共查询到18条相似文献,搜索用时 171 毫秒
1.
在公钥基础设施当中,数字证书有可能在没有到期就要撤销它.PKI主要提供了两种证书撤销方法,就是周期性发布的证书撤销列表CRL和在线证书状态协议OCSP.详细地分析了CRL和OCSP两种证书撤销机制的优点和局限性,结合两者各自的优点,提出了一个高效实用的证书验证机制.给出了该机制的工作原理,并详细地介绍了的实现方法. 相似文献
2.
3.
证书撤销是公钥基础设施PKI(Public Key Infrastructure)研究和应用的难点问题.首先讨论了当前应用最广泛的两类证书撤销机制:证书撤销列表CRL(Certificate Revocation List)和在线证书状态协议OCSP(0nline Certificate Status Protoco1),剖析了这两种机制各自存在的不足.在此基础上,提出了一种基于单向哈希函数的证书撤销机制. 相似文献
4.
5.
轻量级目录访问协议(LDAP)是互联网中的一门新技术,目录服务作为数字证书系统、统一认证和授权管理系统的核心基础设施,为公钥数字证书和公钥属性证书提供查询、证书废止列表查询.探讨了LDAP目录服务PKI/PMI中的应用方案,着重论述了如何建立证书库的应用. 相似文献
6.
针对数字证书撤销列表更新中大量结点同时请求数据造成的系统性能瓶颈,本文提出了基于P2P的数字证书撤销列表更新方案,利用客户结点的资源改善证书撤销列表的更新性能;以数字校园应用为背景建立了分析模型,对所提方案进行了分析比较。 相似文献
7.
8.
9.
基于单向散列链的公钥证书撤销机制 总被引:5,自引:0,他引:5
证书撤销是公钥基础设施(PKI,Public Key Infrastructure)研究和应用的难点问题.本文首先讨论了当前应用最广泛的两类证书撤销机制一证书撤销列表(CRL,Certificate Revocation List)和在线证书状态罅议(OCSP,Online Certificate Status Protocol),剖析了这两种机制各自存在自的不足.在此基础上,提出了一种基于单向散列链的证书撤销机制. 相似文献
10.
11.
12.
13.
14.
15.
CA认证系统是PKI的核心组成部分,它负责为PKI中的实体颁发公钥证书。公钥证书是将实体的身份和公开密钥绑定在一起的一种数据结构,数字证书是整个PKI的核心技术,管理证书的证书系统就成为PKI的核心部分。 相似文献
16.
Authentication and authorization in many distributed systems rely on the use of cryptographic credentials that in most of
the cases have a defined lifetime. This feature mandates the use of mechanisms able to determine whether a particular credential
can be trusted at a given moment. This process is commonly named validation. Among available validation mechanisms, the Online Certificate Status Protocol (OCSP) stands out due to its ability to carry
near real time certificate status information. Despite its importance for security, OCSP faces considerable challenges in
the computational Grid (i.e. Proxy Certificate’s validation) that are being studied at the Global Grid Forum’s CA Operations
Work Group (CAOPS-WG). As members of this group, we have implemented an OCSP validation infrastructure for the Globus Toolkit
4, composed of the CertiVeR Validation Service and our Open GRid Ocsp (OGRO) client library, which introduced the Grid Validation Policy. This paper summarizes our experiences on that work and the results obtained up to now. Furthermore we introduce the prevalidation concept, a mechanism analogous to the Authorization Push-Model, capable of improving OCSP validation performance in Grids.
This paper also reports the results obtained with OGRO’s prevalidation rules for Grid Services as a proof of concept.
相似文献
Oscar MansoEmail: |
17.
Windows 2000的发布使开发中小企业的CA成为可能。CA在基于PKI的电子商务安全应用中起者核心的作用。文章详细地介绍了 PKI的结构和组成,深入地分析了Windows2000 PKI的结构和其认证服务。最后给出了如何在win2k PKI和其中的认证服务框架下,定制企业独立CA认证中心的技术方法,即如何编写用户的策略模块,并且给出了采用了Visual Basic 6.0具体实现。 相似文献
18.
Jose L. Muñoz Oscar Esparza Jordi Forné Esteve Pallares 《Electronic Commerce Research》2008,8(4):255-273
Public-key cryptography is widely used as the underlying mechanism for securing many protocols and applications in the Internet.
A Public Key Infrastructure (PKI) is required to securely deliver public-keys to widely-distributed users or systems. The
public key is usually made public by means of a digital document called certificate. Certificates are valid during a certain
period of time; however, there are circumstances under which the validity of a certificate must be terminated sooner than
assigned and thus, the certificate needs to be revoked. The Online Certificate Status Protocol (OCSP) is one of the most used
protocols for retrieving certificate status information from the PKI. However, the OCSP protocol requires online signatures,
which is a costly operation. In this article, we present an improvement over OCSP based on hash chains that reduces the processing
burden in the server which in turn provides an additional protection against attacks based on flooding of queries.
相似文献
Esteve PallaresEmail: |