摘要 |
In whilelist-based authentication, a first device ( 102 ) in a system ( 100 ) authenticates itself to a second device ( 103 ) using a group certificate identifying a range of non-revoked device identifiers, said range encompassing the device identifier of the first device ( 102 ). Preferably the device identifiers correspond to leaf nodes in a hierarchically ordered tree, and the group certificate identifies a node ( 202 - 207 ) in the tree representing a subtree in which the leaf nodes correspond to said range. The group certificate can also identify a further node ( 308, 310, 312 ) in the subtree which represents a sub-subtree in which the leaf nodes correspond to revoked device identifiers. Alternatively, the device identifiers are selected from a sequentially ordered range, and the group certificate identifies a subrange of the sequentially ordered range, said subrange encompassing the whitelisted device identifiers. |