GSI (Grid Security Infrastructure) provides the security in grids that it is using proxy certificates to delegate the work of authentication. At present, revocation proxy certificate has two kinds of methods, one is using CRL (Certificate Revocation List) and the other is giving the certificate a short period of validity. However, when lots of certifications will be revoked, CRL will be the burden in the system. If the certificate has a short period of validity, entities should be often updating the certificate. Furthermore, according to the requirements of delegation, proxy certificate has a shortcoming. The proxy certificate holder can not issue his own identity, and prove that he is a legal entity. Therefore, this scheme can not satisfy the security requirements of nonrepudiation and known signer in grids. In this thesis, we propose two schemes to solve proxy certificate revocation and the security requirements of nonrepudiation and known signer in grids. (1) Using proxy signature can satisfy nonrepudiation and known signer. Therefore, our scheme can more efficient and flexible for delegation in grids. (2) Using hash tree for proxy certificate revocation. Our scheme only compares hash values, to achieve the purpose of certificate revocation. Previous two schemes have to wait the expiration of the certificate.
