2012 IEEE 14th International Conference on e-Health Networking, Applications and Services (Healthcom)
A Viable and Sustainable Key Management Approach
for a National E-health Environment
Pei-Yuan Shen Vicky Liu
Science and Engineering Faculty Science and Engineering Faculty
Queensland University of Queensland University of
Technology Technology
Brisbane, Australia Brisbane, Australia
py.shen@qut.edu.au v.liu@qut.edu.au
Abstract— To protect the health information security,
cryptography plays an important role to establish
confidentiality, authentication, integrity and non-repudiation.
Keys used for encryption/decryption and digital signing must
be managed in a safe, secure, effective and efficient fashion.
The certificate-based Public Key Infrastructure (PKI) scheme
may seem to be a common way to support information
security; however, so far, there is still a lack of successful
large-scale certificate-based PKI deployment in the world. In
addressing the limitations of the certificate-based PKI scheme,
this paper proposes a non-certificate-based key management
scheme for a national e-health implementation. The proposed
scheme eliminates certificate management and complex
certificate validation procedures while still maintaining
security. It is also believed that this study will create a new
dimension to the provision of security for the protection of
health information in a national e-health environment.
Keywords- non-certificate-based public key cryptosystem; e-
health security; e-health solutions
I. INTRODUCTION
E-health systems have the potential to improve the
quality, continuity and capacity of healthcare provision.
Numerous countries across the globe, therefore, have
national e-health initiatives at some stage of investigation or
implementation, including Australia, the United Kingdom,
the Netherlands, Canada, the United States, and Singapore.
Significantly, the protection of e-health information
security plays a critical role in the success of any e-health
implementation. For instance, the United States’ Health
Insurance Portability and Accountability Act (HIPAA) 1996
was enacted to encourage a move towards electronic health
information systems, while requiring safeguards to ensure
security and confidentiality of health information.
To protect the security and confidentiality of health
information, cryptography can be used and should be used to
establish confidentiality, authentication, integrity and non-
repudiation. Keys used for encryption/decryption and digital
signing must be administrated in a safe, secure, effective, and
efficient manner. Key management is, therefore, critical to
the protection of health information.
978-1-4577-2040-6/12/$26.00 ©2012 IEEE 347
William Caelli
Science and Engineering Faculty
Queensland University of
Technology
Brisbane, Australia
w.caelli@qut.edu.au
The Australia’s National Authentication Service for
Health (NASH) project adopts a certificate-based Public Key
Infrastructure (PKI) scheme to support security for
Australia’s national e-health services, when implemented [1].
In fact, security services based on the certificate-based PKI
scheme have a number of well-recognized limitations
particularly in a large-scale environment, including
complexity in certificate verification and management,
scalability, performance, and timeliness [2]. As such, these
limitations cannot be ignored, when a national e-health
implementation is based on the certificate-based PKI
scheme. The research question investigated in this paper is
stated as follows:
Is the certificate-based PKI scheme suitable to support
security for a large-scale national e-health implementation?
If not, is it possible to create an effective, efficient and
scalable public key management scheme to support security
for a national level of e-health implementation, without
comprising security?
A. Research Scope and Assumptions
In addressing the limitations of the certificate-based PKI
scheme particularly in a large-scale environment, this paper
proposes a non-certificate-based public key management,
Public Key Registry (PKR) scheme to support security,
which is suitable for a national level of e-health
implementation. Despite the fact that Identity-based (ID-
based) cryptography is the one of well-known non-
certificate-based key management schemes, it seems
unfeasible to use ID-based cryptosystems to support security
for a national e-health implementation. With ID-based
cryptography, the Key Generation Centre (KGC) generates
private keys for subscribers. As such, the KGC may sign or
decrypt any message without authorization. This implies that
ID-based cryptography is unrealistic to be used for non-
repudiation. This study, therefore, is focused on the proposed
non-certificate-based PKR scheme compared to the
certificate-based PKI scheme.
