4.
  • Fig. 4 shows a hierarchical structure 48 formed by appropriately grouping the devices 26 having all components in common.
  • Fig. 5 is only an alternative pictorial representation of the system 38 of Fig. 4.
  • the certificate structure of the digital certificate system 22 or of the digital certificate system 38 is dynamic and can be rebuilt as necessary. For example, if an individual device 26 receives new or replacement components, such as the installation of a new driver or player, then the device- specific leaf certificate 30 of the specific device 26 needs to be revoked.
  • the specific device 26 needs to be associated with a new certificate chain 28, possibly requiring establishing new virtual ICAs, as well as issuing a new device-specific leaf certificate 30. .
  • the certificate structure may need to be revoked and rebuilt in part or in full as appropriate.
  • Fig. 6 is a block diagram view of a digital certificate management system 50 constructed and operative in accordance with a preferred embodiment of the present invention.
  • Fig. 7 is a flow chart showing a preferred method of operation of the system 50 of Fig. 6. Reference is also made to Fig. 2.
  • the digital certificate management system 50 preferably includes a digital certificate issuing subsystem 52 typically including a root certificate authority 54 and a plurality of intermediate certificate authorities 56. As described above with reference to Fig. 2, the intermediate certificate authorities 56 are typically virtual entities.
  • the digital certificate issuing subsystem 52 is preferably operative to issue a plurality of certificates such that a certificate chain 28 is formed for each of the devices 26.
  • the certificates generally include the root certificate 24 associated with the root certificate authority 54 (block 60), the component certificates 32, and associated with the devices 26, the leaf certificates 30.
  • the component certificates 32 are in two layers, a top layer 76 and a bottom layer 78.
  • the root certificates 24 in the top layer 76 are issued by the root certificate authority 54.
  • the component certificates 32 in the bottom layer 78 are issued, or deemed issued, by the intermediate certificate authorities 56 of the top layer 76 (block 62).
  • the leaf certificate 30 are issued, or deemed issued, by the intermediate certificate authorities 56 of the bottom layer 78 (block 64).
  • the leaf certificates 30 are uniquely associated with the devices 26 such that revocation of any leaf certificate 30 invalidates the certificate chain of only one device 26.
  • the certificate chain 28 of each of the devices 26 includes at least two of the component certificates 32 between the root certificate 24 and the associated leaf certificate 30 (block 62).
  • Each of the component certificates 32, in any one certificate chain 28, is associated with a different component of the device 26 associated with the certificate chain 28.
  • each of the component certificates 32, the leaf certificates 30 and the root certificate 24 are typically associated with a public key.
  • the certificate chain 28 of each of the devices 26 with at least one of the components in common preferably includes a component certificate 32 having the same public key and/or serial number. Therefore, even though component certificates 32 associated with the same component may not have completely identical characteristics, the public key and/or serial number of the component certificates 32 associated with the same component are generally the same. Therefore, the component certificates 32 associated with the same component are preferably revoked by adding a single entry to the certificate revocation list 34, described in more detail below.
  • the digital certificate management system 50 also preferably includes a digital certificate revocation subsystem 58 to invalidate the certificate chain 28 of each of the devices 26 having a selected (problematic) one of the components (block 66), HWl in Fig. 2. Invalidation of the certificate chain 28 is typically performed by revoking the component certificates 32 associated with the selected component by adding a sole entry to the certificate revocation list 34.
  • the software components typically include one or more of the following: an operating system, a device driver, and/or a media player.
  • an operating system typically includes one or more of the following: an operating system, a device driver, and/or a media player.
  • a device driver typically includes one or more of the following: an operating system, a device driver, and/or a media player.
  • any suitable software component may be used in the digital certificate management system 50.
  • Software components are typically categorized by version number, as well.
  • the hardware components are categorized as necessary, for example, by hardware type and specification, manufacturer, factory, worker, materials etc. It will be appreciated by those ordinarily skilled in the art that many other suitable types of hardware component categorization are possible.
  • Fig. 8 is a flow chart showing an alternative preferred method of operation of the system 50 of Fig. 6. Reference is also made to Figs. 4 and 6.
  • the digital certificate issuing subsystem 52 preferably issues the root certificate 24 (block 68), the component certificates 44 and the leaf certificates 30.
  • the root certificate authority 54 typically issues a single component certificate 44, to each of the intermediate certificate authorities 56, for the certificate chain 28 of each device 26 (block 70).
  • the intermediate certificate authorities 56 preferably issue the leaf certificate 30 for each device 26 (block 72). Therefore, each component certificate 44 is disposed between the root certificate 24 and an associated leaf certificate 30.
  • Different component certificates 44 are issued for the devices 26 having different combinations of the components.
  • the term "different component certificates”, as used in the specification and claims, is defined as component certificates having different public keys and/or serial numbers.
  • the digital certificate revocation subsystem 58 is typically operative to invalidate the certificate chain 28 of each of the devices 26 having a selected (problematic) one of the components, HWl in Fig. 4, by revoking the component certificates 44 associated with the devices 26 having the selected component by adding different entries to the certificate revocation list 46 (block 74) as necessary.
  • the term "different entries" as used in the specification and claims, is defined as entries having different serial numbers and/or public keys.
  • software components of the present invention may, if desired, be implemented in ROM (read only memory) form.
  • the software components may, generally, be implemented in hardware, if desired, using conventional techniques. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A digital certificate management system for managing certificates of devices having components, the system compi'ising a digital certificate issuing subsystem operative to issue certificates such that a certificate chain is formed for each of the devices, the certificat including a root certificate, a plurality of leaf certificates, and a plurality of component certificates, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates,~ differe component certificates being issued for the, devices having different combinations of the components. Related apparatus and method are also described.

