A New Method for Reducing the Revocation Delay in the Attribute Authentication

There are a variety of certificates to prove the identity and the attribute on network. Public key certificate is used to prove the identity of the user and attribute certificate is used to prove the attributes of the user It is necessary to bind attribute certificate to public key certificate to prove the owner of the attributes because attribute certificate does not contain the identity information. Some attributes have the derivation relationship between attributes. Therefore, branch attributes should be revoked when origin attributes are revoked. It is necessary to do it at once. The naive method cannot show the relationship with derivation attributes directly. Therefore, the naive methods have the following problems. First, the relationship between attributes is not written into attribute certificate. Second, branch attribute certificate cannot be revoked at once when origin attributes are revoked. In this paper, we propose the method to shorten the revocation delay of attribute certificate with the relationship by using an attribute authentication method that can show the relationship between attributes. Our method makes it possible to invalidate branch attribute certificate at once when origin attribute certificate is revoked, and protects against illegal use of attribute certificate that use the time difference of revocation processing