| Summary: | 碩士 === 國立交通大學 === 資訊工程系 === 88 === This thesis proposes a new operation method of Certification Authority (CA), which can reduce the users’ waiting time and lower the loads of CA servers and network when users use the certifications to identify themselves without losing the security. This method should follow the standards defined in X.509, so the certifications issued by our CA can be verified and accepted by other CAs.
In order to achieve these goals, the validity periods of the certifications are limited and the extension fields of certification are used to present some date-related data. Because of the relatively short validity period, the users have to re-get the certifications every time when the certifications are expired. In order to reduce the burden of user, the time for CA to issue new certification must be short enough without leaking any information to eavesdroppers.
In consideration of the compatibility problem, this thesis totally abides the rules about CA operation protocols and CA management protocols defined in X.509. Moreover, the design of the operation method can be regarded as an extension of standard operation protocols. The proposition in this thesis is in experimental status currently. However, it is expected to use this proposition to be the standard track in the near future.
|
|---|
