15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

Efficient Certificate Status Handling within PKIs: an Application to Public Administration Services

Marco Prandini, mprandini@deis.unibo.it

DEIS - Department of Electronics, Computer and System Science
University of Bologna - Viale Risorgimento 2, 40136 Bologna, Italy

Public administrations show a strong interest in digital signature technology as a mean for secure and authenticated document exchange, hoping it will help reducing paper-based transactions with citizens. The main problem posed by this technology is with the necessary public-key infrastructure, and in particular with certificate status handling. This paper describes the definition and deployment of a web-based environment suitable for offering administrative services to citizens and for accepting authenticated documents from citizens. The best features of two different certificate status handling schemes, namely CRL and OCSP, have been exploited within this environment to obtain a good balance between security, timeliness and efficiency.