System and method for detecting exposure of OCSP responder's session private key
A system and method for detecting exposure of an OCSP responder's session private key in a D-OCSP-KIS to verify the status of a user's certificate online are provided. The system includes: a client for requesting certificate status information from the OCSP responder; the OCSP responder fo...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A system and method for detecting exposure of an OCSP responder's session private key in a D-OCSP-KIS to verify the status of a user's certificate online are provided. The system includes: a client for requesting certificate status information from the OCSP responder; the OCSP responder for receiving the certificate status information request from the client, sending a response, producing a hash value, and delivering the hash value to a certificate authority (CA) to get a certificate issued; and the CA for receiving the hash value from the OCSP responder and issuing the certificate to the OCSP responder in response to a certificate issue request; wherein the client verifies a digital signature using a hash value contained in the OCSP responder's certificate and the hash value contained in the response, and each client stores a counter value for a hash operation in each verification and recognizes the response as valid when a current counter value is greater than a previous counter value. |
|---|