Digital certificate management: Optimal pricing and CRL releasing strategies

摘要

The fast growth of e-commerce and online activities places increasing needs for authentication and secure communication to enable information exchange and online transactions. The public key infrastructure (PKI) provides a promising foundation for meeting such demand, in which certificate authorities (CAs) provide digital certificates. In practice, it is critical to understand consumer purchasing and revocation behaviors so that CAs can better manage the digital certificates and its CRL releasing process. To address this problem, we analytically model a CA’s pricing and revocation releasing strategies taking into consideration the users' rational decisions. The model provides solutions two main research questions: (1) How should the CA price the digital certificates? The the price of the digital certificate should be determined by the expected losses of the user’s IT system, and the number of certificate revocations per period is expected to decrease over time during the lifecycle of the certificate. This result is supported by the empirical data from VeriSign. (2) How should the CA we further propose a dynamic CRL releasing policy that suggests that the optimal releasing intervals within the lifecycle of a certificate should increase over time.