A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.

Faldella E., Prandini M. (2002). A flexible scheme for on-line public-key certificate status updating and verification. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : IEEE COMPUTER SOC [10.1109/ISCC.2002.1021778].

A flexible scheme for on-line public-key certificate status updating and verification

Faldella E.;Prandini M.
2002

Abstract

A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.
2002
Proceedings - IEEE Symposium on Computers and Communications
891
898
Faldella E., Prandini M. (2002). A flexible scheme for on-line public-key certificate status updating and verification. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : IEEE COMPUTER SOC [10.1109/ISCC.2002.1021778].
Faldella E.; Prandini M.
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/904963
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 3
social impact