[1]敖显林,杨林,杨峰,等.一种新型在线证书状态响应方案[J].计算机技术与发展,2013,(10):130-133.
 AO Xian-lin[],YANG Lin[],YANG Feng[],et al.A New Online Certificate Status Response Scheme[J].,2013,(10):130-133.
点击复制

一种新型在线证书状态响应方案()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2013年10期
页码:
130-133
栏目:
安全与防范
出版日期:
1900-01-01

文章信息/Info

Title:
A New Online Certificate Status Response Scheme
文章编号:
1673-629X(2013)10-0130-04
作者:
敖显林12杨林2杨峰2申志军2
[1]解放军理工大学 指挥自动化学院;[2]总参第61研究所
Author(s):
AO Xian-lin[12]YANG Lin[2]YANG Feng[2]SHEN Zhi-jun[2]
关键词:
公钥基础设施证书撤销MiniCRL技术证书段
Keywords:
PKIcertificate revocationMiniCRLcertificate segment
文献标志码:
A
摘要:
证书撤销信息的发布成为了PKI系统大规模化的瓶颈,传统的证书撤销方案因为存在可扩展性差、实时性不强、交换数据量大等原因,不能适用于大型PKI系统中。针对以上问题,从理论上提出了一种新的证书撤销方案OLMiniCRL,新方案使用在线查询响应模式,采用MiniCRL压缩策略和NOVOMODO预签名方案,以精简的证书段的状态作为一个证书状态查询的响应。与传统的在线查询响应模式相比,新方案使用数字签名保障了数据的安全完整性,使用单向的Hash函数链保证了通信的实时性,大量减少数字签名的次数和数据处理量,降低服务器资源消耗,采用预签名方案能够提高用户查询的响应速度,具有较好的实时性、精简性和可扩展性,能够适用于对实效要求较高的大型PKI系统中
Abstract:
The publishing of the certificate revocation information is the bottleneck problem for the development of the Public Key Infra-structure ( PKI) system. The conventional schemes of certificate revocation cannot apply to the large-scale PKI system due to its bad ex-pandability,low real-time performance,large switched data and so on. In view of the questions mentioned above,a new certificate revoca-tion scheme is proposed called OLMiniCRL. The new certificate revocation scheme used an on-line inquiry-response mode based on the MiniCRL compression strategies and the NOVOMODO pre-signature scheme with an efficient and simple message of certificate segment as a response to an inquiry. Compared with conventional on-line inquiry-response mode,the new certificate revocation scheme using the digital signature ensures the data security and integrity,applying the one way Hash function guarantees the real-time performance,which reduces drastically the number of digital signature so as to slow down the server resource consumption. Besides,the pre-signature scheme improves the speed of a response,has a good real-time performance,suitable expandability,which is applicable to the large-scale PKI system with a high demand of real-time performance

相似文献/References:

[1]刘华春.基于PKI的网上证券交易系统的构建[J].计算机技术与发展,2009,(07):173.
 LIU Hua-chun.Implementing a System of On - line Securities Trading Based on PKI Technology[J].,2009,(10):173.
[2]贺锋 王汝传.一种基于PKI的P2P身份认证技术[J].计算机技术与发展,2009,(10):181.
 HE Feng,WANG Ru-chuan.A Peer- to- Peer Identity Authentication Technology Based on PKI[J].,2009,(10):181.
[3]邓晓军.PKI技术及其应用的分析[J].计算机技术与发展,2008,(06):144.
 DENG Xiao-jun.Analysis of PKI Technology and Its Application[J].,2008,(10):144.
[4]陈翔 庄毅 吴学成.椭圆曲线加密算法及其在PKI中应用模型的研究[J].计算机技术与发展,2006,(03):129.
 CHEN Xiang,ZHUANG Yi,WU Xue-cheng.Research on ECC and Application Model of ECC to PKI[J].,2006,(10):129.
[5]芦佳 卫强 陈兵.基于RFID技术的防伪平台的设计与实现[J].计算机技术与发展,2012,(05):233.
 LU Jia,WEI Qiang,CHEN Bing.Design and Implementation of Anti-Counterfeit System Based on RFID[J].,2012,(10):233.

更新日期/Last Update: 1900-01-01