| Public Key Infrastructure (PKI) is based on public key cryptography and combines digital certificate technique, in order to provide secured services on network, such as confidentiality, integrity, authentication and non-repudiation. Through digital signature and encryption technique, digital certificate can implement secured communication. Before committing exchange, the verification party must verify the validity of the certificate and insure the rightness, validity and availability of the identity who holds the certificate. Then the transaction risk under network conditions will be reduced and just exchange of e-business will be secured. However, after the publication of a certificate, its validity will change to be invalid with the time passing by. And also it will become invalid because of some special reasons. In consequence, after the certificate is published, CA will publish Certificate Revocation List (CRL) for customers to download and verify. In concequence, how to keep and implement an efficient certificate revocation scheme is one important task of PKI.On the base of analyzing traditional certificate revocation schemes, the thesis proposed several CRL revocation schemes, such as Over-Issued-Segmented CRL, random CRL, improved Delta-CRL and P2P shared download scheme, etc. More or less improvements are made in these schemes to improve the CRL transmission efficiency, reduce the communication loads, lower the summit query frequency and provide timely services. So that a quick, exact and safe certificate revocation information verification scheme will be build to accommodate diversified application demands.In the dynamic verification scheme, authentiflcation data structure is used to organize CRL, so that efficient and timely on-line verification services are provided to the users. During the verification services provided by untrusted third party, the users are secured to fulfill the trusted certificate query and verification. |
PDF Full Text Request