Method and apparatus for providing efficient management of certificate revocation

Abstract

A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided. A method for certificate authorities (CA) that use Bloom filters for certificate revocation list (CRL) compression that enables the CA to hash only the entry that is to be un-revoked so that a good compression rate may be provided while avoiding computation of the entire CRL for each un-revocation.