作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (1): 36-39,4. doi: 10.3969/j.issn.1000-3428.2009.01.012

• 博士论文 • 上一篇    下一篇

基于局部签名Hash表的证书撤销列表方案

王 政,赵 明,斯雪明,韩文报   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-01-05 发布日期:2009-01-05

Certificate Revocation List Scheme Based on Partial Signature Hash Table

WANG Zheng, ZHAO Ming, SI Xue-ming, HAN Wen-bao   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-01-05 Published:2009-01-05

摘要: 在大规模应用环境中,不合理的证书撤销方案会带来巨大的运算量和网络传输负担。该文分析几类主要的证书撤销列表(CRL)机制,提出PSHT-CRL方案,综合分段CRL、重定向CRL和重复颁发CRL方案的特点,采用Hash表、局部签名和链接等方法,在确保安全性的基础上,提高用户查询和证书更新时的效率,以解决其他证书撤销方案中遇到的问题。对PSHT-CRL方案的安全性和效率进行分析,与其他CRL方案作了比较。

关键词: 公钥基础设施, 哈希表, 公钥证书, 证书撤销列表

Abstract: Large scale environment, unreasonable certificate revocation management will bring enormous operations and burden of network transmission. This paper analyzes some kinds of CRL mechanisms, puts forward a maintenance scheme of certificate revocation list named PSHT-CRL, which inherits the character of segment-CRL, redirect-CRL and over issue-CRL. PSHT-CRL uses Hash table, partial signature, and link method to ensure the scheme’s security, to reduce the cost of user request response and certificate updating. PSHT-CRL solves the problems of other revocation schemes. The security and capability of this scheme are analyzed and PSHT-CRL compared with other CRL scheme.

Key words: Public Key Infrastructure(PKI), Hash table, certificate, Certificate Revocation List(CRL)

中图分类号: