The US Federal PKI and the Federal Bridge Certification Authority
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on networking middleware: selected papers from the TERENA networking conference 2001
Fast Checking of Individual Certificate Revocation on Small Systems
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Optimized Certificates --- A New Proposal for Efficient Electronic Document Signature Validation
EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
Evaluation of certificate validation mechanisms
Computer Communications
Modeling and evaluation of certification path discovery in the emerging global PKI
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Revocation scheme for PMI based upon the tracing of certificates chains
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part IV
Hi-index | 0.24 |
The certificate paradigm is applied recursively to obtain the public keys of a number of Certification Authorities and, accordingly, to obtain the public keys of a number of final entities. Thus, validation of the authorized public key of a party in a network transaction is commonly based on processing the certificate chain descended from a trusted root issuer, involving non-negligible time and cost. Those chains become long in communications between large organizations, which is the typical case of e-commerce and e-government applications. The process of validation of extensive chains introduces performance problems in two aspects: signature verification and revocation checking. That is, the repeated processing of long chains of certificates creates severe efficiency problems. This fact causes that most of the advantages provided by Public Key Infrastructures (PKIs) are not conveniently exploited. In this paper we analyze the scenarios in which large volumes of digitally signed transactions between commercial entities exist. These cases require of interoperation among PKIs. We show that solutions available in those scenarios still involve processing of too long chains of certificates, either at the receiving computer or by an outsourced entity. For this reason, we propose new concepts of virtual certificate and synthetic certificate for faster and less costly processing of certificate chains. In this way, communications in a certificate-based intercommunity can be highly improved. We also show how these types of certificates can be applied in practice.