Abstract: This paper analyzes the Online Certificate Status Protocol(OCSP), and some limitations of the protocol are found. It improves the normal protocol: the improved OCSP response includes basic OCSP response and type-A OCSP response. The improved responder adopts signature in advance technology to improve efficiently the functionality based on the improved protocol. The responder resists the replay attack efficiently. It analyzes the efficiency and security of the improved OCSP responder. Experimental result shows that the average response time of the improved responder is reduced by 27%, and the response speed is improved.

Key words: Public Key Infrastructure(PKI), Online Certificate Status Protocol(OCSP), status of certificate, signature in advance

摘要： 对标准在线证书状态协议(OCSP)进行分析，发现该标准协议存在一定的局限性。在此基础上对其进行改进，改进型OCSP响应包括基本类型OCSP回复和A类型OCSP回复。改进型OCSP响应器采用预签名技术，能提高性能且有效抵御重传攻击。对该响应器进行效率和安全性分析。实验结果表明，改进后的响应器的平均响应时间减少27%，提高了响应器的响应速度。

关键词: 公钥基础设施, 在线证书状态协议, 证书状态, 预签名

CLC Number: 

• TP393.08