Title :
A flexible scheme for on-line public-key certificate status updating and verification
Author :
Faldella, E. ; Prandini, M.
Author_Institution :
Dipt. di Elettronica, Inf. e Sistemistica, Bologna Univ., Italy
Abstract :
A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied.
Keywords :
message authentication; online operation; public key cryptography; telecommunication security; telecommunication traffic; OCSP; PKI; authenticated information; directory computational load reduction; directory-signed proof; flexible scheme; high-traffic; one-way accumulator cryptographic primitive; online certificate status protocol; online public-key certificate status updating; online public-key certificate status verification; public-key infrastructures; revocation status; scalability; security; Authentication; Companies; Cryptographic protocols; Data privacy; Government; Information security; Open wireless architecture; Public key; Public key cryptography; Scalability;
Conference_Titel :
Computers and Communications, 2002. Proceedings. ISCC 2002. Seventh International Symposium on
Print_ISBN :
0-7695-1671-8
DOI :
10.1109/ISCC.2002.1021778