Description

EFFICIENT CERTIFICATE REVOCATION
FIELD OF THE INVENTION
The present invention relates to digital certificates, and in particular relates to a system and method of efficient digital certificate revocation.
BACKGROUND OF THE INVENTION
By way of introduction, systems often include different devices that implement substantially the same functionality. For example, in a Pay TV system, different set-top boxes (STBs) come from different vendors, typically having different hardware and software components. By way of another example, in a mobile telephone network, different mobile telephones may have different hardware and/or software including drivers, players and operating systems.
Reference is now made to Fig. 1 which is a partly pictorial, partly block diagram view of a digital certificate system 10. The digital certificate system 10 includes a root certificate authority 12 having a root certificate 14. The root certificate authority 12 issues leaf certificates 16 to a plurality of devices 18. The devices 18 include various combinations of hardware and software for example, OSl, OS2, HWl and HW2. In the example of Fig. 1, the devices 18 are mobile telephones. If an exploit (security hole) is discovered in one of the components, for example, FfWl, then the digital certificate system 10 needs to revoke the leaf certificates 16 of the devices 18 having HWl as one of the components. Revocation is typically performed by adding the revoked certificates to a certificate revocation list 20, which is made available for inspection and/or circulation. Therefore, in the example, the leaf certificates 16 of the devices 1, 3, 4, 5, and 8 are revoked. It will be appreciated that in a real-life scenario there may be many thousands, if not millions, of devices which may need to be revoked. Therefore, the system used in Fig. 1 is generally impractical in most scenarios.
The following references are believed to represent the state of the ait: US Published Patent Application 2002/014905 ofPerlman; US Published Patent Application 2005/0144144 of Graff US Patent 6,880,081 to Itkis; and
PCT Application Serial Number IL2005/000957 of NDS Limited, filed 8 September 2005.
The disclosures of all references mentioned above and throughout the present specification, as well as the disclosures of all references mentioned in those references, are hereby incorporated herein by reference.
SUMMARY OF THE INVENTION
The present invention seeks to provide an efficient certificate revocation system.
The system of the present invention, in preferred embodiments thereof, includes a digital certificate issuing subsystem to issue each device with a certificate chain which is based on the major components that are prone to be exploited, for example, the hardware and software components. The certificate chain of each device includes at least one component certificate disposed between a root certificate and a device-specific leaf certificate. If an exploit (security hole) is discovered relating to a particular component of the devices, then one or more of the component certificates are revoked instead of the individual device-specific leaf certificates:
In accordance with a preferred embodiment of the present the invention, the system only adds a single entry to a certificate revocation list in order to invalidate the certificate chains of all the problematic devices.
In accordance with an alternative preferred embodiment of the present invention, the system adds two or more entries to the certificate revocation list in order to invalidate the certificate chains of all the problematic devices.
In either embodiment, the required number of entries needed in the certificate revocation list is generally substantially less than would be required if the individual device-specific leaf certificates were revoked. In other words, as the certificate structure is "potential exploit oriented", the number of entries needed in the certificate revocation list is generally less than number of exploited devices.
There is thus provided in accordance with a preferred embodiment of the present invention a digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the system including a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including a root certificate associated with the root certificate authority, a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and a plurality of component certificates issued by the root certificate authority, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates, different component certificates being issued for the devices having different combinations of the components.
Further in accordance with a preferred embodiment of the present invention, the system includes a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component.
Still further in accordance with a preferred embodiment of the present invention the digital certificate revocation subsystem revokes the component certificates by adding at least two different entries to a certificate revocation list.
Additionally in accordance with a preferred embodiment of the present invention digital certificate issuing subsystem includes a plurality of intermediate certificate authorities, each of the component certificates being issued to one of the intermediate certificate authorities, each of the intermediate certificate authorities issuing the leaf certificates to devices having at least two of the components in common.
Moreover in accordance with a preferred embodiment of the present invention each of the intermediate certificate authorities is a virtual certificate authority. Further in accordance with a preferred embodiment of the present invention the software components include an operating system.
Still further in accordance with a preferred embodiment of the present invention the software components include a device driver. Additionally in accordance with a preferred embodiment of the present invention the software components include a media player.
