• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.4
• /
• pp.83-92
• /
• 2005

D-OCSP-KIS proposed by Koga and Sakurai not only reduces the number or OCSP Responder's certificate but also criers the certificate status validation about OCSP Responder to the client. Therefore, D-OCSP-KIS is an effective method that can reduce the communication cost, computational time and storage consumption in client, but it has some problems. In case an attacker accidentally acquires an OCSP Responder's session private key in a time period (e.g., one day), she can disguise as the OCSP Responder in the time period unless the OCSP Responder recognizes. She can offer the wrong response to the client using the hash value intercepted. And the server and user on I-commerce can have a serious confusion and damage. And the computation and releasing of hash chain can be a load to CA. Thus, we propose a method detecting immediately the exposure of an OCSP Responder's session private key and the abuse of hash value in D-OCSP-KIS.