Revocation of root certificates

Assignee

• Apple Inc. · US

Inventors

• Yousuf H. Vaid · Sunnyvale, US
• Christopher Sharp · Fort Myers, US
• Medhi Ziat · San Francisco, US
• Li Li · Los Altos, US
• Jerrold V. Hauck · Windermere, US
• Ramiro Sarmiento · San Ramon, US
• Jean-Marc Padova · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3268
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Disclosed herein is a technique for revoking a root certificate from at least one client device. In particular, the technique involves causing a secure element—which is included in the at least one client device and is configured to store the root certificate as well as at least one backup root certificate—to permanently disregard the root certificate and prevent the at least one client device from utilizing the specific root certificate. According to one embodiment, this revocation occurs in response to a receiving a revocation message that directly targets the root certificate, where the message includes at least two levels of authentication that are verified by the secure element prior to carrying out the revocation. Once the root certificate is revoked, the secure element can continue to utilize the at least one backup root certificate, while permanently disregarding the revoked root certificate.