摘要：

These selected nodes are updated. A token is valid on day i+1 if it has been updated on day i. If on day i+1, a first party A wishes to verify a second party B's public key certificate, party A queries the CA. The CA sends to A one of the valid tokens. A's cryptography device receives the token and performs a one-way function, such as a hash function, on this received token a certain number of times to obtain the Dth value. This value is compared to the value on B's certificate. In a second version of the invention, the data revocation structure is constructed using a more general formulation. Each user's certificate includes a collection of all subsets containing that user. For each of these subsets, there is a chain. The certificate includes the zero token for each chain of each set on the certificate. Similar updating and verification processes are performed using this data revocation structure. In a third embodiment, the updating process is performed incrementally.

展开