There is also provided in accordance with still another preferred embodiment of the present invention a digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the system including a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including a root certificate associated with the root certificate authority, a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and a plurality of component certificates, the certificate chain of each of the devices including at least two of the component certificates between the root certificate and an associated one of the leaf certificates, each of the at least two component certificates being associated with a different one of the components of an associated one of the devices.
Moreover in accordance with a preferred embodiment of the present invention, the system includes a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component. Further in accordance with a preferred embodiment of the present invention the digital certificate revocation subsystem revokes the component certificates by adding a sole entry to a certificate revocation list.
Still further in accordance with a preferred embodiment of the present invention the certificate chain of each of the devices with at least one of the components in common includes one of the component certificates having a same public key.
Additionally in accordance with a preferred embodiment of the present invention the software components include an operating system. Moreover in accordance with a preferred embodiment of the present invention the software components include a device driver.
Further in accordance with a preferred embodiment of the present invention the software components include a media player.
There is also provided in accordance with still another preferred embodiment of the present invention a digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method including issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including issuing a root certificate associated with a root certificate authority, issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and issuing a plurality of component certificates, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates, different component certificates being issued for the devices having different combinations of the components. Still further in accordance with a preferred embodiment of the present invention, the method includes invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component. There is also provided in accordance with still another preferred embodiment of the present invention a digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of at least two hardware components, at least two software components, and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method including issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including issuing a root certificate associated a the root certificate authority, issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices, and issuing a plurality of component certificates, the certificate chain of each of the devices including at least two of the component certificates between the root certificate and an associated one of the leaf certificates, each of the at least two component certificates being associated with a different one of the components of an associated one of the devices.
Additionally in accordance with a preferred embodiment of the present invention, the method includes invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component. BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be understood and appreciated more fully from the following detailed description, taken in conjunction with the drawings in which: Fig. 1 is a partly pictorial, partly block diagram view of a digital certificate system;
Fig. 2 is a partly pictorial, partly block diagram view of a digital certificate system constructed and operative in accordance with a preferred embodiment of the present invention; Fig. 3 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system of Fig. 2;
Fig. 4 is a partly pictorial, partly block diagram view of a digital certificate system constructed and operative in accordance with an alternative preferred embodiment of the present invention; Fig. 5 is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system of Fig. 4;
Fig. 6 is a block diagram view of a digital certificate management system constructed and operative in accordance with a preferred embodiment of the present invention; Fig. 7 is a flow chart showing a preferred method of operation of the system of Fig. 6; and
Fig. 8 is a flow chart showing an alternative preferred method of operation of the system of Fig. 6. DETAILED DESCRIPTION OF A PREFER-RED EMBODIMENT
Reference is now made to Fig. 2, which is a partly pictorial, partly block diagram view of a digital certificate system 22 constructed and operative in accordance with a preferred embodiment of the present invention. The digital certificate system 22 issues a root certificate 24, typically associated with a root certificate authority (not shown).
The digital certificate system 22 preferably includes a plurality of devices 26 (devices Dl to DlO). Each of the devices 26 typically includes a plurality of components, shown as OSl (operating system 1), OS2 (operating system 2), HWl (hardware 1) or HW2 (hardware 2) in Fig. 2. The components typically include: at least two hardware components; or at least two software components; or at least one hardware component and at least one software component. Some of the devices have different combinations of the components while having at least one of the components in common. For example, the device Dl includes OSl and HWl, while device D2 includes OSl and HW2. Therefore, the device Dl and the device D2 have a common operating system (OSl) but different hardware (HWl for the device Dl and HW2 for the device D2).
