A certificate status checking protocol for the Authenticated Dictionary

Abstract

Public-key cryptography is widely used to secure transactions among distributed systems and the Public Key Infrastructure (PKI) is the infrastructure that allows to securely deliver the public keys to these systems. The public key delivery is usually performed by way of a digital document called certificate. Digital certificates have a limited life-time and the revocation is the mechanism under which a certificate can be invalidated prior to its expiration. The certificate revocation is one of the most costly mechanisms in the whole PKI and the goal of this paper is to present a detailed explanation of a certificate status checking protocol for an efficient revocation system based on the data structures proposed by Naor and Nissim in their Authenticated Dictionary (AD) [11]. This paper also addresses important aspects associated with the response verification that were beyond the scope of the original AD specification. © Springer-Verlag Berlin Heidelberg 2003.