论文信息 - Efficient certificate status handling within PKIs: an application to public administration services

Efficient certificate status handling within PKIs: an application to public administration services

Public administration has shown a strong interest in digital signature technology as a means for secure and authenticated document exchange, hoping that it will help reduce paper-based transactions with citizens. The main problem posed by this technology is the necessary public-key infrastructure, and in particular certificate status handling. This paper describes the definition and deployment of a Web-based environment suitable for offering administrative services to citizens and for accepting authenticated documents from citizens. The best features of two different certificate status handling schemes, namely CRL and OCSP, have been exploited within this environment to obtain a good balance between security, timeliness and efficiency.

Marco Prandini

[1] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[2] Josh Benaloh,et al. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[3] Mihir Bellare,et al. XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[4] Mihir Bellare,et al. Incremental cryptography and application to virus protection , 1995, STOC '95.

[5] P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[6] E. FALDELLA,et al. Efficient Handling of Certificates within Public-Key Infrastructures , 1999 .

[7] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[9] Carlisle Adams,et al. Internet Public Key Infrastructure Real Time Certificate Status Protocol - RCSP , 1998 .

[10] Mihir Bellare,et al. Incremental Cryptography: The Case of Hashing and Signing , 1994, CRYPTO.

[11] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[12] Marc Fischlin. Incremental Cryptography and Memory Checkers , 1997, EUROCRYPT.