It should be noted that the components identified for the devices 26 are those components which are most likely to be exploited. The devices typically include other hardware and/or software elements. However, the other elements are not shown nor considered as they are less likely to be exploited.
The devices 26 are described as having two components (most likely to be exploited). However, it will be appreciated by those ordinarily skilled in the art that each of the devices 26 can include more than two components. Each of the devices 26 is typically issued with a certificate chain 28 extending from the root certificate 24 to a device-specific leaf certificate 30. The certificate chain 28 also includes a plurality of component certificates 32. For the sake of simplicity, only the certificate chain 28 of device Dl has been labeled. The leaf certificate 30 for each device 26 is unique, such that revocation of any one leaf certificate 30 only results in invalidating the certificate chain 28 for the single device 26 associated with the revoked leaf certificate 30.
On the other hand, the component certificates 32 are preferably not unique. Each of the certificate chains 28 typically includes a component certificate for each of the components of the corresponding device 26. So therefore, device Dl, which includes OSl and HWl, includes a component certificate for OSl and a component certificate for HWl. The same component certificates 32 are repeated as necessary across the certificate chains 28. Devices having at least one component in common also have at least one component certificate in common. It should be noted that the component certificates are "common" for revocation purposes and not necessarily identical in all other aspects. The aspect of revocation is described in more detail below.
Therefore, if an exploit is discovered relating to a particular component, the certificate chains 28 of all the devices 26 having the particular component are invalidated by revoking the component certificates 32 relating to the problematic component. Revocation is typically performed by adding identifying details to a certificate revocation list 34.
In a typical multi-level certificate authority system there is a root certificate authority (RCA) which issues certificates to a plurality of intermediate certificate authorities (ICAs). The ICAs in turn either issue certificates to leaf devices or to another lower level of ICAs. Each certificate in the certificate chain is identified by the issuer of the certificate and by a serial number which is typically related to the public key of the certificate holder. The serial number is typically used for revoking certificates.
In the digital certificate system 22, the ICAs are generally virtual entities whereby the component certificates 32 and the leaf certificates 30 are all issued by a single entity for example, the RCA (not shown). However, the virtual entities are necessary in order to maintain the links in the certificate chains 28 (for example, for validation purposes). Therefore, for each certificate the issuing entity is identified as the entity above the certificate in the certificate chain 28. For example, for the device Dl, the leaf certificate Dl is identified as being issued by a virtual ICA holding the component certificate HWl. In turn, the component certificate HWl is identified as being issued by a virtual ICA holding the component certificate OS 1. It is seen that the component certificates 32 representing the same component may be issued by different virtual ICAs. For example, the certificate chain 28 of the device Dl has the component certificate HWl which was issued, or deemed issued, by the virtual ICA holding the component certificate OSl, whereas the certificate chain 28 of the device D4 has the component certificate HWl which was issued, or deemed issued, by the virtual ICA holding the component certificate OS2. Therefore, the component certificate HWl of the device Dl has a different virtual issuer than the component certificate HWl of the device D4.
Even though the component certificates 32 associated with component HWl of the device Dl and the device D4 are identified as being issued by different virtual entities, both the component certificates 32 associated with component HWl have the same serial number and the same public key. Therefore, both the component certificates 32 associated with component HWl can typically be revoked by adding a single entry in the certificate revocation list 34 listing the serial number of the revoked certificates.
Therefore, if a component is found to be problematic due to an exploit, all component certificates 32 associated with the problematic component are preferably revoked by adding a single (or sole) entry in the certificate revocation list 34. The term a "single entry" or "sole entry", as used in the specification and claims, is defined as an entry which identifies a single serial number and/or public key in order to revoke one or more digital certificates.
Reference is now made to Fig. 3, which is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system
22 of Fig. 2. Fig. 3 shows a hierarchical structure 36 which appropriately groups the devices 26 having common components. However, it should be noted that Fig.
3 is only an alternative pictorial representation of the system 22 of Fig.2. Reference is now made to Fig. 4, which is a partly pictorial, partly block diagram view of a digital certificate system 38 constructed and operative in accordance with an alternative preferred embodiment of the present invention. The digital certificate system 38 is substantially the same as the digital certificate system 22 except for the differences described below. The certificate chain 28 of each device 26 preferably includes a single component certificate 44 disposed between the root certificate 24 and the leaf certificate 30. For the sake of simplicity, only the certificate chain 28 of device Dl has been labeled.
