Your search keyword '"X.509"' showing total 7 results

1. Design and implementation of a public key-based group collaboration system

Author

Dwaine Clarke

Subjects

Password, Authentication, Revocation list, Public key certificate, Database, Revocation, Delegation, Computer Networks and Communications, Computer science, business.industry, media_common.quotation_subject, Authorization, Access control, Cryptography, computer.software_genre, Computer security, Certificate, X.509, Public-key cryptography, Authorization certificate, Certificate authority, business, computer, Access control list, media_common

Abstract

We present PubKey-Wiki, a public key-based wiki group collaboration system. PubKey-Wiki allows users to authenticate themselves using public-key cryptography and gain authorizations using digital certificates. By using public key-based user authentication, users' passwords are not sent across the network and are not stored on the web server's host machine. Using digital certificates to authorize users to access protected files facilitates delegation of authority and simpler access control list (ACL) management, and allows the ability of a user to pass authorizations onto other users without needing to connect to the wiki's server. The paper introduces a new approach to revocation in which revocation of certificates and revocation of public keys are handled separately and take effect immediately. The paper also introduces an algorithm, CertClosure, that computes the transitive closure of a set of certificates that contain authorization information. When a user adds or removes a certificate from his certificate directory in PubKey-Wiki, PubKey-Wiki uses the CertClosure algorithm to derive authorization rules. PubKey-Wiki stores these authorization rules in a lookup table where they can be easily referenced. When a user tries to access a protected file, PubKey-Wiki looks up and uses the relevant authorization rules to efficiently make an access control decision.

Published

2011

2. Evaluation of certificate validation mechanisms

Author

Silke Holtmanns, T. Perlines Hormann, and Konrad Wrona

Subjects

Public key certificate, Computer Networks and Communications, Computer science, computer.internet_protocol, media_common.quotation_subject, OCSP stapling, computer.software_genre, Computer security, Certificate signing request, X.509, Public-key cryptography, Certificate authority, Key management, media_common, Revocation list, Database, Delegation, Certificate policy, business.industry, Public key infrastructure, Certificate, Chain of trust, XKMS, Authorization certificate, Certification path validation algorithm, Root certificate, Online Certificate Status Protocol, business, computer, Certificate Management over CMS

Abstract

In this article we evaluate different certificate validation mechanisms to be possibly used within the Wireless Public Key Infrastructure (W-PKI). An implementation of a standard compliant signed content application offering full PKI functionality served as means for evaluating different mechanisms. We compared short-lived certificates, Certificate Revocation Lists (CRLs), the Online Certificate Status Protocol (OCSP) and the XML Key Management Specification (XKMS) with regard to security, interoperability, complexity and performance in terms of size and scalability. The evaluation has lead to propose OCSP for delegated certificate validation. It has to be pointed out though, that OCSP should be enhanced with full delegation capabilities, such as the ones offered by XKMS.

Published

2006

3. ADoCSI: towards a transparent mechanism for disseminating Certificate Status Information

Author

John Iliadis, Dimitris Gritzalis, and Stefanos Gritzalis

Subjects

Revocation list, Public key certificate, ComputingMilieux_THECOMPUTINGPROFESSION, Computer Networks and Communications, computer.internet_protocol, business.industry, Computer science, Certificate policy, Internet privacy, Certificate Management Protocol, Self-signed certificate, Certificate, Chain of trust, Intermediate certificate authorities, Certificate signing request, X.509, Authorization certificate, Certification path validation algorithm, Root certificate, Certification Practice Statement, Certificate authority, Online Certificate Status Protocol, business, computer, Implicit certificate

Abstract

Several mechanisms have been proposed for disseminating information regarding the status of a digital certificate, each one with its own advantages and disadvantages. We believe that what is still missing from such mechanisms is transparency. A user should not need to comprehend the mechanics of such mechanisms in order to verify a certificate. In this paper, we present a mechanism called Alternative mechanism for the Dissemination of Certificate Status Information that supports transparency in disseminating Certificate Status Information.

