改进的Delta和过度颁发的证书撤销机制

2008 ISECS International Colloquium on Computing, Communication, Control, and Management Pub Date : 2008-08-03 DOI:10.1109/CCCM.2008.364

Shaomin Zhang, Haijiao Wang

{"title":"改进的Delta和过度颁发的证书撤销机制","authors":"Shaomin Zhang, Haijiao Wang","doi":"10.1109/CCCM.2008.364","DOIUrl":null,"url":null,"abstract":"With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.","PeriodicalId":326534,"journal":{"name":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"An Improved Delta and Over-issued Certificate Revocation Mechanism\",\"authors\":\"Shaomin Zhang, Haijiao Wang\",\"doi\":\"10.1109/CCCM.2008.364\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.\",\"PeriodicalId\":326534,\"journal\":{\"name\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"volume\":\"72 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCCM.2008.364\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCCM.2008.364","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

随着人们对数字证书的接受程度越来越高，如何查找和撤销已停止使用的数字证书变得越来越重要，从而避免给最终用户造成巨大的经济损失。目前最流行的选择是使用轻量级目录访问协议(LDAP)目录服务器来颁发证书撤销列表(CRL)。本文在分析证书在LDAP服务器上存储和发布的基础上，提出了一种新的更有效的证书撤销机制。新机制集成了Delta和超颁发CRL以及有窗口的证书吊销机制，同时满足了证书吊销机制的可扩展性和灵活性要求，可以在需要时提供近乎实时的证书状态。详细分析了该机构的设计和性能。CRL在LDAP中采用二叉排序树结构进行组织，可以满足LDAP中快速查询证书吊销的要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Improved Delta and Over-issued Certificate Revocation Mechanism

With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 ISECS International Colloquium on Computing, Communication, Control, and Management

自引率

0.00%

发文量