The component certificates 44 are typically not unique. Each of the certificate chains 28 typically includes a single component certificate 44 associated with all of the components of the corresponding device 26. So therefore, device Dl, which includes components OSl and HWl, includes a component certificate 44 associated with components OSl and HWl in a single certificate. The same component certificates 44 are typically repeated as necessary across the certificate chains 28. Devices having the same components in common have component certificates in common. It should be noted that the component certificates are "common" for revocation purposes and not necessarily identical in all other aspects. If an exploit is discovered relating to a particular component, then the certificate chains 28 of all the devices 26 having the particular component are invalidated by revoking the. component certificates 44 associated with the problematic component. Revocation is typically performed by adding identifying details to a certificate revocation list 46. Revocation typically requires adding two or more entries in the certificate revocation list 46, each entry relating to a certificate serial number and/or public key.
In the example of Fig. 4, HWl is identified as a problematic component. Therefore, the component certificates OSl /HWl and OS2/HW1 are revoked. In other words, all the component certificates 44 including the problematic component HWl are revoked. In accordance with a second alternative preferred embodiment of the present invention, the component certificates 44 are issued with shorter expiry dates than the expiry dates of the leaf certificates 30. For example, the component certificates 44 are issued with expiry dates such that the component certificates 44 need to be renewed regularly, for example, but not limited to, daily renewal. The leaf certificates 30 are given very long expiry dates for example, one year from the issue date. Therefore, for example, if HWl is identified as a problematic component, the component certificates 44 of OS1/HW1 and OS2/HW1 are simply not renewed without having to perform a revocation operation. In some environments it may be preferable to avoid revocation as much as possible by issuing the component certificates 44 with very short expiration dates.
It will be appreciated by those ordinarily skilled in the art that the system and method of the second alternative preferred embodiment can be implemented with the digital certificate system 22 described with reference to Fig. 2 by issuing the component certificates 32 with veiy short expiration dates.
In accordance with the prior art, it is generally accepted practice that the leaf certificate expiration is the effective expiration of the entire certificate chain and that it is forbidden for a certificate authority (CA) to sign a certificate which has an expiration date later than the expiration date of the signing CA. It will be appreciated by those ordinarily skilled in the art that the second alternative preferred . embodiment of the present invention generally requires that: an intermediate CA can sign a certificate which has an expiration date which is later than the expiration date of the current certificate held by the signing intermediate CA; and the effective expiration date of the certificate chain is typically the earliest expiration date of all the certificates in the certificate chain. Therefore, the second alternative preferred embodiment of the present invention, in preferred embodiments thereof, requires that no check be performed on the relative expiration dates of elements of the certificate chain as an issuing CA is allowed to issue certificates having a longer expiry date than the expiry date of the certificate of the issuing CA itself. A system including an intermediate certificate authority issuing certificates having a longer expiry date than the expiry date of the certificate of the issuing CA itself is described in PCT Application Serial Number IL2005/000957 of NDS Limited, filed 8 September 2005 which has been incorporated herein by reference.
Reference is now made to Fig. 5, which is a partly pictorial, partly block diagram view of an alternative representation of the digital certificate system 38 of Fig. 4. Fig. 4 shows a hierarchical structure 48 formed by appropriately grouping the devices 26 having all components in common. However, it should be noted that Fig. 5 is only an alternative pictorial representation of the system 38 of Fig. 4.
Reference is now made to Figs. 2-5.
The certificate structure of the digital certificate system 22 or of the digital certificate system 38 is dynamic and can be rebuilt as necessary. For example, if an individual device 26 receives new or replacement components, such as the installation of a new driver or player, then the device- specific leaf certificate 30 of the specific device 26 needs to be revoked. The specific device 26 needs to be associated with a new certificate chain 28, possibly requiring establishing new virtual ICAs, as well as issuing a new device-specific leaf certificate 30. .
If a whole class of the 26 devices receives new or replacement components, then one or more of the component certificates 32 or the component certificate 44 need to be revoked.
Additionally, if new potential exploiting targets are identified in the devices 26, then the certificate structure may need to be revoked and rebuilt in part or in full as appropriate.
Reference is now made to Figs. 6 and 7. Fig. 6 is a block diagram view of a digital certificate management system 50 constructed and operative in accordance with a preferred embodiment of the present invention. Fig. 7 is a flow chart showing a preferred method of operation of the system 50 of Fig. 6. Reference is also made to Fig. 2.
The digital certificate management system 50 preferably includes a digital certificate issuing subsystem 52 typically including a root certificate authority 54 and a plurality of intermediate certificate authorities 56. As described above with reference to Fig. 2, the intermediate certificate authorities 56 are typically virtual entities.
