Patent on PKI certificate technology

SSH Communications Security, a world-leading provider of enterprise security solutions and end-to-end communications security, and the original developer of the Secure Shell protocol, today announced the issuance of a key patent covering a new, streamlined process of issuing certificate revocation lists (CRLs) and eliminating the need for private keys to be present during the periodic publishing of CRLs.

The U.S. Patent No. 7,356,693, “Method for Producing Certificate Revocation Lists,” is designed to create an easier way to operate a Public Key Infrastructure (PKI) hierarchy while reducing the practical work needed to produce and distribute CRLs. Producing multiple CRLs in volume at one time, keeping them secure until needed, and publishing them in the directory is a cost-effective and more efficient best-practice than creating individual CRLs at various times, and also eases the burden on administrators.

By arranging the root certificate authority (CA) to produce multiple CRLs in advance and issuing one of these pre-generated CRLs at a time to the directory system, new CRLs can be made available for PKI clients without having the CA private key available. The CA private key is only needed during the initial CRL pre-generation, and when new certificates are generated or revoked. The new technology provides greater security since access to the CA private keys is only needed when new certificates are generated or revoked.

SSH Communications Security has been granted five U.S. patents for its end-to-end communications security technology, and two additional active patents are pending.