Research Of Certificates Revocation Policies And Certificates Roam For WPKI

Along with the development of the wireless technology, mobile bank, mobile stock and mobile office is coming out one by one. The value-added applications brought us convenient life with a lot of security problems. The wireless Internet is similar to the wired Internet, with some limitations in bandwidth, processing capacity, memory resources, battery life and user interface. PKI can't apply in wireless Internet without any modification. On one side, the most time-cost process in PKI is the validation of certificates. In the wired Internet, the client devices, such as PCs, have strong compute capabilities. The CRL (Certificates Revocation List) is often taken in PKI. But, the client device in the wireless Internet can't endure such a complex computation. The research of certificates revocation policies is imperative. On the other side, the same certificate and its corresponding private key will be used on different device because we can connect the Internet by so many kinds of method and device. Certificates and their corresponding private keys need to roam. The research of certificates revocation policies and certificates roam for WPKI is very significant to WPKI technology.The main motivation of this paper is to analyze the difference between PKI and WPKI, to anatomy the online certificates protocol, so client part cached online protocol according to wireless payment applications can be constructed. In addition, the framework, roam protocols and security problems for certificates and their corresponding private keys will be researched and a feasible roam scheme will be give out.This paper is organized into four major sections. The first section is an introduction of PKI technology. In this section the credit service, function standard, framework and development direction of PKI technology are expounded. In the second section WPKI is introduced in several subsection. At first WAP and TLS are introduced simply. Second, the conception, constitution, basic principle, and key techniques of WPKI are described in detail. Third, the main differences between PKI and WPKI, which are the client certificates validation methods and encryption arithmetic are pointed out. At last, the problems of WPKI are listed out. The third section is most important to this paper. In this section, certificates revocation models are discussed and a revocation model that is based on mobile payment gateway is gave out. Then, off line certificates revocation policies and online certificates revocation policies are discussed. OCSP is analyzed at length. A client part cached OCSP scheme that is based on mobile payment gateway is brought forward. In this scheme, the flows of the client and responder in the certificates revocation process are expatiated in two flow charts. The computing times of certificates validation among CRL, OCSP and CPC-OCSP (based on payment gateway) are contrasted in a table. In the fourth section, the framework, roam protocol, transport issues and security consideration are present in detail. In the fifth section, the necessary and probability of certificates roam are analyzed. A feasible roam scheme is proposed. In the roam scheme, the roam idea, the encapsulation, the usage process, upload, download and delete of certificates and their corresponding private keys are set forth in detail. At last, the applying foreground of the roam scheme is brought forward. In the sixth section the main principle of the paper is generalized and the future research direction is proposed. At last, the reference and thanks are presented.