Download Smart Certificates - Prof. Ravi Sandhu

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

URL redirection wikipedia , lookup

Transcript 
Smart Certificates:
Extending X.509 for Secure
Attribute Service on the Web
October 1999
Joon S. Park, Ph.D.
Center for Computer High Assurance Systems
Naval Research Laboratory
Abstract

In this paper, we have
– identified the models for secure attribute
services on the Web
– developed

smart certificates based on X.509
– introduced

Possible applications of smart certificates
Introduction

WWW (World Wide Web)
– synthesizes diverse technologies and
components in Web environments
– widely used for electronic commerce and
business
– mostly, Web servers use identity-based
access control

scalability problem
Background

An attribute
– a particular property of an entity


e.g., role, group, clearance, etc.
If attributes are provided securely,
– Web servers can use those attributes


e.g., authentication, authorization, access
control, electronic commerce, etc.
A successful marriage of the Web and
secure attribute services is required
User-Pull Model
User-Pull Model

Each user
– pulls appropriate attributes from the Attribute
Server
– presents attributes and authentication information
to Web servers

Each Web server
– requires both identification and attributes from
users

No new connections for the same attributes
Server-Pull Model
Server-Pull Model

Each user
– presents only authentication information to Web
servers

Each Web server
– pulls users’ attributes from the Attribute Server



Authentication information and attribute do
not go together
More convenient for users
Less convenient for Web servers
X.509 Certificate






Digitally signed by a certificate authority to
confirm the information in the certificate
belongs to the holder of the corresponding
private key
support security on the Web based on PKI
standard
simply, bind users to keys
have the ability to be extended
Certificate Revocation List (CRL)
X.509 Certificate

Contents
– version, serial number, subject, validity
period, issuer, optional fields (v2)
– subject’s public key and algorithm info.
– extension fields (v3)
– digital signature of CA
X.509 Certificate
Smart Certificates

Short-Lived Lifetime
– More secure


typical validity period for X.509 is months (years)
the longer-lived certificates have a higher
probability of being attacked
– users may leave copies of the corresponding keys
behind
– No Certificate Revocation List (CRL)

supports simple and less expensive PKI
Smart Certificates

Containing Attributes Securely
– Web servers can use secure attributes for
their purposes
– Each authority has independent control on
the corresponding information


basic certificate (containing identity information)
each attribute can be added, changed, revoked,
or re-issued by the appropriate authority
– e.g., role, credit card numbers, clearance, etc.
Separate CAs in a Certificate
Smart Certificates

Postdated/Renewable Certificates
– The certificate becomes valid at some time
in the future

It is possible to make a smart certificate valid
for a set of duration
– The certificate can be renewed until the
“renewable time”


a user keeps renewing it for shorter period
no need for CRL
Smart Certificates

Confidentiality
– Sensitive information can be

encrypted in smart certificates
– e.g. passwords, credit card numbers, etc.
Applications of Smart Certificates
On-Duty Control
 Compatible with X.509
 User Authentication
 Electronic Transaction
 Pay-per-Access
 Eliminating Single-Point Failure
 Attribute-based Access Control

Conclusions

In this paper, we have
– identified the models for secure attribute
services on the Web
– developed

smart certificates based on X.509
– introduced

Possible applications of smart certificates
A Smart Certificate
Related documents
Internet Safety Lesson - High Point University
Internet Safety Lesson - High Point University
Webinar - Association for Molecular Pathology
Webinar - Association for Molecular Pathology
DevCOP: A Software Certificate Management System for Eclipse
DevCOP: A Software Certificate Management System for Eclipse
What Is a Share Certificate?
What Is a Share Certificate?
New technologies By all accounts, nanotechnology – the science of
New technologies By all accounts, nanotechnology – the science of
Association for Molecular Pathology Certificate of Attendance
Association for Molecular Pathology Certificate of Attendance
Undergraduate Academic Certificates College of Arts and Sciences
Undergraduate Academic Certificates College of Arts and Sciences
MEDICAL DEVICES SECTOR
MEDICAL DEVICES SECTOR
A Guide to Creating an International Marketing Plan
A Guide to Creating an International Marketing Plan
Networking Support Certificate C25340B
Networking Support Certificate C25340B
Social Media Marketing Certificate
Social Media Marketing Certificate
Securing Distribution Automation
Securing Distribution Automation
Cryptography and Network Security 4/e
Cryptography and Network Security 4/e
Certificates of Deposit - Federal Reserve Bank of New York
Certificates of Deposit - Federal Reserve Bank of New York