Published

2003

4. Towards a framework for evaluating certificate status information mechanisms

Author

D. De Cock, Bart Preneel, Dimitris Gritzalis, Diomidis Spinellis, John Iliadis, and Stefanos Gritzalis

Subjects

Public key certificate, Knowledge management, Computer Networks and Communications, computer.internet_protocol, Computer science, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Self-signed certificate, X.509, Certificate signing request, Certificate authority, Revocation list, business.industry, Certificate policy, Certificate Management Protocol, Certificate, Intermediate certificate authorities, Authorization certificate, Root certificate, Certification path validation algorithm, Certification Practice Statement, Online Certificate Status Protocol, business, computer, Implicit certificate

Abstract

A wide spectrum of certificate revocation mechanisms is currently in use. A number of them have been proposed by standardisation bodies, while some others have originated from academic or private institutions. What is still missing is a systematic and robust framework for the sound evaluation of these mechanisms. We present a mechanism-neutral framework for the evaluation of certificate status information (CSI) mechanisms. These mechanisms collect, process and distribute CSI. A detailed demonstration of its exploitation is also provided. The demonstration is mainly based on the evaluation of Certificate Revocation Lists, as well as of the Online Certificate Status Protocol. Other well-known CSI mechanisms are also mentioned for completeness.

Published

2003

5. Virtual certificates and synthetic certificates: new paradigms for improving public key validation

Author

Selwyn Russell, Eiji Okamoto, Javier Lopez, and Ed Dawson

Subjects

Public key certificate, Computer Networks and Communications, computer.internet_protocol, Computer science, Certification, Self-signed certificate, Computer security, computer.software_genre, Public-key cryptography, Certificate signing request, X.509, Digital signature, Certificate authority, Revocation list, Revocation, business.industry, Certificate policy, Public key infrastructure, Certificate, Intermediate certificate authorities, Chain of trust, Authorization certificate, Certification path validation algorithm, Root certificate, Certification Practice Statement, Online Certificate Status Protocol, business, computer, Implicit certificate

Abstract

The certificate paradigm is applied recursively to obtain the public keys of a number of Certification Authorities and, accordingly, to obtain the public keys of a number of final entities. Thus, validation of the authorized public key of a party in a network transaction is commonly based on processing the certificate chain descended from a trusted root issuer, involving non-negligible time and cost. Those chains become long in communications between large organizations, which is the typical case of e-commerce and e-government applications. The process of validation of extensive chains introduces performance problems in two aspects: signature verification and revocation checking. That is, the repeated processing of long chains of certificates creates severe efficiency problems. This fact causes that most of the advantages provided by Public Key Infrastructures (PKIs) are not conveniently exploited. In this paper we analyze the scenarios in which large volumes of digitally signed transactions between commercial entities exist. These cases require of interoperation among PKIs. We show that solutions available in those scenarios still involve processing of too long chains of certificates, either at the receiving computer or by an outsourced entity. For this reason, we propose new concepts of virtual certificate and synthetic certificate for faster and less costly processing of certificate chains. In this way, communications in a certificate-based intercommunity can be highly improved. We also show how these types of certificates can be applied in practice.

Published

2003

6. Technological infrastructure for PKI and digital certification

Author

Ray Hunt

Subjects

Public key certificate, Computer Networks and Communications, Computer science, business.industry, computer.internet_protocol, Certificate policy, Public key infrastructure, Certification, Encryption, Computer security, computer.software_genre, X.509, Diffie–Hellman key exchange, Public-key cryptography, Digital signature, IPsec, Certificate authority, Key (cryptography), business, Key management, computer

Abstract

Secure E-Commerce and VPN technology is only possible with the use of appropriate security systems such as encryption, digital signatures, digital certificates, public/private key pairs, non-repudiation, and time-stamping. A PKI comprises a system of certificates, certificate authorities, subjects, relying partners, registration authorities, and key repositories that provide for safe and reliable E-business. This paper discusses these key technologies focusing particularly on recent standardisation as well as looking at some of the criticism and challenges to its widespread operation in the industry.

Published

2001

7. A formalisation and evaluation of certificate policies

Author

B Jerman-Blaič and Tomaž Klobučar

Subjects

Public key certificate, Process management, Computer Networks and Communications, Computer science, Certification, Self-signed certificate, Computer security, computer.software_genre, Certificate signing request, Public-key cryptography, X.509, Web of trust, Certificate authority, Revocation list, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, Certificate policy, Certificate, Chain of trust, Authorization certificate, Certification path validation algorithm, Certification Practice Statement, Root certificate, business, Implicit certificate, computer

Abstract

Certificate policies play a central role in public key infrastructures, since they are the basis for the evaluation of trust in binding between a key and a subject in a public key certificate. The absence of common ways of formally specifying details of policies is a source of difficulty in the operation of global public key infrastructures. In this paper, the problem of the formalisation of certificate policies is discussed and a format for their formal presentation is proposed. Results from the formatting and comparison of existing certificate policies from several well-known certification authorities are also presented.

Published

1999