The digital certificate issuing subsystem 52 is preferably operative to issue a plurality of certificates such that a certificate chain 28 is formed for each of the devices 26. The certificates generally include the root certificate 24 associated with the root certificate authority 54 (block 60), the component certificates 32, and associated with the devices 26, the leaf certificates 30.
The component certificates 32 are in two layers, a top layer 76 and a bottom layer 78. The root certificates 24 in the top layer 76 are issued by the root certificate authority 54. The component certificates 32 in the bottom layer 78 are issued, or deemed issued, by the intermediate certificate authorities 56 of the top layer 76 (block 62).
The leaf certificate 30 are issued, or deemed issued, by the intermediate certificate authorities 56 of the bottom layer 78 (block 64). The leaf certificates 30 are uniquely associated with the devices 26 such that revocation of any leaf certificate 30 invalidates the certificate chain of only one device 26.
Therefore, the certificate chain 28 of each of the devices 26 includes at least two of the component certificates 32 between the root certificate 24 and the associated leaf certificate 30 (block 62). Each of the component certificates 32, in any one certificate chain 28, is associated with a different component of the device 26 associated with the certificate chain 28.
Only two intermediate layers are shown in Fig. 2. It will be appreciated by those ordinarily skilled in the art that the number of intermediate layers depends on the number of components in each device 26. Each of the component certificates 32, the leaf certificates 30 and the root certificate 24 are typically associated with a public key. The certificate chain 28 of each of the devices 26 with at least one of the components in common, preferably includes a component certificate 32 having the same public key and/or serial number. Therefore, even though component certificates 32 associated with the same component may not have completely identical characteristics, the public key and/or serial number of the component certificates 32 associated with the same component are generally the same. Therefore, the component certificates 32 associated with the same component are preferably revoked by adding a single entry to the certificate revocation list 34, described in more detail below.
The digital certificate management system 50 also preferably includes a digital certificate revocation subsystem 58 to invalidate the certificate chain 28 of each of the devices 26 having a selected (problematic) one of the components (block 66), HWl in Fig. 2. Invalidation of the certificate chain 28 is typically performed by revoking the component certificates 32 associated with the selected component by adding a sole entry to the certificate revocation list 34.
The software components typically include one or more of the following: an operating system, a device driver, and/or a media player. However, it will be appreciated by those ordinarily skilled in the art that any suitable software component may be used in the digital certificate management system 50.
Software components are typically categorized by version number, as well.
The hardware components are categorized as necessary, for example, by hardware type and specification, manufacturer, factory, worker, materials etc. It will be appreciated by those ordinarily skilled in the art that many other suitable types of hardware component categorization are possible.
Reference is now made to Fig. 8, which is a flow chart showing an alternative preferred method of operation of the system 50 of Fig. 6. Reference is also made to Figs. 4 and 6.
In accordance with the alternative preferred method of operation of the digital certificate management system 50, the digital certificate issuing subsystem 52 preferably issues the root certificate 24 (block 68), the component certificates 44 and the leaf certificates 30. The root certificate authority 54 typically issues a single component certificate 44, to each of the intermediate certificate authorities 56, for the certificate chain 28 of each device 26 (block 70). The intermediate certificate authorities 56 preferably issue the leaf certificate 30 for each device 26 (block 72). Therefore, each component certificate 44 is disposed between the root certificate 24 and an associated leaf certificate 30. Different component certificates 44 are issued for the devices 26 having different combinations of the components. The term "different component certificates", as used in the specification and claims, is defined as component certificates having different public keys and/or serial numbers.
The digital certificate revocation subsystem 58 is typically operative to invalidate the certificate chain 28 of each of the devices 26 having a selected (problematic) one of the components, HWl in Fig. 4, by revoking the component certificates 44 associated with the devices 26 having the selected component by adding different entries to the certificate revocation list 46 (block 74) as necessary. The term "different entries" as used in the specification and claims, is defined as entries having different serial numbers and/or public keys.
It is appreciated that software components of the present invention may, if desired, be implemented in ROM (read only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques. .
: It will be appreciated that various features of the invention which are, for clarity, described in the contexts of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, - described in the context of a single embodiment may also be provided separately or in any suitable sub-combination. It will also be appreciated by persons skilled in the art that the present invention is not limited by what has been particularly shown and described hereinabove. Rather the scope of the invention is defined only by the claims which follow.

