Title :
An Improved Delta and Over-issued Certificate Revocation Mechanism
Author :
Zhang, Shaomin ; Wang, Haijiao
Author_Institution :
Sch. of Comput., North China Electr. Power Univ., Baoding
Abstract :
With the increasing acceptance of digital certificates, how to find and revoke digital certificate which has been stopped has been become more and more important, which can avoid huge economic losses to end-user. At present the most popular choice is the use of lightweight directory access protocol (LDAP) directory server to issue the certificate revocation list (CRL). Based on the analysis of the certificate storage and publish in LDAP server, a new and more efficient certificate revocation mechanism is proposed in this paper. The new mechanism integrates Delta and over-issued CRL and windowed certificate revocation mechanism, which satisfies the scalability and flexibility requirements of certificate revocation mechanism, at the same time, and can provide near real-time certificate status when required. The design and performance of the new mechanism are analyzed in detail. CRL is organized in the form of binary sort tree structure in LDAP, which satisfies the query of the revocation of certificates rapidly in LDAP.
Keywords :
access protocols; certification; public key cryptography; sorting; tree data structures; LDAP server; binary sort tree structure; certificate revocation list; certificate revocation mechanism; certificate storage; digital certificates; directory server; lightweight directory access protocol; Access protocols; Communication system control; Digital audio players; Energy management; Internet; Large-scale systems; Performance analysis; Power generation economics; Scalability; Tree data structures;
Conference_Titel :
Computing, Communication, Control, and Management, 2008. CCCM '08. ISECS International Colloquium on
Conference_Location :
Guangzhou
Print_ISBN :
978-0-7695-3290-5
DOI :
10.1109/CCCM.2008.364
