An application of efficient certificate status handling methods to high traffic authentication services

Most organizations show a strong interest in digital signature technology as a means for secure and authenticated document exchange, hoping that it helps reduce the paper-based transactions. The main problem posed by this technology is with the necessary public-key infrastructure, and in particular with certificate status handling. Rather than addressing the revocation problem in general, a specific but interesting aspect is discussed here: secure identification of a large number of users (like citizens for a public administration) accessing a wide pool of services. This paper describes the definition and deployment of a web-based environment suitable for offering administrative services to citizens and for accepting authenticated documents from citizens. The best features of two different certificate status handling schemes, the standard CRL and a novel on-line scheme, have been exploited within this environment to obtain a good balance between security, timeliness and efficiency.