Abstract
A Certificate Management System (CMS) is used to generate, distribute, store and verify certificates. It supports secure electronic communication through its functions. This paper presents a state-based model for certificate management systems. The axiomatization of CMS structures and the security policy followed by CMSs is discussed. The main functions of a CMS, including certificate issuing, certificate revocation and certificate rekeying, are formally described through transitions that change states of the CMS. A major CMS client function, certificate verification, is also formally discussed. With this model, an approach to the formal specification of the structure and behavior of a CMS is provided. The approach is very general, and would be useful in guiding the developer and the evaluator of a CMS with the design, analysis and implementation of the system.
Chapter PDF
Similar content being viewed by others
Keywords
References
Eastaughffe, K.A., Ozols, M.A., Cant, A.: Proof tactics for a theory of state machines in a graphical environment. In: Proceedings of the 14th International Conference on Automated Deduction (CADE-14). Lecture Notes in Artificial Intellegince, pp. 366–379. Springer, Heidelberg (1997)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transaction on Information Theory 31, 469–472 (1985)
Ford, W.: Advances in public-key certificate standards. ACM SIGSAC Security Audit & Control Review 13(3) (1995)
Ford, W., Baum, M.: Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice-Hall, Englewood Cliffs (1997)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 public key infrastructure certificate and CRL profile. IETF X.509 PKI (PKIX) Working Group (Draft) (January 1999)
Kapidzic, N.: Extended certificate management system: Design and protocols. Technical report, DVS (1997)
Kapidzic, N.: Creating security applications based on the global certificate management system. Computers & Security 17, 507–515 (1998)
Kent, S.: Privacy Enhancement for Internet Electronic Mail, Part II: Certificate-Based Key Management, Request for Comments 1422. Network Working Group (1993)
Paulson, L.C.: ML for Working Programmer. Cambridge University Press, Cambridge (1991)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)
Trcek, D.: Organization of certification authorities in a global network. Computer Security Journal 10(1), 72–81 (1994)
Woo, T.Y.C., Lam, S.S.: Authorization in distributed systems: A new approach. Journal of Computer Security 2, 107–136 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, C., Ozols, M.A., Henderson, M., Cant, T. (2000). A State-Based Model for Certificate Management Systems. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 2000. Lecture Notes in Computer Science, vol 1751. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-46588-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-46588-1_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66967-8
Online ISBN: 978-3-540-46588-1
eBook Packages: Springer Book Archive