Undoubtedly, health information is highly sensitive by its
nature. It is critical to protect such information from any
security hazards and privacy threats. Inevitably healthcare
applications or databases must be executed upon a trusted
platform, commonly referred as a “trusted computing base
(TCB), against potential internal and external threats.
Without a TCB, any control systems are subject to
compromise. For this reason the proposed PKR scheme is
operated on top of a TCB system.
This paper mainly describes the proposed architecture for
a national e-health implementation as well as assesses the
performance and scalability of the proposed solution with the
use of simulation.
B. Contributions
This research proposes a new viable and sustainable non-
certificate-based public key scheme, particularly suitable for
a large-scale e-health implementation. The contributions of
this proposed PKR scheme are summarized as follows:
1) Provision of a reliable key management scheme
In the proposed PKR scheme, public key information is
recorded within the Public Key Directory (PKD) to reflect
real-time updates. The proposed PKR scheme always
correctly provides the key authenticity and validation in real-
time. In contrast, in the certificate-based PKI scheme, the
Certificate Revocation List (CRL) is published by the issuing
Certification Authority (CA) only periodically. As such, a
revoked key may be falsely believed as valid until the next
scheduled release of the new CRL.
2) Elimination of expensive key management cost and
complex key verification process
The proposed non-certificate-based PKR scheme
contains entities’ referencing names associated with the
public keys in the PKD. Without certification, the complex
certificate verification procedures and high certificate
management costs can be eliminated; performance and
scalability can be improved.
II. RELATED WORK
A number of studies [1, 3-8] discuss the use of the
certificate-based PKI scheme to support authentication, data
encryption and digital signing services for e-health systems.
For example, the German Health Telematics project [8] and
the European TrustHealth project [3] both adopt the
certificate-based PKI scheme to support authentication and
digital signing services for their national e-health systems.
Moreover, the NASH project [1] has adopted a certificate-
based PKI scheme to support authentication, digital signing,
and encryption services to enable Australia’s national e-
health rollout.
Security services based on the certificate-based PKI
scheme, however, has a number of limitations, including
high operation costs, management complexity,
interoperability, and scalability problems [9-14]. Adams and
Lloyd [2] state that certificate revocation is a well-known
problem with the certificate-based PKI scheme particularly
in a large-scale environment. The certificate revocation
issues can be mainly categorized into scalability, efficiency,
and timeliness.
The authors of this paper argue another weakness of
employing the certificate-based PKI scheme is its complex
348
certificate verification procedures. For example, to verify
digital signature, the verification procedures include: i)
checking on the expiration date of the signer’s certificate, ii)
validating the signature on the signer’s certificate signed by
its issuing CA, and iii) affirming the certificate is not
revoked against the CRL. Furthermore, if the signer and
verifier are from different CA domains, certificate
verification procedures involve even more complicated and
time-consuming cross-certification procedures. It is,
therefore, reasonable to argue that the use of the certificate-
based PKI scheme presents an inefficient, complicated and
unscalable solution to support security, particularly for a
large scale implementation.
Numerous studies on certificate revocation mechanisms
have been proposed to improve the performance and
scalability of the certificate-based PKI scheme, such as
Certificate Revocation System (CRS) [15], Certificate
Revocation Tree (CRT) [16], Delta CRL [17], and On-line
Certificate Status Protocol (OCSP) [18]. The use of CRS and
CRT for certificate revocation still has a number of
weaknesses, including the complexity of certificate
verification and the latency associated with certificate status-
updating [9, 11, 19]. Cooper [20] asserts that the Delta CRL
mechanism does not improve the performance and scalability
of the certificate-based PKI scheme. Slagell et al. [13] argue
that the use of OCSP only checks the revocation status of an
identified certificate, but does not verify the certificate
authenticity. In comparison, the proposed PKR scheme
allows subscribers to obtain the required public key directly
via PKD, rather than using CRS, CRT, Delta CRL or OCSP
to check the certificate revocation status.
