The security-mediated approach to PKI offers several advantages, such as instant revocation and compatibility with standard RSA tools. In this paper, we present a design and prototype that addresses its trust and scalability problems. We use trusted computing platforms linked with peer-to-peer networks to create a network of trustworthy mediators and improve availability. We use threshold crypt...

This article deals with the deployment of a secure IT infrastructure on a company-wide basis. This means to be able to provide secure network services to the users, independent of their physical location: on-site (via LAN) or off-site (via WAN or an external ISP). The security solution is based on the usage of X.509 certificates to perform authentication both of the users and the network’s node...

INTRODUCTION In the recent history of information protection, there has been an ongoing parade of technologies that loudly promise new and total solutions but frequently do not make it past the reviewing stand. In some cases, they break down completely at the start of the march. In others, they end up turning down a side street. Is Public Key Infrastructure (PKI) just another gaudy float behind...

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH pr...

With the development of cloud services and Internet Things, integration heterogeneous systems is becoming increasingly complex. Identity management important in coordination various systems, public key infrastructure (PKI) widely known as an identity methods. In PKI, a certificate authority (CA) acts trust point to guarantee entities such users, devices, services. However, traditional CAs that ...

In this paper we present a new approach for the conventional X.509 Public Key Infrastructures (PKI). Our goal is to reduce the effort to handle signatures in the long term. The novelty is that a Root CA reissues subordinate certificates of final users, but adjusting validity periods to exclude the periods after a revocation. The Root CA also authenticates timestamps. The result is the cleaned P...

Trust is essential to a communication channel. The trust relationships, which play an important role in Public Key Infrastructures (PKIs), need to be formalized for providing a reliable modelling methodology to support secure digital communications. In this paper, we present a typed modal logic used for specifying and reasoning about trust in PKIs. In order to study trust relationships within P...

In theory, PKI can provide a flexible and strong way to authenticate users in distributed information systems. In practice, much is being invested in realizing this vision via tools such as client-side SSL and browser-based keystores. Exploring this vision, we demonstrate that browsers will use personal certificates to authenticate requests that the person neither knew of nor approved (in some ...

Despite enthusiastic predictions in the trade press, an X.509-style PKI has so far failed to eventuate to any significant degree. This paper looks at some of the reasons behind this, examining why a pure X.509-style PKI may never appear outside a few closed, highly-controlled environments such as government agencies. On the other hand there are many instances in which situationand application-s...