摘要： 针对在线证书状态协议(OCSP)存在的安全、证书信息源及响应器寻址等问题，提出一种改进型OCSP协议以及一个用于交叉认证系统的设计方案。该方案提高了响应器的性能，在检测证书状态的同时还可建立证书路径并验证其是否有效，避免了因信任域结构不同产生的构建证书路径难的问题。

关键词: 公钥基础设施, 在线证书状态协议, 交叉认证

Abstract: Aiming at the problems in Online Certificate Status Protocol(OCSP) such as security, the information source of certificate and searching address of OCSP responder, this paper proposes an improved OCSP and a scheme based on the improved OCSP for the cross-certification system. The scheme improves the function of the responder, constructs and validates the certificate path when the status of the certificate is given. The scheme avoids the difficulty of constructing the certificate path due to the different architecture of each trust domain.

Key words: Public Key Infrastructure(PKI), Online Certificate Status Protocol(OCSP), cross-certification

中图分类号: 

• TP393.08