Windowed Revocation of Public-Key-Encryption Certificates

Windowed revocation is a technique for the revocation of the digital certificates that provide assurance of the auth- enticity and integrity of public encryption keys and associated private decryption keys. These keys are used to protect the privacy of communications via the Internet. The need for revocation of certificates arises in cases in which private keys are lost or compromised, rights of access are changed, or it is desired to change keys as a precaution against cryptanalysis. Windowed revocation satisfies the security requirements and conforms to the policies of publickey systems now in use, while imposing less (relative to prior certificate-revocation techniques) of a burden on certificate server computers and communication networks.