In services offered over information networks, like electronic banking, validating the identity of a user and the authorities he has is a fundamental issue. There are many ways to perform this operation, some of which provide a higher degree of certainty and are easier to use than others. Public Key Infrastructure (PKI) based solutions are generally considered to be the most secure and reliable. In a mobile environment, where the same services can be used through different channels, like the web and the WAP, the issue of authentication and authorization is often more complex. For instance in a PKI managing the private key in such a manner that it can be used, without being compromised, on different device platforms is a challenge. The standardization of technologies to be used to solve the problems is advancing at a fast and steady pace. The actual implementations are lagging a step behind, especially when it comes to developing overall solutions for authentication and authorization.
[1]
Peter G. Neumann,et al.
The risks of key recovery, key escrow, and trusted third-party encryption
,
1997,
World Wide Web J..
[2]
Whitfield Diffie,et al.
New Directions in Cryptography
,
1976,
IEEE Trans. Inf. Theory.
[3]
E. Gerck.
Overview of Certification Systems: X.509, CA, PGP and SKIP
,
1999
.
[4]
Matthew D. Ford,et al.
Identity Authentication and 'E-Commerce'
,
1998,
J. Inf. Law Technol..
[5]
Marc Branchaud,et al.
A SURVEY OF PUBLIC- KEY INFRASTRUCTURES
,
1997
.
[6]
Ed Gerck.
Overview of Certification Systems: X.509, Pkix, Ca, Pgp & Skip
,
.