摘要 |
Notification of lapse information of a public key certificate from a PKI directory server to a PKI directory client. Certificate authority information in a certificate authority structure is made to correspond to a container entry, end entity information is made to correspond to a leaf entry, and the certificate authority structure is assigned to a directory tree. If a certain certificate is lapsed and a certificate is newly issued, the newly issued certificate and its serial number are stored in the entry. After a predetermined time elapses, the certificate is put into a certain URL and the certificate stored in the entry is replaced with the URL information. At a receiver, a filtering mask is set on the basis of a certificate pass for obtaining the necessary certificate. A directory tree in which URL information and the serial number have been stored is repetitively transmitted from the transmission side. At the receiver, only the entries selected by the filtering mask are updated.
|