N.V. Baranov

The basic value of the Certification Authority is being a trusted party during electronic interaction, which leads to the necessity of performing two important functions. The first is to guarantee that the digital signature certificate contains valid data. The second function is to maintain a list of revocation. It contains serial numbers of certificates issued by CA which can no longer be trusted are published. While performing these functions, a large CA faces certain difficulties. For example let-s consider an SKB Kontur-s CA - the largest commercial Certification Authority in Russia producing e-signature certificates. Complex aspects of work: 1. Time. According to the requirements of information systems, CA must inform about the fact of revocation not later than 30 minutes. CA SKB Kontur has a large amount of production of e-signature certificates, that-s why revocation of e-signature is a permanent process, continuing every time of day. 2. The volume of information. To give to the information systems an opportunity to download regularly the CRL, CA SKB Kontur has built an inside structure, which consists of 38 certification centers. Each of them takes a part from the complete list of revocation, and information systems load only the required data, classified, for example, by the date of issuance of the certificate. 3. Reliability. According to PKI standards if there is no accessible valid CRL, all certificates issued by the CA lose their trust. The necessity to update the CRL constantly, to ensure its relevance and accessibility requires uninterrupted service of equipment. 4. Safety. A number of measures are taken to ensure the safety of the root certificate, because if it is discredited the CA will have to reissue all issued certificates. 5. Documents processing. To optimize the documents processing at the Certification Authority specialists of CA SKB Kontur developed a special information system that allows to reduce the scan time even of the most complex sets of documents from 30 to 3-5 minutes. 6. Unstable workload. In CA there is such a notion as a seasonal peak loads. In some months the number of requests for certificates increases at 10 times