Method and device for managing certificates

摘要

A certificate management method and a certificate management device are disclosed. The certificate management device includes a key collection computing unit, a certificate revocation unit, and a certificate revocation list broadcast unit. The certificate management method includes determining to at least revoke a first certificate in certificates that are recorded in a key tree and related to an entity, and determining whether a first root node only covers the first certificate and other revoked certificate in the key tree. When the first root node only covers the first certificate and the other revoked certificate, information about the first root node is added to a certificate revocation list. The certificate revocation list is sent to another entity at least.

主权项

1. A certificate management method, performed on a processor and a non-volatile memory, the certificate management method comprising: identifying a first certificate to be revoked from a plurality of certificates recorded in a key tree and related to an entity; finding a first root node of root nodes in the key tree that covers the most revoked certificates along with the first certificate but does not cover any valid certificates; adding information about the first root node of the root nodes along with the information about the first certificate to a certificate revocation list, wherein when the information about the first root node of the root nodes is added along with the information about the first certificate to the certificate revocation list, the certificate revocation list records the information about the first root node of the root nodes, and the information about the first root node includes a node index, a derived key, and a root node hierarchy; and transmitting the certificate revocation list to another entity.