Internet X.509 Public Key Infrastructure Certificate and CRL Profile

Housley, Russ; Ford, Warwick; Polk, William T.; Solo, D.

doi:10.17487/rfc2459

Cited by 661 publications

(411 citation statements)

References 12 publications

Supporting

Mentioning

397

Contrasting

Unclassified

Order By: Relevance

“…Also, certification path verifiers must be able to cope with the topologies that arenot entirely hierarchical. Moreover, compromise of the root private key is catastrophic because every certification path is compromised and recovery requires secure "out-of-band" distribution of the new public key to every user [1][2][3][4].…”

Section: Digital Signatorementioning

confidence: 99%

See 1 more Smart Citation

A New Digital Signature and Certificate Architecture with Shortest Certification Path

Song

Youn

Lee

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The existing certificate architecture has two problems in terms of security and authentication. One is that there exists some possibility of certificate forgery by exploiting the collision problern associated with the hash algorithm used for signing. The other is that certification path complicates user authentication because it increases according to the distance between communicating users. In this paper we propose a new digital signature scheme and certificate architecture that solve the problems. It is achieved by using two-public key cryptography and a new certificate architecture. The proposed approach can be used without reconstructing the structure of the existing PKI system and always allows a certification path whose length is I regardless of the distance between the users. This is because each user confirms only the digital signature of root CA in the combined hierarchical-network infrastructure.

show abstract

Section: Digital Signatorementioning

confidence: 99%

“…This problern may complicate user authentication and give vexation to the users. 4 The Proposed Certificate Architecture W e have explained vulnerability of PKI. This section proposes a new digital signature scheme and certificate architecture solving the problem.…”

Section: Certification Pathmentioning

confidence: 99%

A New Digital Signature and Certificate Architecture with Shortest Certification Path

Song

Youn

Lee

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Proxy cryptography is affected by such delays, and indeed, while the literature already gives several provablysecure schemes enjoying many features and reasonable efficiency, almost nothing of it is actually used in the real world. This is in large part a consequence of the long distance between the requirements of proxy cryptography (e.g., system parameters, cryptographic operations) and the currently used technologies (e.g., PKIX [1], Smart Cards). It is therefore urgent to provide mechanisms that allow delegation of signatures using current standard technologies only.…”

Section: Introductionmentioning

confidence: 99%

Proxy Smart Card Systems

Cattaneo

Faruolo

Palazzo³

et al. 2010

Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices

View full text Add to dashboard Cite

Abstract. The established legal value of digital signatures and the growing availability of identity-based digital services are progressively extending the use of smart cards to all citizens, opening new challenging scenarios. Among them, motivated by concrete applications, secure and practical delegation of digital signatures is becoming more and more critical. Unfortunately, secure delegation systems proposed so far (e.g., proxy signatures) include various drawbacks for any practical system.In this work we put forth the notion of a "Proxy Smart Card System", a distributed system that allows a smart card owner to delegate part of its computations (e.g., signatures of messages) to remote users. We stress the problematic aspects concerning the use of known proxycryptography schemes in synergy with current standard technologies. This in turn motivates the need of proxy smart card systems. Then we formalize the security and functional requirements of a proxy smart card system, identifying the involved parties, the adversary model and the usability properties. Finally, we present the design and analysis of a proxy smart card system which outperforms the current state of the art.

show abstract

“…Recipients of a certificate can thus verify whether an authority is part of a specific hierarchy but also whether the policy used by the authority satisfies their requirements. This is possible in so-called policy-based PKIs [13], but the policies included in certificates are still decided by the authorities, not the users.…”

Section: Introductionmentioning

confidence: 99%

PAES: Policy-Based Authority Evaluation Scheme

Scalavino

Gowadia

Lupu

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Enterprise Rights Management (ERM) systems aim to protect disseminated data even after it has been sent to remote locations. Existing systems are based on common components, have similar functionalities and often have two shortcomings: a centralised architecture and a lack of concern for the trust and privacy of data recipients. To access the data, recipients must present their credentials to a policy evaluation authority, which they cannot choose and may not trust. Furthermore, recipients may be unable to access the data if their connection is intermittent or if they are off-line. To address these limitations, we propose PAES: a Policy-based Authority Evaluation Scheme, which combines data protection with a distributed policy evaluation protocol. The result allows us to implement the sticky policies paradigm in combination with trust management techniques. This permits distributing policy evaluation over a flexible set of authorities, simultaneously increasing the resilience of policy enforcement.

show abstract

Internet X.509 Public Key Infrastructure Certificate and CRL Profile

Cited by 661 publications

References 12 publications

A New Digital Signature and Certificate Architecture with Shortest Certification Path

A New Digital Signature and Certificate Architecture with Shortest Certification Path

Proxy Smart Card Systems

PAES: Policy-Based Authority Evaluation Scheme

Contact Info

Product

Resources

About