Reducing Certificate Revocation and Non-repudiation Service in Public Key Infrastructure

Yoshiki SAMESHIMA  Toshiyuki TSUTSUMI  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E83-A   No.7   pp.1441-1449
Publication Date: 2000/07/25
Online ISSN: 
DOI: 
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Information Security
Keyword: 
X. 509 authentication framework,  public key certificate,  certificate revocation list,  non-repudiation,  time stamp,  

Full Text: PDF(322.5KB)>>
Buy this Article




Summary: 
This paper describes User Attribute with Validity Period extension field of public key certificate and Certificate Verification Service with Time Stamp. The field and service solve the problems of unavailability of the latest revoked certificate information, large size of the revocation information and lack of non-repudiation mechanism of the X. 509 Authentication Framework. The proposed extension field is useful to reduce the revoked certificate information sent from CA of an organization where there are periodical personnel changes. The Certificate Verification Service with Time Stamp is an on-line service providing certificate status and non-repudiation service. The paper shows how the combination of the field and service solves the problems and that the server can serve hundreds of thousands of messaging system users, and the security of the service is also discussed.