Claims

What is claimed is:CLAIMS
1. A digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of: at least two hardware components; at least two software components; and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the system comprising: a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including: a root certificate associated with the root certificate authority; a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices; and a plurality of component certificates issued by the root certificate authority, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates, different component certificates being issued for the devices having different combinations of the components.
2. The system according to claim 1, further comprising a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component.
3. The system according to claim 2, wherein the digital certificate revocation subsystem revokes the component certificates by adding at least two different entries to a certificate revocation list.
4. The system according to claim 2, wherein digital certificate issuing subsystem includes a plurality of intermediate certificate authorities, each of the component certificates being issued to one of the intermediate certificate authorities, each of the intermediate certificate authorities issuing the leaf certificates to devices having at least two of the components in common.
5. The system according to claim 4, wherein each of the intermediate certificate authorities is a virtual certificate authority.
6. The system according to any of claims 1-5, wherein the software components include an operating system.
7. The system according to any of claims 1-5, wherein the software components include a device driver.
8. • The system according to any of claims 1-5, wherein the software components include a media player.
9. . A digital certificate management system for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of: at least two hardware components; at least two software components; and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the system comprising: a digital certificate issuing subsystem having at least one certificate authority including a root certificate authority, the digital certificate issuing system being operative to issue a plurality of certificates such that a certificate chain is formed for each of the devices, the certificates including: a root certificate associated with the root certificate authority; a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices; and a plurality of component certificates, the certificate chain of each of the devices including at least two of the component certificates between the root certificate and an associated one of the leaf certificates, each of the at least two component certificates being associated with a different one of the components of an associated one of the devices.
10. The system according to claim 9, further comprising a digital certificate revocation subsystem to invalidate the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component.
11. The system according to claim 10, wherein the digital certificate revocation subsystem revokes the component certificates by adding a sole entry to a certificate revocation list.
12. The system according to claim 10, wherein the certificate chain of each of the devices with at least one of the components in common includes one of the component certificates having a same public key.
13. The system according to any of claims 9-12, wherein the software components include an operating system.
14. The system according to. any of claims 9-12, wherein the software components include a device driver.
15. The system according to any of claims 9-12, wherein the software components include a media player.
16. A digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of: at least two hardware components; at least two software components; and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method comprising: issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including: issuing a root certificate associated with a root certificate authority; issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices; and issuing a plurality of component certificates, the certificate chain of each of the devices including one of the component certificates between the root certificate and an associated one of the leaf certificates, different component certificates being issued for the devices having different combinations of the components.
17. The method according to claim 16, further comprising invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the devices having the selected component.
18. A digital certificate management method for managing certificates of a plurality of devices, each of the devices having a plurality of components, the components including at least one of: at least two hardware components; at least two software components; and at least one hardware component and at least one software component, at least some of the devices having different combinations of the components while having at least one of the components in common, the method comprising: issuing a plurality of certificates such that a certificate chain is formed for each of the devices, the issuing including: issuing a root certificate associated a the root certificate authority;
■ issuing a plurality of leaf certificates associated with the devices, the leaf certificates being uniquely associated with the devices such that revocation of any one of the leaf certificates invalidates the certificate chain of only one of the devices; and issuing a plurality of component certificates, the certificate chain of each of the devices including at least two of the component certificates between the root certificate and an associated one of the leaf certificates, each of the at least two component certificates being associated with a different one of the components of an associated one of the devices.
19. The method according to claim 18, further comprising invalidating the certificate chain of each of the devices having a selected one of the components, by revoking the component certificates associated with the selected component.
PCT/IL2006/000261 2006-02-27 2006-02-27 Efficient certificate revocation WO2007096858A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IL2006/000261 WO2007096858A2 (en) 2006-02-27 2006-02-27 Efficient certificate revocation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IL2006/000261 WO2007096858A2 (en) 2006-02-27 2006-02-27 Efficient certificate revocation

