Method and system for checking revocation status of digital certificates in a virtualization environment

Assignee

• Institute of Information Engineering, Data Assurance & Communication Security Center, Chinese Academy of Sciences · CN

Inventors

• Jingqiang Lin · Beijing, CN
• Bingyu Li · Dalian, CN
• Zhan Wang · Beijing, CN
• Jiwu Jing · Beijing, CN
• Congwu Li · Beijing, CN
• Luning Xia · Beijing, CN
• Qiongqiao Wang · Beijing, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/30
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The present invention discloses a method and a system for checking revocation status of digital certificates in a virtualization environment. The method includes: 1) Setting up multiple virtual machines in a host computer; setting up a certificate revocation list manager within the virtual machine monitor of the host computer; 2) The certificates relying party in the virtual machines sends a service request for checking certificate revocation status to the certificate revocation list manager; 3) The certificate revocation list manager searches locally for the CRL file corresponding to the service request for checking certificate revocation status: a) If such a corresponding CRL file exists, the CRL file is returned to the certificate relying party in the virtual machines; or, the certificate revocation list manager checks whether the corresponding certificate serial number exists in the CRL file, then returns the result; b) if the corresponding CRL file does not exist, the corresponding CRL file is downloaded and verified according to the configuration file; then the CRL file is returned to the certificate relying party in the virtual machines; or, the certificate revocation list m…