III. OUR PROPOSED PUBLIC KEY REGISTRY SCHEME IN E-
HEALTH SYSTEM
In addressing the shortcomings of the certificate-based
PKI scheme mentioned above, this paper proposes a non-
certificate-based regime, Public Key Registry (PKR), to
streamline public key management and to facilitate the
procedures of encryption and digital signing in a national e-
health environment.
A. PKR overview
The design rationale underlying the proposed PKR
scheme draws on principles used in the original “Public File”
proposed by Diffie and Hellman [21]. The concept of the
Public File is analogous to a phone book, which contains
entities referencing names associated with the public keys.
The major feature of the proposed PKR scheme is to manage
public keys without certification. In the proposed PKR
scheme, there is no CAs and certificate revocation required.
The proposed scheme allows each participant to obtain the
requested public key directly via PKD.
The key management of the proposed PKR scheme,
participants rely on a trusted healthcare authority to associate
the subscriber’s identity to the corresponding public keys
without certification. In the proposed PKR scheme, the
essence of trust is placed in the key management authority
directly. In contrast, the certificate-based PKI scheme places
trust in the certificate and the issuing CA. With the proposed
PKR scheme, there are no certificate management and
certificate revocation issues. The relying party obtains the
requested public key directly via PKD without the
complicated certificate verification procedures.
B. PKR Structure
The proposed PKR scheme consists of two major parts: i)
the PKR components; and ii) the key management protocol.
1) PKR components:
The PKR components include the healthcare provider
entity and PKD. The healthcare provider entity is referred to
all participating individual healthcare providers and
healthcare organizations in a national e-health
implementation.
a) Healthcare provider entity
Key pair generation should be performed in the key
owner’s system for security reasons. For instance, the
healthcare provider can generate his/her key pair with the use
of a TCB system. With the proposed PKR scheme, the
trusted healthcare authority is responsible for the
identification, authentication and key management for a
national e-health implementation.
b) Public Key Directory (PKD)
It is envisioned that PKD is devised in the context of a
Domain Name System (DNS). The DNS structure is based
around a globally distributed, hierarchical database structure
that relies upon replication for resilience. The PKD within
the proposed PKR architecture is a facility runs at a national
level. PKD is a public key database contains records of each
key owner’s identity with its associated public key and other
related information. Explicitly, the data structure of PKD is
based on the Hash Table function to map the identity to the
related public key. Such a critical system is considered
necessary to be built on top of a TCB system for safe and
reliable operation.
3. A smart card is issued to the subscriber containing
the subscriber’s identifier, key pair, and the trusted
healthcare authority’s public key.
b) Public key revocation:
The public key revocation process comprises the
following steps:
1. Upon receipt of a key revocation request by a
subscriber, the trusted healthcare authority verifies
the subscriber’s identity and credentials.
2. The trusted healthcare authority revokes subscriber’s
key and maintains a key log containing relevant key
revocation history.
3. The trusted healthcare authority then registers the
new key, as described in the public key registration
procedures.
C. Use Cases
This section uses two use cases to illustrate how the
proposed PKR scheme can support the integrity and
confidentiality for a national e-health implementation. Use
case 1 illustrates how the data integrity is maintained under
the proposed PKR scheme. Use case 2 shows how the
confidentiality is supported by the proposed scheme.
Use Case 1: Data integrity supported by the proposed
PKR scheme
A general practitioner (GP) sends a referral letter to a
medical specialist over an open data network. This referral
letter requires an assurance of integrity. The conceptual data
flow diagram of this use case is shown in Figure 1.