Publications (2)

Publication Number Publication Date
WO2007096858A2 true WO2007096858A2 (en) 2007-08-30
WO2007096858A3 WO2007096858A3 (en) 2009-04-30

Family

ID=38437759

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2006/000261 WO2007096858A2 (en) 2006-02-27 2006-02-27 Efficient certificate revocation

Country Status (1)

Country Link
WO (1) WO2007096858A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
US20150256348A1 (en) * 2014-03-05 2015-09-10 Robert Bosch Gmbh Method for revoking a group of certificates
DE102015220647A1 (en) * 2015-10-22 2017-04-27 Siemens Aktiengesellschaft Method and device for determining revoked digital certificates by means of a revocation list and exhibition device
JP2017175227A (en) * 2016-03-18 2017-09-28 株式会社リコー Certificate management system, certificate management method, and program

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148505A1 (en) * 2002-11-08 2004-07-29 General Instrument Corporation Certificate renewal in a certificate authority infrastructure

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040148505A1 (en) * 2002-11-08 2004-07-29 General Instrument Corporation Certificate renewal in a certificate authority infrastructure

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271040A (en) * 2011-07-26 2011-12-07 北京华大信安科技有限公司 Identity verifying system and method
US20150256348A1 (en) * 2014-03-05 2015-09-10 Robert Bosch Gmbh Method for revoking a group of certificates
US10027490B2 (en) * 2014-03-05 2018-07-17 Robert Bosch Gmbh Method for revoking a group of certificates
DE102015220647A1 (en) * 2015-10-22 2017-04-27 Siemens Aktiengesellschaft Method and device for determining revoked digital certificates by means of a revocation list and exhibition device
JP2017175227A (en) * 2016-03-18 2017-09-28 株式会社リコー Certificate management system, certificate management method, and program

Also Published As

Publication number Publication date
WO2007096858A3 (en) 2009-04-30

Similar Documents

Publication Publication Date Title
US7290138B2 (en) Credentials and digitally signed objects
US7707406B2 (en) Certificate renewal in a certificate authority infrastructure
USRE48821E1 (en) Apparatus and methods for protecting network resources
CN101484903B (en) System and method for controlling information supplied from memory device
EP1376303B1 (en) Digital rights management (DRM) encryption and data-protection for content on device without interactive authentication
CN1816192B (en) Process for the secure management of the execution of an application
CA2877451C (en) Systems, methods and apparatuses for securing root certificates
CN100413246C (en) Information processing device, information processing method and program storage
CN100468428C (en) Content management method and content management apparatus
US20110099362A1 (en) Information processing device, encryption key management method, computer program and integrated circuit
US20060021065A1 (en) Method and device for authorizing content operations
EP2027540A1 (en) Multi certificate revocation list support method and apparatus for digital rights management
CN101488352B (en) Information processing apparatus and information processing method
CN101057218A (en) System and method for programming an isolated computing environment
US20020120847A1 (en) Authentication method and data transmission system
CN109600366A (en) The method and device of protection user data privacy based on block chain
WO2007096858A2 (en) Efficient certificate revocation
US20080052510A1 (en) Multi certificate revocation list support method and apparatus for digital rights management
Fugkeaw Achieving privacy and security in multi-owner data outsourcing
KR100506530B1 (en) Method for DRM license supporting plural devices
Barrera et al. Baton: Certificate agility for android's decentralized signing infrastructure
ATE372638T1 (en) SYSTEM AND METHOD FOR IDENTIFYING AND AUTHENTICATION FOR SECURE DATA EXCHANGE
CN107483462A (en) The operating right management system and method for a kind of outgoing USB flash disk
WO2015111934A1 (en) Long-term verification method and system for electronic records
Barrera et al. Baton: Key Agility for Android without a Centralized Certificate Infrastructure

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06711243

Country of ref document: EP

Kind code of ref document: A2