30 results about "Online Certificate Status Protocol" patented technology

Methods and systems in accordance with the present invention efficiently validate digital certificates by answering Online Certificate Status Protocol (“OCSP”) requests without Certificate Revocation Lists (“CRL”). During validation of digital certificates, these methods and systems speed transmission, reduce required bandwidth and reduce required data storage by eliminating the need for the transmission of lengthy CRLs from a Certificate Authority (“CA”) when verifying a digital certificate from a client. In one implementation, they send a Lightweight Directory Access Protocol (“LDAP”) database query to a CA directory server to determine and pinpoint the existence of a valid digital certificate and check its validity without receiving a long list of data, such as a CRL, from a CA. The CA directory server returns the query result, and the database query in the CA directory server is performed faster than using an entire CRL, and furthermore, the transmission of the database query result is a small piece of information and does not require the large amounts of data transmission bandwidth and storage as required with transmitting CRL's.

Techniques are disclosed for locally distributing online certificate status protocol (OCSP) responses to a client computer. A certificate authority (CA) proactively sends OCSP responses to an agent application (e.g., an antivirus application configured to handle OCSP responses) residing in the client computer. The agent application stores the OCSP responses in a cache. Thereafter, when a browser application sends an OCSP request to the CA, the agent application intercepts the request and determines whether a corresponding OCSP response is locally cached. If so, the agent application sends the cached OCSP response to the browser application. If not, the agent application retrieves the corresponding OCSP response from the CA and sends the response to the browser application.

A method and system is presented for configuring a group of OCSP (Online Certificate Status Protocol) responders so that they are highly available. Each of the grouped OCSP responders share a common public key. When responding to an OCSP request, an OCSP responder generates an OCSP response that is signed with a group digital signature; the certificate for the common or group public key can be attached to the OCSP response. An OCSP client uses the group public key to verify the group digital signature on an OCSP response from any of the OCSP responders. For an OCSP client, the availability of this group of responders is greater than the availability of any one member of the group.

Embodiments of the invention provide a certificate authentication method and equipment. The method comprises the following steps that first equipment sends a first online certificate status protocol (OCSP) request message to second equipment, wherein the first OCSP request message is used for requesting OCSP status information of a second equipment certificate of the second equipment; the first equipment receives a first OCSP response message sent by the second equipment, wherein the first OCSP response message includes OCSP status information of the second equipment certificate; and the firstequipment carries out identity verification on the second equipment according to the OCSP status information of the second equipment certificate. According to the certificate authentication method and equipment, a problem that a client does not need to access a CRL or OCSP server to carry out validity verification on the certificate of the server in a handshaking process is solved.

The invention discloses a validation verification method of a second edition certification of an internet key exchange protocol. The present validation verification method of an accessing server certification is not only with low efficiency, but also lacks of safety guarantee. For solving the problems, the validation verification method of the second edition certification of the internet key exchange protocol of the invention, which comprises the following steps: (1) the validity of the accessing server certification is verified by a terminal through the protocol server in an online certification status. If the accessing server certification is effective, a next step is carried out; if the accessing server certification is not effective, the steps are ended; (2) the validity of the terminal identification is approved by the accessing server. If the terminal identification is legal, communication is established by the both side; if the terminal identification is illegal, the steps are ended. The invention is applicable to a safety verification field of the second edition in the internet key exchange protocol.

Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

The invention provides system and method for validity verification of a certificate in a mobile backhaul net. The method comprises the following steps of: when the validity of a domain certificate is verified, the client side of an online certificate status protocol (OCSP) sends an OCSP search request to an OCSP responser, and a request certificate table is carried; after the OCSP responser receives the OCSP search request, a certificate library is requested to verify the validity of the certificate in the request certificate table, and the certificate library searches the validity of the certificate in the request certificate table and transmits the search results of the validity of the certificate to the OCSP client side by the OCSP responser. The invention can efficiently verify the validity of the certificate in the mobile backhaul net in real time.

The invention relates to a digital authentication system based data switching. The digital authentication system comprises safe area devices, service area devices, and a network connection device connected with the safe area devices with the service area devices. The network connection device comprises a first switch connected with the safe area devices and a second switch connected with the service area devices. A firewall is set between the first switch and the second switch. The safe area devices comprise a CA (Certificate Authority) device and a KM (Key Management) device. The CA device and the KM device are in mutual communication connection and are connected with the first switch. The service area devices comprise an RA device, and an LDAP (Lightweight Directory Access Protocol) device, an OCSP (Online Certificate Status Protocol) device and a certificate media device which are in communication connection with the RA device. The RA device, the LDAP device, the OCSP device and thecertificate media device are connected with the second switch. The CA device realizes digital certificate authentication comprising an SM2 algorithm. The KM device realizes key management comprisingthe SM2 algorithm. According to the digital authentication system based on data switching, the system security can be improved.