GP (Signer)
Medical specialist Public Key
(Verifier) Directory
Transmitting
signed message
Step1

2) Key Management Protocol Creation of a digitally

signed message
The public key management involves the administration
and maintenance of healthcare providers’ identifiers and
associated public keys in the PKD system without Public  key  query
certification. The public key management process consists of Step2
Search
Search requested
requested
two major procedures: public key registration and public key public
public key
key
Public  key  response
revocation. The public key registration involves key
distribution and public key registration. The key revocation
process revokes and records the keys are no longer valid.
Digital signature attestation
a) Public key registration: Step3

The public key registration procedure is used to register

the healthcare provider’s public key with the trusted
healthcare authority, involving the following steps:
1. The healthcare provider (subscriber) is required to
present his/her key pair, identification and related
credentials in person to the trusted healthcare
authority for verification.
2. Then, the trusted healthcare authority registers
subscriber’s public key associated with its
Healthcare Identifier to PKD.
Authentication Data Integrity
Figure 1. Data integrity supported by the proposed PKR scheme
Step 1: A GP (signer) sends a digitally signed message to the
medical specialist (verifier)
Step 2: The verifier sends a digitally signed key query
message to PKD to obtain signer’s public key. PKD
validates the integrity of the received query message. Upon
successful validation, PKD retrieves signer’s public key.

349
Then PKD sends a digitally signed message containing
signer’s public key back to the verifier.
Step 3: The verifier validates the integrity of received
message containing signer’s public key from PKD. Then, the
verifier can verify the digital signature on the signed referral
to ensure the authenticity of the received referral letter.
Use Case 2: Confidentiality supported by the
proposed PKR scheme
Please note that symmetric key encryption is used for
data encryption for efficiency. The key used for data
encryption/decryption is called secret key/symmetric
key/session key. Public key encryption is used to distribute
the symmetric key.
A physician “A” from a hospital needs to send a
discharge summary to a patient’s GP “B”. This discharge
summary requires an assurance of confidentiality. The
conceptual data flow diagram of this use case is shown in
Figure 2. The encryption and decryption procedures are
illustrated below:
Step 1:
• A sends digitally signed key query for B’s public key
to PKD.
• PKD verifies the signed query and then replies with
digitally signed response containing B’s public key.
• By the same token, B obtains A’s public key.
IV. ANALYSIS AND EVALUATION
This section examines the efficiency and scalability of
the public key distribution process of the proposed PKR
scheme by comparing it to the certificate-based PKI scheme.
Based on the following evaluation results, this research
demonstrates that the proposed PKR scheme is a more
efficient and scalable approach for public key distribution,
management and verification than the certificate-based PKI
scheme for a national e-health implementation.
A. Efficiency Analysis
As indicated in Table I, the public key distribution
process under the certificate-based PKI scheme involves
complex certificate verification procedures. These include
checking the expiration date of the certificate, downloading
the latest CRL, verifying the signature on the CRL, checking
Provider B’s certificate against the CRL, and verifying the
signature on Provider B’s certificate.
In contrast, the proposed PKR scheme does not require
complicated certificate verification procedures to
disseminate public keys. Provider A simply sends a key
query to PKD to request Provider B’s public key. PKD
searches B’s public key and then replies A with B’s public
key. Compared to the certificate-based PKI scheme, the
public key distribution under the proposed PKR scheme is
noticeably simplified and more efficient.
TABLE I. A COMPARISON OF PUBLIC KEY DISTRIBUTION BETWEEN
THE CERTIFICATE-BASED PKI SCHEME AND THE PROPOSED PKR SCHEME

• After A and B have obtained each other’s public key Certificate-based PKI Proposed PKR scheme
scheme
from PKD, A and B can derive the session key for
Provider A requests Provider A sends a digitally-
message encryption and decryption. Provider B’s public key signed key query requesting
directly. Provider B’s public key via
Step 2: Certificate
PKD.
request
• A encrypts the discharge summary with the session B replies with a digitally-
signed message including Not required
key and then sends it to B. his/her certificate.
