Analysis on Certificate Validation mechanisms in Public Key Infrastructure

A Public Key Infrastructure (PKI) facilitates security services in an internet application and enables the identification and distribution of public encryption keys. It ensures users to securely exchange data over networks. Any form of sensitive data exchanged over the Internet depends upon PKI for security. The purpose of a PKI is to provide secure, convenient and efficient acquisition of public key. It helps to maintain a trustworthy environment in key and certificate management. In PKI the certificate validation is done in two ways: (1) Certificate Revocation List (CRL) and (2) Online Certificate Status Protocol (OCSP). The CRL maintains a list of revoked certificates that are issued and maintained by Certificate Authority (CA) in offline. But the OCSP enables real ? time revocation status check in online for huge volume of operation. The mechanism to check the revoked certificates may occur for several reasons and to deny the unauthorized access. The revoked certificate is no longer trusted by the end ? entities. The investigation on Certificate Validation Mechanisms is done to identify the drawbacks in validation mechanisms and to enhance such validation mechanisms in such a way that it is in more efficient and suitable to the latest computing infrastructures.