Skip to main content
SpringerLink
Log in

Managing certificates in a corporate environment

Gestion de Certificats dans L’Environnement D ’Entreprise

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

Many cryptographic security protocols make use of public key cryptography and corresponding public key certificates. In addition, it is possible and very likely that e-commerce applications will make heavy use of attribute certificates to address authorization. Against this background, this article overviews and briefly discusses the issues that suround the management of (public key and attribute) certificates in a corporate environment. In particular, the article introduces the topic, elaborates on possibilities to establish a corporate public key infrastructure (pki), overviews and briefly discusses the current offerings of two exemplary certification service providers, addresses the problems related to certificate revocation and authorization, and draws some conclusions. Further information about the topic can be found in Chapter 8 of [I].

Résumé

La plupart des protocoles de sécurité reposent sur les algorithmes à clé publique qui à leur tour nécessitent l’existence des mécanismes de certification de clés publiques. Outre la certification existante qui garantit l’identité des parties, les applications de commerce électronique nécessitent des certificats étendus qui traitent aussi le problème de l’autorisation. Cet article présente une revue des questions concernant la gestion des certificats (de clé) publique et d’attribut de contrôle d’accès) dans l’environnement d’entreprise. L’article aborde en détail le déploiement d’une infrastructure de clé publique (icp) dans l’entreprise, l’offre de deux principaux fournisseurs de service existants, le problème de révocation des certificats et l’autorisation à travers les certificats.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Oppliger (R.), Security technologies for the World Wide Web,Artech House, Norwood, MA, 1999

    Google Scholar 

  2. Ford (V.), Baum (M.S.), Secure electronic commerce: building the infrastructure for digital signatures & encryption,Prentice Hall ptr. Upper Saddle River, NJ, 1997.

    Google Scholar 

  3. Kohnfelder (L.M.), Towards a Practical public-key cryptosys-tem,Bachelor’s thesis, Massachusetts Institute of Technology (MIT), Cambridge, MA, May 1978.

    Google Scholar 

  4. Feghhi (J.), Feghhi (J.), Williams (P.), Digital certificates: applied Internet security,Addison-Wesley Longman, Reading. MA, 1999.

    Google Scholar 

  5. The directory - authentication framework,itu-t, Recommendation X.509, 1988.

  6. Kent (ST.), Internet privacy enhanced mail communications of the ACM, vol. 36, No. 8, August 1993, pp.48–60.

    Google Scholar 

  7. Housley (R.), Ford (W.), Polk (W.), Solo (D.), Internet X.509 public infrastructure, certificate and crl profile,Request for Comments 2459, January 1999.

  8. Adams (C), Internet X.509 public key infrastructure certificate management protocols,Request for Comments 2510, March 1999.

  9. Myers (M.), Adams (C), Solo (D.), and Kemp (D.), Internet X.509 Certificate request message format,Request for Comments 2511, March 1999.

  10. Chokhani (S.), Ford (W.), Internet X.509 public key infrastructure certificate policy and certification practices framework,Request for Comments 2527, March 1999.

  11. Housley (R.), Polk (W.), Internet X509 public key infrastructure representation of key exchange algorithm (kea) keys in Internet X.509 public key infrastructure certificate,Request for Comments 2528, March 1999.

  12. Boeyen (S.), Howes (T.), Richard (P.), Internet X.509 public key infrastructure operational protocols - ldapv2,Request for Comments 2559, April 1999.

  13. Yeong (Y.), Howes (T.), Kille (S.), Lightweight directory access protocol,Request for Comments, 1777 March 1995.

  14. Boeyen (S.), Howes (T.), Richard (P.), Internet X.509 public key infrastructure ldapv2 schema,Request for Comments 2587, June 1999.

  15. Housley (R.), Hoffman (P.), Internet X.509 public key infrastructure operational protocols: ftp and http,Request for Comments 2585, May 1999.

  16. Myers (M.), Ankney (R.), Malpani (A.), Galperin (S.), Adams (C), X.509 Internet public key infrastructure online, certificate status protocol- oscp,Request for Comments 2560, June 1999.

  17. Ellison (C), establishing identity without certification authorities,Proceedings of usenix Security Symposium, July 1996.

  18. Feigenbaum (J.), Towards an infrastructure for auhorization, position paper,Proceedings of usenix Workshop on Electronic Commerce, 1998.

  19. Rivest (R.L.), Lampson (B.), sdsi - A simple distributed security infrastructure, April 1996.

  20. Rivest (R.L.), S-Expressions, http://theory.lcs.mit.edu/~rivestsexp.txt, May 1997.

  21. Abadi (M.), On SDSl’s linked local name spaces.Proceedings of 10 th IEEE Computer Security Foundations Workshop, June 1997, pp. 98–108.

  22. Fredette (M.H.), An implementation of sdsi - the simple distributed security infrastructure,Master’s thesis, Massachusetts Institute of Technology (mit), Cambridge MA, May 1997.

    Google Scholar 

  23. Morcos (A.), A Java implementation of simple distributed security infrastructure,Master’s thesis, Massachusetts Institute of Technology (MIT), Cambridge, MA, May 1998.

    Google Scholar 

  24. Elien (J.E.), Certificate Discovery Using Spki/sdsi 2.0 certificates,Master’s thesis, Massachusetts Institute of Technology (mit), Cambridge, MA, May 1998.

    Google Scholar 

  25. Oppliger (R.), Pernul (G.), Strauss (C), Using attribute certificates to implement role-based authorization and access control models,work in progress.

  26. Oppliger (R.), Authentication systems for secure networks,Artech House Publishers, Norwood, MA, 1996.

    Google Scholar 

  27. Oppliger (R.), Greuligh (A.), Trachsel (P.), A distributed certificate management system (dcms) supporting group-based access controls,Proceedings of 15 th Annual Computer Security Applications Conference (ACSAC ’99), December 1999.

  28. Micali (S.), Efficient certificate revocation, Massachusetts Institute of Technology (mit),Technical Memo MlT/LCS/TM-542b 1996.

  29. Merkle (R.C.), A certified digital signature,Proceedings of CRYPTO ’89, 1989, pp. 234–246.

  30. Kocher (P.), A quick introduction to certificate revocation trees (CRTS)

  31. Naor (M.), Nissim (K.), Certificate revocation and certificate update,Proceedings of 7 th usenix Security Symposium, January 1998.

  32. Oppliger (R.), Authorization methods for e-commerce applications,Proceedings of 18 th IEEE Symposium on Reliable Distributed Systems, October 1999.

  33. Blaze (M.), Feigenbaum (J.), Lacy (J.), Decentralized Trust Management,Proceedings of IEEE Conference on Security and Privacy, 1996, pp. 164–173.

  34. Blaze (M.), Feigenbaum (J.), Strauss (M.), Compliance-checking in the policy maker trust-management system,Proceedings of Financial Cryptography, 1998, pp. 251–265.

  35. Rubin (A.D.), Geer (D.), Ranum (M.J.), Web security source-book, John Wiley & Sons, Inc. New York NY, 1997.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. eSecurity Technologies Rolf Oppliger, Thunslrasse 57b, CH-3074, Mûri, Switzerland

    Rolf Oppliger

Authors
  1. Rolf Oppliger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rolf Oppliger.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Oppliger, R. Managing certificates in a corporate environment. Ann. Télécommun. 55, 341–351 (2000). https://doi.org/10.1007/BF02994842

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02994842

Mots clés

Key words

Search

Navigation