A Certificate Status Checking Protocol for the Authenticated Dictionary

  • Jose L. Munoz
  • Jordi Forne
  • Oscar Esparza
  • Miguel Soriano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


Public-key cryptography is widely used to secure transactions among distributed systems and the Public Key Infrastructure (PKI) is the infrastructure that allows to securely deliver the public keys to these systems. The public key delivery is usually performed by way of a digital document called certificate. Digital certificates have a limited life-time and the revocation is the mechanism under which a certificate can be invalidated prior to its expiration. The certificate revocation is one of the most costly mechanisms in the whole PKI and the goal of this paper is to present a detailed explanation of a certificate status checking protocol for an efficient revocation system based on the data structures proposed by Naor and Nissim in their Authenticated Dictionary (AD) [11]. This paper also addresses important aspects associated with the response verification that were beyond the scope of the original AD specification.


Serial Number Adjacent Node Trusted Third Party Status Check Adjacent Leaf 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aho, A.V., Hopcroft, J.E., Ullman, J.D.: Data Structures and Algorithms. Addison-Wesley, Reading (1988)Google Scholar
  2. 2.
    Aiello, W., Lodha, S., Ostrovsky, R.: Fast digital identity revocation. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 137. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Fox, B., LaMacchia, B.: Online Certificate Status Checking in Financial Transactions: The Case for Re-issuance. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 104–117. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459 (1999)Google Scholar
  5. 5.
    ITU/ISO Recommendation. X.509 Information Technology Open Systems Interconnection - The Directory: Autentication Frameworks, Technical Corrigendum (2000)Google Scholar
  6. 6.
    Kocher, P.C.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1989)Google Scholar
  8. 8.
    Micali, S.: Efficient certificate revocation. Technical Report TM-542b, MIT Laboratory for Computer Science (1996)Google Scholar
  9. 9.
    Micali, S.: NOVOMODO Scalable Certificate Validation and Simplified PKI Management. In: 1st Annual PKI Research Workshop, pp. 15–25 (2002)Google Scholar
  10. 10.
    Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 2560 (1999)Google Scholar
  11. 11.
    Naor, M., Nissim, K.: Certificate Revocation and Certificate Update. IEEE Journal on Selected Areas in Communications 18(4), 560–561 (2000)CrossRefGoogle Scholar
  12. 12.
    Wohlmacher, P.: Digital certificates: a survey of revocation methods. In: 2000 ACM workshops on Multimedia, pp. 111–114. ACM Press, New York (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jose L. Munoz
    • 1
  • Jordi Forne
    • 1
  • Oscar Esparza
    • 1
  • Miguel Soriano
    • 1
  1. 1.Telematics Engineering DepartmentTechnical University of CataloniaBarcelonaSpain

Personalised recommendations