Binding Identities and Attributes using Digitally Signed Certificates
نویسندگان
چکیده
A certificate is digitally signed by a certificate authority (CA) to confirm that the information in the certificate is valid and belongs to the subject. Certificate users can verify the integrity and validity of a certificate by checking the issuing CA’s digital signature in the certificate and, if necessary, chasing certificate chain and revocation lists. Usually, we use certificates to provide the integrity of identity or attribute information of the subject. Attributes must be coupled with the corresponding identities. In this paper, we introduce comprehensive approaches to bind identity and attribute certificates, identifying three different techniques: monolithic, autonomic, and chained signatures. We describe each technique and analyze the relative advantages and disadvantages of each.
منابع مشابه
Certificate-based Access Control for Widely Distributed Resources
We have implemented and deployed an access control mechanism that uses digitally-signed certificates to define and enforce an access policy for a set of distributed resources that have multiple, independent and geographically dispersed stakeholders. The stakeholders assert their access requirements in use-condition certificates and designate those trusted to attest to the corresponding user att...
متن کاملAttribute-Based Credentials for Trust (ABC4Trust)
The rapid growth of communication infrastructures and enterprise software solutions has caused electronic services to penetrate into our everyday life. So it is not far from reality that many personal and trust-sensitive transactions happen online. In this regard, one of the biggest challenges to deal with will be proper user authentication and access control, as strong authentication and autho...
متن کاملDetermining Privileges of Mobile Agents
This paper describes a method for controlling the behavior of mobile agent-system entities through the allocation of privileges. Privileges refer to policy rules that govern the access and use of computational resources and services by mobile agents. Our method is based on extending the platform processing environment, using the capabilities present in most mobile agent systems, and applying tw...
متن کاملBamboozling Certificate Authorities with BGP
The Public Key Infrastructure (PKI) protects users from malicious man-in-the-middle attacks by having trusted Certificate Authorities (CAs) vouch for the identity of servers on the internet through digitally signed certificates. Ironically, the mechanism CAs use to issue certificates is itself vulnerable to man-in-the-middle attacks by network-level adversaries. Autonomous Systems (ASes) can ex...
متن کاملSecurity and Trust of Public Key Cryptography for HIP and HIP Multicast
Host Identity Protocol (HIP) gives cryptographically verifiable identities to hosts. These identities are based on public key cryptography and consist of public and private keys. Public keys can be stored, together with corresponding IP addresses, in DNS servers. When entities are negotiating on a HIP connection, messages are signed with private keys and verified with public keys. Even if this ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000