A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.
Faldella E., Prandini M. (2002). A flexible scheme for on-line public-key certificate status updating and verification. 10662 LOS VAQUEROS CIRCLE, PO BOX 3014, LOS ALAMITOS, CA 90720-1264 USA : IEEE COMPUTER SOC [10.1109/ISCC.2002.1021778].
A flexible scheme for on-line public-key certificate status updating and verification
Faldella E.;Prandini M.
2002
Abstract
A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.