• B receives the encrypted discharge summary and then A validates the expiration
date of B’s digital Not required
uses the same session key to decrypt the received certificate.
discharge summary. Upon successful decryption, the A downloads the up-to-
received message is rendered to B. date CRL from the issuing Not required
CA.
Healthcare Provider A Public Key Directory Healthcare Provider B A validates the digital PKD searches A’s key to
signature on the CRL validate the signature on the
signed by the issuing CA. query message.
Public key query Public key query Certificate Upon successful Upon successful validation,
verification validation, A checks if B’s PKD searches for B’s public
Search requested certificate has been key.
Step1 Public key Search requested
public
public key
key Public key
response
response
revoked against the CRL.
A validates the digital
signature on B’s
Not required
certificate signed by the
Session key negotiation issuing CA.
PKD replies to A with a
Not required digitally signed message
containing B’s public key.
A validates B’s signature A verifies the digital
Encrypted data transmissions
on the replied message. signature on the message
Step2 Signature
sent from PKD to validate
verification
the integrity of received
message.
Figure 2. Confidentiality supported by the proposed PKR scheme

350
 Upon successful A successful has obtained 100,000 166.381 19.359 11.520
Public key validation, A extracts B’s B’s public key. 1,000,000 1546.506 77.034 11.523
acquisition public key from B’s 2,000,000 3079.027 140.168 11.524
certificate. 3,000,000 4611.820 203.573 11.528
4,000,000 6137.384 259.750 11.529
B. Scalability Evaluation Based on the simulation results, Figure 3 further
This study develops a simulator to measure the demonstrates a trend analysis for the communication cost of
performance between the certificate-based PKI scheme and using the certificate-based PKI and proposed PKR schemes
the proposed PKR scheme in environments of different scale. in environments of different scale. The certificate-based PKI
The simulator is developed in Java language, operated on an scheme, as the number of subscribers grows, the
Intel Core i7 2.2GHz with 8GB RAM. This simulation is communication cost increases exponentially. In contrast, the
based on the following assumptions and environments: proposed PKR scheme remains a constant low level of
communication cost regardless of the number of subscribers.
• With the certificate-based PKI scheme, only one CA
As such, the proposed PKR is proven as a more efficient and
exists. To manage certificate revocation, the CA
scalable scheme for key distribution than the certificate-
adopts the CRL mechanism.
based PKI scheme particularly within a large scale
• The certificate revocation rate is 10 percent per year, environment.
and certificates have been issued for one year.
Communication  cost
• According to National Institute of Standards and (milliseconds)
7000
Technology (NIST) Public Key Infrastructure Study:
Final Report [22], the estimated the CRL size is 51 6000
bytes plus 9 bytes for each revoked certificate on the
CRL. 5000
Certificate-­‐based  PKI
(Type  A)
• The number of subscribers is set to α. (let α = 1,000, 4000
Certificate-­‐based  PKI
10,000, 100,000, 1,000,000, 2,000,000, 3,000,000, and 3000 (Type  B)
4,000,000) The  proposed  PKR
2000 scheme
• An assumed network transmission speed is 4.9 Mbps.
1000
• The singing and encryption is based on the Elliptic
Curve Digital Signature Algorithm (ECDSA) SHA- 0 Number of  subscribers
256.
C. Simulation Results
The Table II indicates that the simulation results of the
Figure 3. Comparison of communication cost of certificate-based PKI and
performance of the certificate-based PKI scheme and the proposed PKR scheme
proposed PKR scheme in environments of different scale. In
certificate-based PKI scheme, the simulation results are With its limitation of the proposed PKR scheme, as the
classified to two types: type A is the subscriber has to number of subscribers grows, to implement the proposed
download the latest CRL during the public key distribution PKR scheme would require a constant bandwidth available
process and type B is the subscriber has already downloaded to support simultaneous key queries and responses. In fact,
the CRL previously. When the number of subscribers grows, as transmission bandwidth is increasing with evolving
the communication cost arises in both types of certificate- technology, to meet the constant bandwidth requirement
based PKI scheme. Particularly, as subscribers grow to 4 should not be a major issue for the implementation of the
million, the communication cost of type A soars to 6000 proposed PKR scheme.
