| 摘要 |
A computing device is operated in a manner which provides improved checking to determine whether or not an authentication certificate for a software application being loaded onto the device has been revoked. In the case of trusted certificate chains that contain no revocation information, the device checks using an AuthorityInfoAccess extension (AIA) as selected by the device. In the case of untrusted certificate chains, notably including self-signed certificates, the device is controlled so that it ignores any authentication revocation information provided with the software application and always uses information stored on the device. As a result, malware creators cannot encourage clients to go to certificate specified servers or responders in order to generate false responses for their certificates. The certificates may be X.509 certificates and the revocation information may be provided by Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) revocation related extensions.
|
