摘要 |
A public key infrastructure (PKI) (30) includes a subject (34), a verifier (36), and certificate authority (32) that issues a first unsigned certificate (60) to the subject that binds a public key (62) of the subject to long-term identification information (63) related to the subject and maintains a certificate database (40) of unsigned certificates in which it stores the first unsigned certificate. The verifier maintains a hash table (42) containing cryptographic hashes of valid unsigned certificates corresponding to the unsigned certificates stored in the certificate database and including a cryptographic hash of the first unsigned certificate. The subject presents the issued first unsigned certificate to the verifier for authentication and demonstrates that the subject has knowledge of a private key corresponding to the public key (46) in the unsigned certificate. <IMAGE> |