Study And Implementation Of OCSP And Certificate Revocation In PKI

Study and Implementation of OCSP and Certificate Revocation in PKI Master: Zheng Fangwei Tutor: Prof. Huang DimingWith the development of Internet and Electronic Commerce, there is a high demand for information security. The PKI technology based on public key can provide Confidentiality, Integrit}\ Authentication and Non_Repudiation for all kinds of Internet Application. Because the kernel of PKI is certificate, so, to manage certificate effectively is a chief task of management of certificate in PKI. the Revocation and Validation of certificate is one of the most important content.The traditional methods of Revocation and Validation of certificate is to use CRL ,but this method has its own weak points. Although some new methods based on CRL can alleviate the bad effect , they can't do it thoroughly. In this background, the Online Certificate Status Protocol(OCSP) was introduced as a supplement or substitute of CRL. It not only can provide online certificate status,but also can lessen the burden of network. TongSEC is a PKI product of TongTech company, TongOCSP project was developed by me as a important part of TongSEC project. The aim of TongOCSP is to implement the OCSP protocol and to provide Programing Interface For end user. According to the protocol ,TongOCSP Was partitioned to two parts:Resquestor and Responder,but in the design of TongOCSP, I added a RSP program to manage the revoked certificate library, so ,TongOCSP is composed by the three parts mentioned just now. in this paper, I expatiated the design and implementation in detail.