摘要
提出了公钥基础设施 (public key infrastructure,简称 PKI)中证书吊销问题的一个新的解决方案——线索二叉排序 Hash树 (certificate revocation threaded binary sorted hash tree,简称 CRTBSHT)解决方案 .目前关于证书吊销问题的主要解决方案有 X.5 0 9证书系统的证书吊销列表 (certificate revocation list,简称 CRL)、Micali的证书吊销系统 (certificate revocation system,简称 CRS)、Kocher的证书吊销树 (certificate revocation tree,简称CRT)及 Naor- Nissm的 2 - 3证书吊销树 (2 - 3CRT) ,这些方案均不完善 .在 CRT系统思想的基础上 ,利用线索化二叉排序树及 Hash树给出的新方案 ,既继承了 CRT证明一个证书的状态 (是否被吊销 )不需要整个线索二叉树 ,而只与其中部分相关路径有关的优点 ,又克服了 CRT在更新时几乎需要对整个树重新构造的缺点 ,新方案在更新时仅需计算相关部分路径的数值 .新方案对工程实现具有一定的参考价值 .
A new solution scheme called certificate revocation threaded binary sorted Hash trees (CRTBSHT) for certificate revocation problem in public key infrastructure (PKI) is proposed. Previous solution schemes include traditional X. 509 certificates system's certificate revocation lists (CRL), Micali's Certificate Revocation System (CRS), Kocher's Certificate Revocation Trees (CRT), and Naro-Nossim's 2-3 certificate revocation trees (2-3CRT), but no one is perfect. The new scheme keeps the good properties of CRT that it is easy to check or prove whether a certificate is revoked which only needs the related path values but does not need the whole CRT values and overcomes the disadvantage of CRT that any update will cause the whole CRT to be computed completely. The new scheme has referential value to the PKI engineering practice.
出处
《软件学报》
EI
CSCD
北大核心
2001年第9期1343-1350,共8页
Journal of Software
基金
国家自然科学基金资助项目 (6 0 0 730 5 2 )
陕西省教育厅自然科学研究计划资助项目 (0 0 JK2 6 6 )~~
