Skip to main content
SpringerLink
Log in

PKI design based on the use of on-line certification authorities

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Public-key infrastructures (PKIs) are considered the basis of the protocols and tools needed to guarantee the security of new Internet applications like electronic commerce, government-citizen relationships and digital distribution. This paper introduces a new infrastructure design, Cert’eM, a key management and certification system that is based on the structure of the electronic mail service and on the principle of near-certification. Cert’eM provides a secure means to identify users and distribute their public-key certificates, enhances the efficiency of revocation procedures, and avoids scalability and synchronization problems. Because we have considered the revocation problem as priority in the design process and a big influence in the rest of the PKI components, we have developed an alternative solution to the use of certificate revocation lists (CRLs). This has become one of the strongest points of this new scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ford W, Baum M (2000) Secure electronic commerce: building the infrastructure for digital signatures and encryption, 2nd ed. Prentice-Hall, New York

    Google Scholar 

  2. Kohl J (1989) The use of encryption in kerberos for network authentication. In: Advances in Cryptology – CRYPTO’89. Springer, Berlin Heidelberg New York, pp 35–43

  3. Kohl J, Neuman BC (1993) The Kerberos network authentication service (V5). Internet request for comment 1510

  4. Davis D (1995) Kerberos plus RSA for World Wide Web security. First USENIX Workshop on Electronic Commerce, pp 185–188

  5. Ganesan R (1995) Yaksha: augmenting Kerberos with public key cryptography. Internet Society Symposium on Network and Distributed Systems Security, pp 132–143

  6. Schiller J, Atkins D (1995) Scaling the web of trust: combining Kerberos and PGP to provide large scale authentication. USENIX Technical Conference

    Google Scholar 

  7. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

    Article  MathSciNet  Google Scholar 

  8. Clarke R (1997) Human identification in information systems: management challenges and public policy issues. Inf Technol People 7(4):6–37

    Article  Google Scholar 

  9. Garfinkel S, Spafford E (2001) Web security and commerce, 2nd Ed. O’Reilly & Associates

  10. European Commission (December 1999) Directive 1999/93 of the European parliament and the council on a community framework for electronic signatures. Official Journal L 013, 19/01/2000, pp 0012–0020

    Google Scholar 

  11. Wright B (1998) Making numbers ceremonial: signing tax returns with personal identification numbers. Personal communication

    Google Scholar 

  12. Detweiler L (1993) Identity, privacy and anonymity on the Internet. http://www.rewi.hu-berlin.de/jura/proj/dsi/Netze/privint.html

  13. ISO International Standard 9594 (1988) Information technology – open systems interconnection reference model: the directory

  14. International Telecommunication Union (1997) ITU-T Recommendation X.509, Information technology – open systems interconnection – The directory: authentication framework

  15. Lopez J, Maña A, Ortega JJ, Troya JM (2000) Distributed storage and revocation in digital certificate databases. In: 11th International Conference on Database and Expert Systems Applications (DEXA’00). LNCS 1873. Springer, Berlin Heidelberg New York, pp 930–938

  16. International Telecommunication Union (2000) ITU-T recommendation X.509, Information technology – open systems interconnection – The directory: public-key and attribute certificate frameworks

  17. Myers M, Ankney R, Malpani A, Galperin S, Adams C (1999) X.509 internet public key infrastructure. Online certificate status protocol – OCSP, Internet request for comment 2560

  18. Rivest R (1998) Can we eliminate revocation lists? In: Hirschfeld R (ed) Financial Cryptography. Second International Conference, FC’98, Anguilla, British West Indies, 23–25 February 1998. LNCS vol. 1465. Springer, Berlin Heidelberg New York, pp 178–183

  19. Eastlake D (March 1999) Domain name system security extensions. Internet request for comment 2535

  20. Lopez J, Maña A, Montenegro JA, Ortega JJ, Troya JM (June 2002) Designing software tools for the use of secure electronic forms. 3rd ACIS Int. Conf. on Software Engineering, Artificial Intelligence Networking and Parallel/Distributed Computing (SNPD’02), pp 157–163

  21. Mockapetris P (November 1987) Domain names – concepts and facilities. Internet request for comments 1034

  22. Hodges J, Morgan R (September 2002) Lightweight directory access protocol (v3): technical specification. Internet request for comment 3377

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Malaga, Campus de Teatinos, 29071, Malaga, Spain

    Javier Lopez, Antonio Maña, Jose A. Montenegro & Juan J. Ortega

Authors
  1. Javier Lopez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Maña
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jose A. Montenegro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan J. Ortega
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Javier Lopez.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lopez, J., Maña, A., Montenegro, J. et al. PKI design based on the use of on-line certification authorities. IJIS 2, 91–102 (2004). https://doi.org/10.1007/s10207-003-0027-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-003-0027-3

Keywords

Search

Navigation