Carl M. Ellison scite author profile

SPKI/SDSI is a novel public-key infrastructure emphasizing naming, groups, ease-of-use, and flexible authorization. To access a protected resource, a client must present to the server a proof that the client is authorized; this proof takes the form of a "certificate chain" proving that the client's public key is in one of the groups on the resource's ACL, or that the client's public key has been delegated authority (in one or more stages) from a key in one of the groups on the resource's ACL. While finding such a chain can be nontrivial, due to the flexible naming and delegation capabilities of SPKI/SDSI certificates, we present a practical and efficient algorithm for this problem of "certificate chain discovery". We also present a tight worst-case bound on its running time, which is polynomial in the length of its input. We also present an extension of our algorithm that is capable of handling "threshold subjects", where several principals are required to co-sign a request to access a protected resource.

show abstract

Protecting secret keys with personal entropy

Ellison¹,

Hall²,

Milbert

et al. 2000

Future Generation Computer Systems

View full text Add to dashboard Cite

The nature of a useable PKI

Ellison

1999

Computer Networks

View full text Add to dashboard Cite

Public-key support for group collaboration

Ellison

Dohrmann

2003

ACM Trans. Inf. Syst. Secur.

View full text Add to dashboard Cite

This paper characterizes the security of group collaboration as being a product not merely of cryptographic algorithms and coding practices, but also of the man-machine process of group creation. We show that traditional security mechanisms do not properly address the needs of a secured collaboration and present a research prototype, called NGC (next generation collaboration), that was designed to meet those needs. NGC distinguishes itself in the care with which the man-machine process was analyzed and shaped to improve the security of the whole process. We include a detailed analysis of the problem of binding a name to a key, traditionally thought to be the province of PKI, but we show that the SDSI local name concept produces a result with superior security to that produced by standard PKI.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Carl M. Ellison

SPKI Certificate Theory

Certificate chain discovery in SPKI/SDSI

Protecting secret keys with personal entropy

The nature of a useable PKI

Public-key support for group collaboration

Contact Info

Product

Resources

About