Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) can respectively be used to support authentication and authorization in distributed scenarios. The validation of certificate chains is a critical issue in both infrastructures, because it requires several costly processes, such as certificate path discovery, validation of each certificate, and so on. The problem becomes even worst in devices with limited resources (battery, memory, computational capacity, etc.) as mobile devices. In this paper we present an architecture that reduces the communication and computational overhead of certificate status checking in a complete certificate chain. The proposed tracing of the certificates chains is based on a cascade certificate revocation policy.
Dynamics in Delegation and Revocation Schemes: A Logical Approach
BOELLA, Guido;Genovese, Valerio;
2011-01-01
Abstract
Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) can respectively be used to support authentication and authorization in distributed scenarios. The validation of certificate chains is a critical issue in both infrastructures, because it requires several costly processes, such as certificate path discovery, validation of each certificate, and so on. The problem becomes even worst in devices with limited resources (battery, memory, computational capacity, etc.) as mobile devices. In this paper we present an architecture that reduces the communication and computational overhead of certificate status checking in a complete certificate chain. The proposed tracing of the certificates chains is based on a cascade certificate revocation policy.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
