In computer network environments, security systems based on PKI are gaining popularity as a way of providing security or enhancing existing security, particularly with regard to security for network connections. Generally speaking, a PKI is an arrangement of servers, clients, and specific information that passes between them, for the verification of user identities by one or more rusted third parties such as, for example, one or more Certification Authorities (CA). The specific information is referred to as a public key and is typically associated with or bound to a particular user or users.
The establishment of a public key is typically accomplished by security or PKI software executing at a central location, such as a server, and operating in a coordinated or sometimes uncoordinated fashion with software at client locations. The public keys are typically provided within security certificates specified under, for example, the PKI Working Group (PKIX) of the Internet Engineering Task Force (IETF), which implement certificate standards based on the International Telecommunication Union-Telecommunication Standardization Sector (ITU-T) Recommendation X.509 ITU-T Recommendation X.509 (1997 E): Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, June 1997 also specified in Comité Consultatif International Téléphonique et Télégraphique (CCITT), Geneva, 1989, Data Communication Networks: Directory, Recommendation X.500-X.521, Blue Book, Volume VIII-Fascicle VIII.8 and International Standards Organization/International Engineering Consortium (ISO/EC), 25 Dec. 1991, Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, ISO/IEC 9594-8 (CCITT Recommendation X.509). The PKIX further specifies additional aspects in connection with request for comments (RFC) 3280, Housley, R., et al., “Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile”, RFC 3280, April 2002 (supersedes RFC 2459).
Using a PKI, network communications between, for example, a server and a client can be protected such as with a secure socket layer (SSL) connection between the server and client. Originally, SSL was privately developed as a way to provide a secure connection between an Internet web server and a browser operating on a client and has now been adopted as an open security standard by IETF. To operate in a PKI environment, a server wishing to communicate with a client or other network nodes needs to obtain a certificate for validating its identity to the client or other nodes and for allowing an encryption key to be generated for the establishment of the SSL connection. When the client and server first make a connection, the certificate is received by the client and the issuing CA is compared with a root CA certificate stored locally on the client. If the root CA matches the issuing CA then the certificate can be considered trusted. Otherwise a notification can be provided to the client that additional verification steps should be taken to ensure that the server can be “trusted.”
A typical certificate contains the name of the server or other entity that is being identified, the server's public key, the name of the issuing CA, and other information including validity dates and cryptographic information proving that the certificate is authentic, and the serial number of the certificate. Over time, it will be appreciated that the security environment can change, and as different servers are encountered and respective certificates are accumulated, the need may arise to notify a client that a certificate is no longer valid and has been revoked. Since certificates are issued in an open ended fashion, that is once the certificates are generated, the client will have continued possession of the certificate, a separate notification must be provided that indicates the current status of the certificates issues by a particular issuing authority or CA. Such a notification can be provided in various forms including a list from the CA referred to as a certificate revocation list (CRL).
To further facilitate security, the CA periodically issues the CRL, which contains a list of revoked certificates and other information, such as information regarding the date the CRL was generated and the date of the next update for the CRL. The contents of the CRL and management of the CRL is specified in X.509 and RFC 3280, for example, as noted above. In some cases the contents of the CRL can include various extensions for providing additional information including reasons for revocation and the like. Depending on the scale of operation for a particular client the number of certificates handled can be large and, depending on the number of extensions in use, the size of each CRL entry with extensions can be large.
Difficulties arise when large numbers of entries associated with revoked certificates including information associated with extensions, are included in a CRL, which must be transferred to a client or other entity or a series of clients or entities. As updates are generated more frequently, the bandwidth requirements associated with transferring the CRL over the communication channel between the server and the client become increasingly large. One approach is to issue and transfer a so-called delta CRL, that is, a CRL containing information associated with certificates that have been revoked since the issuance of the last CRL. The delta CRL and the base CRL together provide comprehensive information regarding certificate revocation status. Such a system is described in U.S. Patent Application Publication No. US 2005/0120207 A1.
In other systems, such as those described in “Public Key Revocation Schemes,” Årnes, Queen's University, Kingston, Ontario, Canada, February 2000, and U.S. Pat. No. 6,487,658, “EFFICIENT CERTIFICATE REVOCATION,” issued on Nov. 26, 2002 to Micali, portions of information associated with a certificate in a CRL, such as a date field, are encoded or in some cases compressed to reduce the size of the field marginally reducing the number of bits needed to represent the field data. Further, the CRL is segregated or segmented such that information regarding certificates associated with a specific distribution point can be separately requested and provided. Aside from these minimal measures, Micali abandons the traditional CRL in favor of alternative constructs based on individual queries to the CA.
Although such approaches can provide marginal reductions in some of the data elements, as the size of the CRL grows, the impact of the marginal reduction in certificate size is reduced relative to the size of the entire CRL. Further, at some point, the base CRL must be transferred and, if the number and scope of updates becomes extensive, along with the number of Delta CRLs, the management of the CRL becomes complex and, while possibly reducing bandwidth requirements for updates, consumes an increasing quantity of processing resources and an increasing quantity of time. It would be desirable therefore to provide a CRL management capability in a computer system environment that could improve PKI performance by reducing bandwidth requirements for CRL transfers.
While a general background including problems in the art are described hereinabove, with occasional reference to related art or general concepts associated with the present invention, the above description is not intending to be limiting since the primary features of the present invention will be set forth in the description which follows. Some aspects of the present invention not specifically described herein may become obvious after a review of the attendant description, or may be learned by practice of the invention. Accordingly, it is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only in nature and are not restrictive of the scope or applicability of the present invention.