摘要
随着电子商务公司越来越多地使用数字证书 (由认证中心签发的电子身份证 )来保证在线交易的安全性 ,这一行为引发了对另一种安全性的需要 ,即对数字证书的有效性进行验证。因此 ,CA认证的一个重要操作就是验证用户的证书是否被撤销或者挂起。证书的撤销采用证书撤销列表 ,而用于验证证书状态的机制一般使用轻型目录存取协议或者在线证书状态协议。简要介绍了证书撤销列表以及基于轻型目录存取协议的目录服务机制 ,而重点讨论了基于在线证书状态协议的目录服务 ,并例举了一个在线证书状态协议的实际应用。
With more and more E commerce business companies use digital certificates(a kind of electronical identification signed by Certificate Authority) to ensure the security of on line trade, it triggered another need for security, that is to verify the digital certificates' validity. One of the important procedures in Certificate Authority is to verify whether the user's certificate has been revoked or hold. We always use Certificate Revocation List to save the revoked certificates, and use Lightweight Directory Access Protocol or Online Certificate Status Protocol as verification mechanism. This thesis mainly focused on the Directory Service based on OCSP, but simply introduced the Directory Service based on LDAP, and used an OCSP implementation as an example.
出处
《计算机应用研究》
CSCD
北大核心
2002年第9期64-67,共4页
Application Research of Computers
关键词
PKI证书
撤销
验证
公钥密码
密码学
INTERNET
Public Key Infrastructure(PKI)
Certificate Revocation List
Lightweight Directory Access Protocol
Online Certificate Status Protocol