milliseconds (ms) approximately. It implies that the
communication cost of employing a certificate-based PKI V. CONCLUSION AND FUTURE WORK
scheme is significantly impacted if downloading CRL is Notwithstanding the obvious potential advantages of
required. In the proposed PKR scheme, the communication information and communications technology in the enhanced
cost remains much lower than the certificate-based PKI provision of healthcare services, there are some concerns
scheme, which is at approximately 11 ms whether the
associated with access to electronic health information.
number of subscribers is a thousand or 4 million. Violations of the privacy and security of health records can
significantly undermine both healthcare providers’ and
TABLE II. SIMULATION RESULTS OF COMMUNICATION COST OF
CERTIFICATE-BASED PKI AND PROPOSED PKR SCHEME IN ENVIRONMENTS consumers’ confidence and trust in e-health systems. A crisis
OF DIFFERENT SCALE in confidence in any national e-health system could seriously
Number of Certificate-based PKI scheme Proposed PKR
degrade the realization of the system’s potential benefit. This
subscribers α cost (milliseconds) scheme cost paper emphasizes on the significance of security and privacy
Type A Type B (milliseconds) protection for health information systems, since these
1,000 15.016 13.464 11.518 elements play a vital role in the successful implementation of
10,000 28.798 14.021 11.519 a national e-health system.

351
 To protect the security and confidentiality of health
information, cryptography plays an important role to
establish confidentiality, authentication, integrity and non-
repudiation. Key management is critical to the protection of
patient information. The keys used for encryption and digital
signing must be managed in an effective and efficient
fashion. The certificate-based PKI scheme may seem to be a
common way to support security services in electronic
communication environments; however, so far, there is still a
lack of successful large-scale certificate-based PKI scheme
deployment in the world.
The outcome of this research is a roadmap of viable and
sustainable architecture as a scalable, effective, and efficient
approach to support security for a national e-health
implementation. The proposed solution requires no
certificate management and complex certificate validation
procedures, while still maintaining security. It is also
believed that this study can provide a new dimension to the
provision of security for the protection of privacy and
security health information.
In achieving a high level of information assurance in a
contemporary e-health system environment, privacy and
security requirements need to be addressed from a holistic
manner. This paper, however, is intended to focus on an
efficient and scalable key management strategy to support
security for a national level of e-health implementation.
There are a number of issues beyond the scope of this paper,
which remain for future research. These issues include the
assurance and protection of e-health systems in the next-
generation Internetworking environment. Inevitably, health
information systems will need to move forwards the next-
generation Internetworking environment. Not only does the
health information system architecture must be secure and
resilient, but also the overall health information systems
must be operated adequately protected from cyber-attacks in
the next-generation Internetworking environment. Future
work will be continuing on the setting a high level of
information assurance in the establishment and maintenance
of both current and future large-scale health information
systems, with the ultimate goals of maximum sustainability,
flexibility, performance, manageability, and ease-of-use.
REFERENCE
[1] Australian Department of Health and Ageing, "Concept of
Operations: Relating to the introduction of a Personally Controlled
Electronic Health Record System," ed. Canberra: National E-Health
Transition Authority Ltd, 2011.
[2] C. Adams and S. Lloyd, Understanding PKI: concepts, standards,
deployment and consideratiions, Second ed. Boston: Person
Education, Inc., 2002.
[3] B. Blobel, "The European TrustHealth Project experiences with
implementing a security infrastructure," International Journal of
Medical Informatics, vol. 60, 2000.
[4] M. Tsiknakis, D. Katehakis, and S. C. Orphanoudakis, "A health
information infrastructure enabling secure access to the life-long
multimedia electronic health record," 2004, pp. 289-294.
