| 证书撤销机制的分析与研究 |
| |
| 引用本文: | 邓晓军.证书撤销机制的分析与研究[J].计算机工程与设计,2007,28(7):1538-1540. |
| |
| 作者姓名: | 邓晓军 |
| |
| 作者单位: | 湖南工业大学,冶金校区信息工程系,湖南,株洲,412000 |
| |
| 摘 要: | 数字证书是实现电子政务和电子商务中实体的信任及信任验证的关键元素.CA实际可能会根据不同的情况而导致证书的意外作废或撤销,那么应使要使用证书的用户尽可能获知最新的证书情况,这对于实现PKI系统的可信性至关重要.通过分析国内外通常采用的CRL和OCSP这两种基本的证书撤销、查询方法,总结了它们的优缺点以及在实际应用过程中遇到的难点.最后提出了相应的改进措施,使用户能及时获得最新的证书状况,为电子政务和电子商务提供更可靠的安全性.
|
| 关 键 词: | 安全 数字证书 证书撤销 证书撤销列表 在线证书状态协议 证书撤销 撤销机制 分析 研究 certificate revocation mechanism research 安全性 状况 改进 过程 应用 查询方法 OCSP 可信性 系统 用户 使用 情况 关键元素 |
| 文章编号: | 1000-7024(2007)07-1538-03 |
| 修稿时间: | 2006-03-12 |
Analysis and research mechanism of certificate revocation |
| |
| DENG Xiao-jun.Analysis and research mechanism of certificate revocation[J].Computer Engineering and Design,2007,28(7):1538-1540. |
| |
| Authors: | DENG Xiao-jun |
| |
| Affiliation: | Department of Information Engineering, Metallurgical Campus, Hunan University of Technology, Zhuzhou 412000, China |
| |
| Abstract: | The digital certificate realizes the key element that the trust and trust of the entity verified in E-government and E-commerce. CA may cause the accident of the certificate to become invalid or cancel on the basis of different situations, should make it users of certificate to know the latest certificate state, this is essential for realizing the credibility of PKI. By analyzing CRL and OCSP-the two basic certificate revocation protocol, their advantages and shortcomings and difficulties in the course of using actually are summarized. The corresponding improved measures is put forward finally, it results in obtaining the newest certificate state in time and offering more reliable security for E-government and E-commerce, |
| |
| Keywords: | security digital certificate certificate revocation CRL OCSP |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
