公开(公告)号：BR0304267A

公开(公告)日：2004-08-31

申请号：BR0304267

申请日：2003-09-26

Applicant: IBM

Inventor： LUO MING ,  MILMAN IVAN MATTHEW

IPC: H04L9/32

Abstract: A method, system, apparatus, and computer program product are presented for processing certificate revocation lists (CRLs) in a data processing system. Rather than using CRLs for authentication purposes, CRLs are used for authorization purposes, and the responsibility of processing CRLs is placed on a monitoring process within a centralized authorization subsystem rather than the applications that authenticate certificates. A monitoring process obtain newly published CRLs and determines whether revoked certificates are associated with users that possess authorized privileges. If so, then the monitoring process updates one or more authorization databases to reduce or eliminate the authorized privileges for those users.