A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.
A flexible scheme for on-line public-key certificate status updating and verification / Faldella E.; Prandini M.. - STAMPA. - (2002), pp. 1021778.891-1021778.898. (Intervento presentato al convegno 7th International Symposium on Computers and Communications, ISCC 2002 tenutosi a Taormina-Giardini Naxos, IT nel 01-04 July 2002) [10.1109/ISCC.2002.1021778].
A flexible scheme for on-line public-key certificate status updating and verification
Faldella E.;Prandini M.
2002
Abstract
A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status of each certificate. A thorough investigation on the performance attainable shows that the devised method exhibits the same positive features of the well-known on-line certificate status protocol (OCSP) as regards scalability, security and timeliness. Moreover, its peculiar characteristic of collectively authentication via a single directory-signed proof the status of all the certificates handled within a PKI leads to a significant reduction of the directory computational load that, in a high-traffic context, could be nearly unbearable when OCSP is applied. © 2002 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
