首页 | 本学科首页   官方微博 | 高级检索  
     


A unified and flexible solution for integrating CRL and OCSP into PKI applications
Authors:Diana Berbecaru  Amarkumar Desai  Antonio Lioy
Affiliation:Politecnico di Torino, Dip. di Automatica e Informatica, C.‐so Duca degli Abruzzi 24, 10129 Torino, Italy
Abstract:Public key certificates (PKCs) are used nowadays in several security protocols and applications, so as to secure data exchange via transport layer security channels, or to protect data at the application level by means of digital signatures. However, many security applications often fail to manage properly the PKCs, in particular when checking their validity status. These failures are partly due to the lack of experience (or training) of the users who configure these applications or protocols, and partly due to the scarce support offered by some common cryptographic libraries to the application developers. This paper describes the design and implementation of a light middleware dealing with certificate validation in a unified way. Our middleware exploits on one side the libraries that have already been defined or implemented for certificate validation, and it constructs a thin layer, which provides flexibility and security features to the upper layer applications. In our current approach, this layer boasts an integrated approach to support various certificate revocation mechanisms, it protects the applications from some common security attacks, and offers several configuration and performance options to the programmers and to the end users. We describe the architecture of this approach as well as its practical implementation in the form of a library based on the famous OpenSSL security library, and that can be easily integrated with other certificate‐aware security applications. Copyright © 2009 John Wiley & Sons, Ltd.
Keywords:security  middleware  certificate validation  CRL  OCSP  OpenSSL library
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号