Jun 21, 2018

Once upon a time there was a big company. A real big player. It offered almost everything: from nuclear reactors all the way to washing machines. Well, admittedly the nuclear reactors currently don’t sell so well and the washing machine sector has just been sold. But for our story, this is not so important.

The big player had a little problem. Because it was so big. Every workday’s morning, when about three hundred thousand employees tried to log on with their personal chip cards between 8.00 am and 9.00 am, they had to wait. And wait. And wait.

This was because the encrypted certificate stored on the personal chip cards had to be verified as well as up-to-dated and validated in the logon-process. Moreover, because numerous communication processes were secured by certificates in this big company, several million requests for certificate verification had to be processed every day. In this process, the respective authenticity and validity were compared to so-called certificate revocation lists. With our big player, these revocation lists comprised all certificates ever issued since the chip cards had been implemented in the 1990s. And with each entry, the lists got longer and longer…

But then, a comparatively small company had a great idea: an OCSP server entity was implemented. Opposite to revocation lists, the Online Certificate Status Protocol (OCSP) is able to authenticate certificate validities. That means there is no negative comparison – instead the system evaluates the validity of specific certificates at the time of the authentication query. This is not only a much faster but also a significantly more up-to-date and thus more reliable process. While revocation lists are updated in intervals so-called OCSP-responders provide up-to-the-second revocation information. Furthermore, all responder responses are signed digitally, i.e. the client can check them for authenticity and genuineness. Moreover, OCSP also simplified and accelerated the transmission of software updates to sensors, machinery and complete plants.

The big player doesn’t want its name to be mentioned. What a pity – they did the perfectly right thing. The small company, what a surprise, is KOBIL. And the solution is called KOBIL Trust OCSP. Learn more about it:


Thomas Siegner