摘要 |
<p>A revocation list generation apparatus and a revocation judgement apparatus suppress the size of a CRL even if a number of public key certificates to be revoked increases.The revocation list generation apparatus, in which leaves in a tree structure correspond to public key certificates, which are identified by leaf identifiers, and nodes from a leaf that corresponds to a revoked public key certificate to a root are revoked, generates, for each revoked node excluding leaves, revocation information showing whether directly subordinate nodes are revoked, and generates a revocation list that includes a plurality of pieces of revocation information arranged in an particular order.The revocation judgement apparatus obtains the revocation list, attempts to construct a path from the root to the leaf, using the revocation information in the revocation list, and when the leaf is included in the constructed path, judges the obtained public key certificate is revoked.</p> |