| Public Key Infrastructure (PKI) technology based on public-key cryptography theory is considered to be the most feasible and most effective method to solve information security problems in large and open networking environment. As an infrastructure, PKI provide a common information security platform to solve all kind of problems in network applications, such as authentication, confidentiality, integrity, non-repudiation and access control, etc. Digital certificate status validation system is a necessary part of PKI, which is used to provide certificate revocation information for certificate relier in PKI applications. This article is going to discuss digital certificate status validation system both theoretically and practically.OCSP is a well-known digital certificate status validation mechanism, which can overcome latency, scalability or manageability problems inherent in solutions based on CRL, and can allow a client to query a responder for the status of one or more certificates and get up-to-date information on their validity. This would be very useful in some applications, such as high-value funds transfer or large stock trades. Based on OCSP, this article is going to give a design of highly-modularized, secure, efficient and scalable online certificate status validation system and discuss the problems which emerge in practice. Finally, this article will give an analysis about the factors which affects the efficiency, scalability and security of the system.
|
PDF Full Text Request