Dividing PKI in Strongest Availability Zones

摘要

Key management involves two aspects: key distribution and key revocation. This paper presents the geographic server distributed model for key revocation which concerns about the security and performance of the system. The concept presented in this paper is more reliable, faster and scalable than the existing revocation techniques used in Public Key Infrastructure (PKI) framework in various countries, as it optimises key authentication in a network. It proposes auto-seeking of a geographically distributed certifying authority's key revocation server, which holds the revocation lists by the client, based on the best service availability. The network is divided itself into the strongest availability zones (SAZ), which automatically allows the new receiver to update the address of the authentication server and replace the old address with the new address of the SAZ, in case it moves to another location in the zone, or in case the server becomes unavailable in the same zone. Our scheme eases out the revocation mechanism and enables key revocation in the legacy systems.