352
[5] B. Blobel, P. Pharow, V. Spiegel, K. Engel, and R. Engelbrecht,
"Securing interoperability between chip card based medical
information systems and health networks," International Journal of
Medical Informatics, vol. 64, pp. pp. 401-415, 2001.
[6] J. Hu, H.-H. Chen, and T.-W. Hou, "A hybrid public key
infrastructure solution (HPKI) for HIPAA privacy/security
regulations," Computer Standards & Interfaces, vol. 32, pp. pp. 274-
280, 2010.
[7] H. Takeda, Y. Matsumura, S. Kuwata, H. Nakano, J. Shanmai, Z.
Qiyan, C. Yufen, H. Kusuoka, and M. Matsuoka, "An assessment of
PKI and networked electronic patient record system: lessons learned
from real patient data exchange at the platform of OCHIS (Osaka
Community Healthcare Information System)," International Journal
of Medical Informatics, vol. 73, pp. 311-316, 2004.
[8] K.A. Stroetmann and S. Lilischkis. (2007, eHealth Strategy and
Implementation Activities in Germany. Available:
http://www.ehealthera.org/database/documents/ERA_Reports/Germa
ny_eHERA Country_Report_final_30-06-2007.pdf
[9] E. Faldella and M. Prandini, "A novel approach to on-line status
authentication of public-key certificates," in Computer Security
Applications, 2000. ACSAC '00. 16th Annual Conference, 2000, pp.
270-277.
[10] P. Gutmann, "A reliable, scalable general-purpose certificate store,"
in Computer Security Applications, 2000. ACSAC '00. 16th Annual
Conference, 2000, pp. 278-287.
[11] E. Faldella and M. Prandini, "A flexible scheme for on-line public-
key certificate status updating and verification," in Computers and
Communications, 2002. Proceedings. ISCC 2002. Seventh
International Symposium on, 2002, pp. 891-898.
[12] H. Leitold, A. Hollosi, and R. Posch, "Security architecture of the
Austrian citizen card concept," in Computer Security Applications
Conference, 2002. Proceedings. 18th Annual, 2002, pp. 391-400.
[13] A. Slagell, R. Bonilla, and W. Yurcik, "A survey of PKI components
and scalability issues," in Performance, Computing, and
Communications Conference, 2006. IPCCC 2006. 25th IEEE
International, 2006, pp. 10 pp.-484.
[14] N. Zhongying, Z. Ke, J. Hong, Y. Tianming, and Y. Wei,
"Identification and Authentication in Large-Scale Storage Systems,"
in Networking, Architecture, and Storage, 2009. NAS 2009. IEEE
International Conference on, 2009, pp. 421-427.
[15] S. Micali, "Efficient certificate revocation," Citeseer1996.
[16] P. Kocher, "A quick introduction to Certificate Revocation Trees,"
1998.
[17] C. Adams and R. Zuccherato, "A general, flexible approach to
certificate revocation," Entrust Technologies White Paper, 1998.
[18] The Internet Society, "X.509 Internet Public Key Infrastructure
Online Certificate Status Protocol - OCSP," ed: IETF,, 1999.
[19] M. Naor and K. Nissim, "Certificate revocation and certificate
update," Selected Areas in Communications, IEEE Journal on, vol.
18, pp. 561-570, 2000.
[20] D. A. Cooper, "A more efficient use of delta-CRLs," in Security and
Privacy, 2000. S&P 2000. Proceedings. 2000 IEEE Symposium on,
2000, pp. 190-202.
[21] W. Diffie and M. Hellman, "New directions in cryptography,"
Information Theory, IEEE Transactions, vol. 22, pp. 644-654, 1976.
[22] S. Berkovits, S. Chokhani, J. Furlong, J. Geiter, J. Guild, N. I. O.
STANDARDS, and T. G. MD, "Public Key Infrastructure Study:
Final Report," National Institute of Standards and TechnologyApril
1994.