一种新的数字证书验证方案

A new validation solution for digital certificate

数字证书是PKI技术的核心,而PKI是网络安全建设的基础.标准的验证数字证书是否有效的过程非常繁杂,对此提出一种新的方案——数字证书的集中式验证方案.方案的基本思想是设置验证服务器,证书使用者作为验证客户向服务器提交请求,由服务器集中验证证书,然后将结果签名发送给客户,完成验证.利用ASN.1语法给出方案的详细描述和安全性分析,并在手机网络环境下与标准的数字证书验证方案进行了性能比较.

Digital certificate is the core of PKI,but PKI is the foundation of network security.The standard validation solution for digital certificate is very complex.A new solution is proposed,which is called central validation solution.The main idea of this new solution is that a validation server is established which can centrally validate clients′certificates.Certificate users submit a request to the validation server as validation clients,and the validation server sends the signed validation results to clients after validating certificates centrally.Detailed description with ASN.1of the solution is given.Its security is analyzed,and the performance difference between the new solution and the standard solution in mobile phone network is given.