Decentralization Methods of Certification Authority Using the Digital Signature Schemes

摘要

A Public Key Infrastructure (PKI) is the one of the important techniques to support secure e-commerce and digital communications on networks. Many PKI trust models have been proposed and are widely used for various purposes. The trust model that one Certification Authority (CA) issues all certificates is the simplest one. It is called a single CA model. In this model the certificate verification process is very simple, however it is attended with a danger of the high ratio of exposure CA's private key. While a subordinated hierarchical model which is constructed by the multiple CAs can mitigate that risk. For this reason, the distributed CA model like the subordinated hierarchical model is needed in the real world. This paper discusses the advantages and disadvantages of the general distributed CA models. Especially we investigate in two points: (1) the effects in case that the CA's private key is compromised and (2) the certificate path processing. Then we present the new distributed CA models which the certification path is shorter than one of a subordinated hierarchical model by using a forward-secure digital signature scheme and a key-insulated digital signature scheme.