Pki-based System Management∗

نویسندگان

  • Diana Berbecaru
  • Antonio Lioy
  • Marius Marian
چکیده

This article deals with the deployment of a secure IT infrastructure on a company-wide basis. This means to be able to provide secure network services to the users, independent of their physical location: on-site (via LAN) or off-site (via WAN or an external ISP). The security solution is based on the usage of X.509 certificates to perform authentication both of the users and the network’s nodes/services. The corresponding private key can be stored either on a smart-card (for mobile users) or on a secure workstation (for users that always access the services from the same workstation). Authorization can be managed either via an LDAP directory that stores users’ profiles and rights, or via attribute certificates issued directly by the managers of the services. The system will support security at two main levels: application-level, via SSL channels or S/MIME messages, and networklevel, via IPsec. Moreover, the infrastructure is conceived with flexibility as a primary goal. This derives from the fact that the infrastructure will also incoporate advanced security services based on new or forthcoming protocols such as online certificate status protocol (OCSP), time stamping protocol (TSP), and to provide common framework for secure electronic documents based on the EESSI (European electronic signature standard initiative) standard formats.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The Construction of a Public Key Infrastructure for Healthcare Information Networks in Japan

The digital signature is a key technology in the forthcoming Internet society for electronic healthcare as well as for electronic commerce. Efficient exchanges of authorized information with a digital signature in healthcare information networks require a construction of a public key infrastructure (PKI). In order to introduce a PKI to healthcare information networks in Japan, we proposed a dev...

متن کامل

A Knowledge Management Framework for Security Assessment in a Multi Agent PKI-based Networking Environment

This paper deals with one of the probably most challenging and, in our opinion, little addressed question that can be found in Information Security Management today, that of the methodological design of a Multi-Agent PKI-based Networking Environment. It relies on three important notions: (1) independence from the implementation techniques; (2) definition of a Multi-Agent System as a set of thre...

متن کامل

Securing the Networked e-Business Throughout an Internet Distributed Organization

This paper explores an Internet-based VPN solution, built upon IPSec, which combines tunneling with PKI authentication and encryption. To protect the valuable company resources, an efficient intrusion/misuse detection and response system was incorporated into deployed security solution. This approach enabled a large-scale customer provide their global e-business safely. As a result, an integrat...

متن کامل

An ID-based Proxy Authentication Protocol Supporting Public Key Infrastructure

The advantage of the ID-based authentication protocols over public-key based protocols is that authentication can be performed by simply knowing the identity of a party. Meanwhile, Public Key Infrastructure (PKI) provides a suite of excellent security and user management mechanisms that can be easily deployed to the Internet. In this paper, we present an ID-based proxy authentication protocol t...

متن کامل

Reducing the Dependence of Trust-Management Systems on PKI

Trust-management systems address the authorization problem in distributed systems by defining a formal language for expressing authorization and access-control policies, and relying on an algorithm to determine when a specific request can be granted. For authorization in distributed systems, trustmanagement systems offer several advantages over other approaches, such as support for delegation a...

متن کامل

Certificate Management Protocols

This document describes the Internet X.509 Public Key Infrastructure (PKI) Certificate Management Protocols. Protocol messages are defined for all relevant aspects of certificate creation and management. Note that "certificate" in this document refers to an X.509v3 Certificate as defined in [COR95, X509-AM]. The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "M...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2001