Enrollment messages and responses may be transferred between clients and servers using file-system-based mechanisms, such as when enrollment is performed for an off-line client. When files are used to transport binary, Full PKI Request or Full PKI Response messages, there MUST be only one instance of a request or response message in a single file. The following file type extensions SHOULD be used:

Often, the main motivation for using PKI in business environments is to streamline workflow, by enabling humans to digitally sign electronic documents, instead of manually signing paper ones. However, this application fails if adversaries can construct electronic documents whose viewed contents can change in useful ways, without invalidating the digital signature. In this paper, we examine the ...

The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability. We use threshold crypt...

This article deals with the deployment of a secure IT infrastructure on a company-wide basis. This means to be able to provide secure network services to the users, independent of their physical location: on-site (via LAN) or off-site (via WAN or an external ISP). The security solution is based on the usage of X.509 certificates to perform authentication both of the users and the network’s node...

INTRODUCTION In the recent history of information protection, there has been an ongoing parade of technologies that loudly promise new and total solutions but frequently do not make it past the reviewing stand. In some cases, they break down completely at the start of the march. In others, they end up turning down a side street. Is Public Key Infrastructure (PKI) just another gaudy float behind...

In Public Key Infrastructures (PKIs), trusted Certification Authorities (CAs) issue public key certificates which bind public keys to the identities of their owners. This enables the authentication of public keys which is a basic prerequisite for the use of digital signatures and public key encryption. These in turn are enablers for ebusiness, e-government and many other applications, because t...

With the development of cloud services and Internet Things, integration heterogeneous systems is becoming increasingly complex. Identity management important in coordination various systems, public key infrastructure (PKI) widely known as an identity methods. In PKI, a certificate authority (CA) acts trust point to guarantee entities such users, devices, services. However, traditional CAs that ...

In this paper we present a new approach for the conventional X.509 Public Key Infrastructures (PKI). Our goal is to reduce the effort to handle signatures in the long term. The novelty is that a Root CA reissues subordinate certificates of final users, but adjusting validity periods to exclude the periods after a revocation. The Root CA also authenticates timestamps. The result is the cleaned P...

Trust is essential to a communication channel. The trust relationships, which play an important role in Public Key Infrastructures (PKIs), need to be formalized for providing a reliable modelling methodology to support secure digital communications. In this paper, we present a typed modal logic used for specifying and reasoning about trust in PKIs. In order to study trust relationships within P...