摘要: 在PMI授权管理体系中,有关属性证书的维护是其中重要的组成部分,尤其在用户角色相对固定的大规模应用环境中不合理的证书撤销管理将会带来巨大的运算或网络传输负担。并且证书撤销列表的发布是由属性权威(AA)生成,然后交由一个公开目录对外发布。由于公开的目录不能够保证是安全可靠的,在撤销列表的发布中不能假设发布机构是可以信赖的,因此证书撤销列表也需要AA的签名来保证其真实性。该文提出了一种属性证书撤销列表的维护方案,解决了上述的问题,对方案的有效性、安全性和性能进行了分析。
关键词:
PMI,
属性权威,
属性证书,
Hash表
Abstract: In the system of privilege management infrastructure (PMI), the maintenance of attribute certificate is very important. Especially in the application environment where users’ roles are relatively fixed, unreasonable certificate revocation management will bring enormous operations or burden onto network transmission. And the release of certificate revocation list is founded by attribute authority (AA) and handed to a public directory to release. Because public directory cannot be ensured safe or credible, it cannot be supposed that the institution is credible in the release of revocation list. So the sign of AA is needed to ensure the authenticity of certificate revocation list. This paper puts forward a maintenance scheme of certificate revocation list, which solves the above problems. The validity, security and capability of this scheme are analyzed.
Key words:
PMI,
Attribute authority(AA),
Attribute certificate,
Hash table
中图分类号:
赵 明;刘 佳. 一种改进的PMI属性证书撤销方案[J]. 计算机工程, 2007, 33(12): 188-190,.
ZHAO Ming; LIU Jia. An Improved Scheme of PMI Attribute Certificate Revocation[J]. Computer Engineering, 2007, 33(12): 188-190,.