클라이언트-서버환경에 적합한 효율적인 인증서상태 및 경로검증 시스템

An Efficient Certificate Status and Path Validation System for Client-Server Environment

  • 발행 : 2003.02.01


최근 공개키기반구조(Public Key Infrastructure)에 관한 연구가 활발해지면서 클라이언트나 서버의 부하를 줄이고 효율적인 연산이 가능하도록 인증서상태 및 경로검증에 관한 연구가 활발히 진행되고 있다. 그러나, 많은 관련 연구에도 불구하고, 인터넷뱅킹과 같이 실시간 처리가 필요한 대규모 클라이언트-서버 환경에서 서버가 수 많은 클라이언트들의 인증서를 동시에 검증할 수 있는 효과적인 메커니즘은 현재까지 거의 전무한 상태이다. 본 논문에서는 기존의 표준 또는 제안된 방법론들이 이러한 대규모 클라이언트-서버 환경에 적합하지 않음을 보이고, 이러한 환경에 적합한 새로운 형태의 인증서상태 및 경로검증 시스템을 제안하고자 한다.

As a research on PKI(Public Key Infrastructure) is being very popular, the study relating to certificate status and path validation is being grown with aim to reduce an overhead of the protocol and to provide an efficient operation. But in spite of a lot of related research there is still almost no protocol that we can use for real-time based client-server environment with large scale like internet banking. In this paper, we shows that the existing standards or protocols are not suitable to be used for such a real-time based client-server environment with large scale, and then proposes an efficient certificate status and path validation system.



  1. IETF RFC3280 Internet X.509 Public Key Infrastructure Certificate and CRL Profile R. Housley;W. Ford;W. Polk;D. Solo
  2. Technical Report, Valicert A Quick Introduction to Certificate Revocation Tree(CRTs) Paul Kocher
  3. 1st Annual PKI Research Workshop, Preproceedings NOVOMODO, Scalable Certificate Validation And Simplified PKI Management Silvio Micali
  4. IETF RFC 2560 X.509 Public Key Infrastructure:Online Certificate Status Protocol -OCSP M. Myers;R. Ankney;A. Malpani;S. Galperin;C. Adams
  5. IETF Internet Draft Simple Certificate Validation Protocol(SCVP) A. Malpani;R. Housley;T. Freeman
  6. PKCS #7: Cryptographic Message Syntax Standard(Version 1.5) RSA Inc.
  7. IEEE Transactions on Information Theory New Directions in Cryptography W. Diffie;M. E. Hellman
  8. Proceeding of the 15th Annual Computer Security Applications Conference A model of certificate revocation David. A. Cooper
  9. Final Proposal Draft Amendment on Certificate Extensions ITU and ISO/IEC
  10. Speed Comparison of Popular Crypto Algorithms
  11. 1998 Digital signatures using reversible public cryptography for the financial services industry(rDSA) ANSI X9.31
  12. NIST FIPS(Federal Information Processing Standards Publication) 186-1 Digital Signature Standard