{"title":"改进的Delta和过度颁发的证书撤销机制","authors":"Shaomin Zhang, Haijiao Wang","doi":"10.1109/CCCM.2008.364","DOIUrl":null,"url":null,"abstract":"With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.","PeriodicalId":326534,"journal":{"name":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"An Improved Delta and Over-issued Certificate Revocation Mechanism\",\"authors\":\"Shaomin Zhang, Haijiao Wang\",\"doi\":\"10.1109/CCCM.2008.364\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.\",\"PeriodicalId\":326534,\"journal\":{\"name\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"volume\":\"72 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 ISECS International Colloquium on Computing, Communication, Control, and Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCCM.2008.364\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 ISECS International Colloquium on Computing, Communication, Control, and Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCCM.2008.364","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Improved Delta and Over-issued Certificate Revocation Mechanism
With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
