论文信息 - On the Performance of Certificate Revocation Protocols Based on a Java Card Certificate Client Implementation

On the Performance of Certificate Revocation Protocols Based on a Java Card Certificate Client Implementation

The use of certificates for secure transactions in smart cards requires the existence of a secure and efficient revocation protocol. There are a number of existing protocols for online certificate revocation and validation, among which OCSP and SCVP are the most widely used. However there are not any real applications testing the efficiency of these protocols when run in a smart card, even though the advantages of such an implementation are promising. In this paper we examine the details of the implementation of these protocols, emphasising on the issues arisen from the limitations of the smart cards. We also discuss the performance results from the implementation of OCSP and SCVP in a multi-application smart card environment. Results from two different Java Card platforms are presented and analyzed.

[1] Alex Deacon,et al. Lightweight OCSP Profile for High Volume Environments , 2003 .

[2] M. De Soete,et al. Speeding up smart card RSA computations with insecure coprocessors , 1991 .

[3] Ksheerabdhi Krishna,et al. Secure object sharing in java card , 1999 .

[4] Michael Wolfe,et al. J+ = J , 1994, ACM SIGPLAN Notices.

[5] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[6] Magnus Nyström,et al. An X.509-Compatible Syntax for Compact Certificates , 1999, CQRE.