DocumentCode :
1327954
Title :
Certificate revocation and certificate update
Author :
Naor, Moni ; Nissim, Kobbi
Author_Institution :
Dept. of Comput. Sci. & Appl. Math., Weizmann Inst. of Sci., Rehovot, Israel
Volume :
18
Issue :
4
fYear :
2000
fDate :
4/1/2000 12:00:00 AM
Firstpage :
561
Lastpage :
570
Abstract :
We present a solution for the problem of certificate revocation. This solution represents certificate revocation lists by authenticated dictionaries that support: (1) efficient verification whether a certificate is in the list or not and (2) efficient updates (adding/removing certificates from the list). The suggested solution gains in scalability, communication costs, robustness to parameter changes, and update rate. Comparisons to the following solutions (and variants) are included: "traditional" certificate revocation lists (CRLs), Micali\´s (see Tech. Memo MIT/LCS/TM-542b, 1996) certificate revocation system (CRS), and Kocher\´s (see Financial Cryptography-FC\´98 Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1998, vol.1465, p.172-7) certificate revocation trees (CRT). We also consider a scenario in which certificates are not revoked, but frequently issued for short-term periods. Based on the authenticated dictionary scheme, a certificate update scheme is presented in which all certificates are updated by a common message. The suggested solutions for certificate revocation and certificate update problems are better than current solutions with respect to communication costs, update rate, and robustness to changes in parameters, and are compatible, e.g., with X.500 certificates.
Keywords :
message authentication; public key cryptography; X.500 certificates; authenticated dictionaries; authenticated dictionary; certificate revocation lists; certificate revocation system; certificate revocation trees; certificate update; communication costs; efficient updates; efficient verification; frequently issued certificates; incremental cryptographic schemes; memory checkers; parameter changes robustness; public key cryptography; short-term periods; traditional certificate revocation lists; update rate; Cathode ray tubes; Certification; Costs; Credit cards; Data structures; Dictionaries; Public key; Robustness; Scalability;
fLanguage :
English
Journal_Title :
Selected Areas in Communications, IEEE Journal on
Publisher :
ieee
ISSN :
0733-8716
Type :
jour
DOI :
10.1109/49.839932
Filename :
839932
Link To Document :
بازگشت