| Security problems in electronic commerce become increasingly important, meanwhile electronic commerce is flourishing because of Internet popularity. A key problem of these is identity authentication. Digital certificates in PKI attesting to a relationship between a documented attribute and a public key provide an extremely secure and flexible means of identity authentication. Sometimes the certificate must be revoked prior to its expiration date, e.g., when a private key is revealed, or when a holder changes affiliation or position. There are some solutions to certificate revocation, e.g, certificate revocation list(CRL), certificate revocation system(CRS), and certificate revocation tree(CRT), but they each have their own disadvantages.Firstly, we briefly review these solutions for the problem of certificate revocation and describe in detail a new solution, called certificate revocation threaded binary sorted hash tree(CRTBSHT), which brings higher update rates than the other and supplies fresh information for users.Then, this paper introduces J2EE framwork, open source Certificate Authority software-EJBCA under which the balanced CRTBSHT system is implemented and four J2EE application servers.In the following, we give details of structures and functions of the balanced CRTBSHT system, data structures and algorithms of important function modules. The primary function of the system is initialization and updates of the balanced CRTBSHT system are implemented by session bean which gets data of the revoked certificates from database. There are other problems like signatures with keys of ca in database, scheduled updates by jboss service, recovery of query path on the client.Basing on the efficiency analysis, we come to the conclusion that the balanced CRTBSHT system gains in communication costs and update rate.
|
PDF Full Text Request