| Public Key Infrastructures (PKI), as a part of Grid Security Infrastructures (GSI), offers basic service for Authentications and Authorization for Grid Entities. In Grid Environment, as a distributed system, each Administrative domain has its own PKI and trust CAs, and entities in different domains need Authentication when accessing each other, so a mechanism to built trust relationship among each domain is needed and the CA Cross-Certification is introduced in Grid. The Online Certificate Status protocol (OCSP) stands out due to its ability to carry near real time certificate status information and meet the need of Grid Environment. This paper proposes Extended OCSP protocol that can provide trusted status for certificate to benefit the certificate validation between different administrative domains. In this paper, we describe the Extended OCSP protocol and the framework of Extended OCSP system and thework mechanism of the system. In the Extended OCSP system, the workload of building and validating certificate path distributes to different Extended OCSP responders, and then the time of building and validating certificate path (t) has the direct ratio with the certificate path length (m). Then we have, t = o( m). Compared to the present algorithm, t = o ( rm), the Extended OCSP system greatly improves the efficiency of verification. And we also discuss the requirements for using the Extended OCSP protocol in grid. Then we design an Extended OCSP responder and built a grid environment to verify the feasibility of the Extended OCSP protocol for grid. For improving the efficiency of the system, this paper uses a Improved Distance Vector Routing Algorithm.For the professional grid, this paper propose a new Hyper Topology Trust Model(HTTM). This model has high efficiency and is more safely. HTTM provide a high efficiency and safe CA cross-certification environment for professional grid. This paper also discusses the case of HTTM used for power grid. |
PDF Full Text Request