查看文章

A method and system for efficiently authenticating digital certificates issued by an organization's authentication hierarchy. The system includes a verification server that manages a certificate repository and a verification cache having entries for verified digital certificates and certification revocation lists. Each cache entry includes a corresponding timestamp that indicates when the item was last authenticated. The verification server incrementally updates the verification cache using a recursive procedure to traverse the hierarchy's chain of authority signatures. The procedure performs costly verifications of digital signatures and scans of certification revocation lists only when an item's timestamp is out of date with respect to its issuer's digital certificate, certification revocation list or other security information.