X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP

Myers, Michael; Ankney, Rich; Malpani, A.; Galperin, Slava; Adams, Carlisle

doi:10.17487/rfc6960

Cited by 353 publications

(136 citation statements)

References 5 publications

Supporting

Mentioning

121

Contrasting

Order By: Relevance

“…(2) OCSP scheme: the OCSP scheme is a protocol proposed by the IETF's PKIX working group in RFC2560 [1,2]. Compared with the certificate revocation information provided by CRL, it can meet the requirement of more timely operation, so the OCSP scheme can be used as a substituting or supplementary mechanism of CRL.…”

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

“…The CDS OCSP-based scheme performs cross-validation among four entities. So, assuming that the deployment of all certificates has been completed, which includes the OCSP server certificate [9], and that the request and response format is appropriately modified in OCSP [2,21,22], the interactive procedure among the mobile terminal, the content server, the directory server, and the OCSP server is described as shown in Figure 6.…”

Section: The Procedures Of Cds Ocsp-basedmentioning

confidence: 99%

“…WPKI (Wireless Public Key Infrastructure) is the main solution for the security of mobile e-commerce [1,2]. In the entire mobile e-commerce transactions, the WPKI mechanism provides the issuance and verification of the certificates and ensures the validity and legitimacy of the certificates [3,4].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Liu

et al. 2018

Mathematical Problems in Engineering

View full text Add to dashboard Cite

Aiming at the problems of the WPKI certificate verification schemes based on online certificate status protocol (OCSP), this paper proposes a WPKI certificate verification scheme based on the certificate digest signature-online certificate status protocol (CDS OCSP). Compared with the existing schemes, the proposed scheme optimizes the number of communication connections between the communication entities and the network, reduces the consumption of the wireless network bandwidth in the certificate verification process, and uses the elliptic curves cipher-(ECC-) based encrypting/decrypting functions to sign and verify the certificate digest, which ensures the consistency of the verified certificates among the communication entities. The proposed scheme makes the certificate verification process more efficient and secure. The experimental results show that the proposed scheme effectively reduces the communication consumption of the wireless network and saves the storage space of the wireless entities.

show abstract

Section: Wpki's Certificate Verification Schemementioning

confidence: 99%

Section: The Procedures Of Cds Ocsp-basedmentioning

confidence: 99%

See 1 more Smart Citation

WPKI Certificate Verification Scheme Based on Certificate Digest Signature-Online Certificate Status Protocol

Liu

et al. 2018

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…A certificate revocation list (CRL) [14] is a list of revoked credential identifiers, published by the issuer. Alternatively, the verifier can ask the issuer if a credential is still valid using the Online Certificate Status Protocol (OCSP) [27]. Both situations require the credential to be recognizable, which is undesirable for ABCs.…”

Section: Related Workmentioning

confidence: 99%

Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers

Lueks¹,

Alpár²,

Hoepman³

et al. 2015

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract. Attribute-based credentials allow a user to prove properties about herself anonymously. Revoking such credentials, which requires singling them out, is hard because it is at odds with anonymity. All revocation schemes proposed to date either sacrifice anonymity altogether, require the parties to be online, or put high load on the user or the verifier. As a result, these schemes are either too complicated for low-powered devices like smart cards or they do not scale. We propose a new revocation scheme that has a very low computational cost for users and verifiers, and does not require users to process updates. We trade only a limited, but well-defined, amount of anonymity to make the first practical revocation scheme that is efficient at large scales and fast enough for smart cards.

show abstract

“…During TLS tunnel establishment, TLS extensions MAY be used. For instance, the Certificate Status Request extension [RFC6066] and the Multiple Certificate Status Request extension [RFC6961] can be used to leverage a certificate-status protocol such as Online Certificate Status Protocol (OCSP) [RFC6960] to check the validity of server certificates. TLS renegotiation indications defined in RFC 5746 [RFC5746] MUST be supported.…”

Section: Teap Authentication Phase 1: Tunnel Establishmentmentioning

confidence: 99%