CAJ | 학술논문

证书撤销信息的发布成为了PKI系统大规模化的瓶颈,传统的证书撤销方案因为存在可扩展性差、实时性不强、交换数据量大等原因,不能适用于大型PKI系统中。针对以上问题,从理论上提出了一种新的证书撤销方案OLMiniCRL,新方案使用在线查询响应模式,采用MiniCRL压缩策略和NOVOMODO预签名方案,以精简的证书段的状态作为一个证书状态查询的响应。与传统的在线查询响应模式相比,新方案使用数字签名保障了数据的安全完整性,使用单向的Hash函数链保证了通信的实时性,大量减少数字签名的次数和数据处理量,降低服务器资源消耗,采用预签名方案能够提高用户查询的响应速度,具有较好的实时性、精简性和可扩展性,能够适用于对实效要求较高的大型PKI系统中。
증서철소신식적발포성위료PKI계통대규모화적병경,전통적증서철소방안인위존재가확전성차、실시성불강、교환수거량대등원인,불능괄용우대형PKI계통중。침대이상문제,종이론상제출료일충신적증서철소방안OLMiniCRL,신방안사용재선사순향응모식,채용MiniCRL압축책략화NOVOMODO예첨명방안,이정간적증서단적상태작위일개증서상태사순적향응。여전통적재선사순향응모식상비,신방안사용수자첨명보장료수거적안전완정성,사용단향적Hash함수련보증료통신적실시성,대량감소수자첨명적차수화수거처리량,강저복무기자원소모,채용예첨명방안능구제고용호사순적향응속도,구유교호적실시성、정간성화가확전성,능구괄용우대실효요구교고적대형PKI계통중。
The publishing of the certificate revocation information is the bottleneck problem for the development of the Public Key Infra-structure ( PKI) system. The conventional schemes of certificate revocation cannot apply to the large-scale PKI system due to its bad ex-pandability,low real-time performance,large switched data and so on. In view of the questions mentioned above,a new certificate revoca-tion scheme is proposed called OLMiniCRL. The new certificate revocation scheme used an on-line inquiry-response mode based on the MiniCRL compression strategies and the NOVOMODO pre-signature scheme with an efficient and simple message of certificate segment as a response to an inquiry. Compared with conventional on-line inquiry-response mode,the new certificate revocation scheme using the digital signature ensures the data security and integrity,applying the one way Hash function guarantees the real-time performance,which reduces drastically the number of digital signature so as to slow down the server resource consumption. Besides,the pre-signature scheme improves the speed of a response,has a good real-time performance,suitable expandability,which is applicable to the large-scale PKI system with a high demand of real-time performance.