Millions of citizens around the world have already acquired their new electronic passport. The e-passport is equipped with contactless communication capability, as well as with an Integrated Circuit Chip enabling cryptographic functionality. Countries are required to build a national Public Key Infrastructure to support digital signatures, as this is considered the basic mechanism to prove the ...

PKI researchers keep producing applications that use publickey cryptography to enable human users (and service providers) to make effective trust judgments across organizational boundaries. However, too often, when we look closely, these judgments are unfounded; a moderately malicious adversary can often defeat the system. This position paper posits that this problem is endemic to current effor...

This document defines the means by which PKI clients and servers may exchange PKI messages when using the Cryptographic Message Syntax [CMS] as a transaction envelope. It extends concepts established in the draft [CRS] version of this material by accommodating external specification of message bodies in the Certificate Management Message Formats [CMMF] and Certificate Request Message Format [CR...

The Internet Key Exchange (IKE) and Public Key Infrastructure for X.509 (PKIX) certificate profile both provide frameworks that must be profiled for use in a given application. This document provides a profile of IKE and PKIX that defines the requirements for using PKI technology in the context of IKE/IPsec. The document complements protocol specifications such as IKEv1 and IKEv2, which assume ...

Visa 3-D Secure is an e-payment system based on the integration of SSL/TLS with the three-domain architecture. It employs cryptographic techniques to secure communication links among participants in e-commerce transactions and also provides credit card verification via Visa Secure Server. Although several security vulnerabilities can be addressed, spoofing attacks are still effective and can be...

E-businesses are searching for ways to provide both cost effective and secure communication services. Internet, which is the primary medium for conducting e-business, is by its nature, an open, heterogeneous, non secure medium. Reports show that the ellipsis of trust in transaction security is the major reason why consumers are dubious to shop online and in expansion, unwilling to adopt an elec...

The Server-Based Certificate Validation Protocol allows PKI clients to delegate to a server the construction or validation of certification paths. The protocol’s specification focuses on the communication between the server and the client and its security. It does not discuss how the servers can efficiently locate the necessary PKI resources like certificate or certificate revocation lists. In ...