论文信息 - Scalable and efficient PKI for inter-organizational communication

Scalable and efficient PKI for inter-organizational communication

We propose an efficient and flexible system for a secure and authentic data exchange in a multiinstitutional environment, where the institutions maintain different databases and provide secure and limited access services to employees of other institutions. The main motivation for building such a system was to organize efficient cooperative use of state registers, in order to increase the efficiency and quality of public services in Estonia. In order to meet high security requirements, several contemporary measures are integrated (using digital signatures, distributing certificate information by means of DNS protocol and linking log files with cryptographic checksums). We give rationale for the design decisions made in the implementation process and conclude with the current state of public use of the resulting infrastructure.

Jan Willemson | Arne Ansper | Ahto Buldas | Margus Freudenthal

[1] Donald E. Eastlake,et al. Storing Certificates in the Domain Name System (DNS) , 1999, RFC.

[2] RETHINKING DEPARTMENT OF DEFENSE PUBLIC KEY INFRASTRUCTURE , 2000 .

[3] Stuart Haber,et al. How to time-stamp a digital document , 1990, Journal of Cryptology.

[4] Ahto Kalja,et al. Public e-Service Projects in Estonia , 2002, BalticDB&IS.

[5] Jan Willemson,et al. Efficient Long-Term Validation of Digital Signatures , 2001, Public Key Cryptography.

[6] Christopher Allen,et al. The TLS Protocol Version 1.0 , 1999, RFC.

[7] Donald E. Eastlake,et al. Domain Name System Security Extensions , 1997, RFC.

[8] Jan Willemson,et al. Time-Stamping with Binary Linking Schemes , 1998, CRYPTO.

[9] Tim Dean,et al. Domain Security Services using S/MIME , 2001, RFC.

[10] Paul V. Mockapetris,et al. Domain names - implementation and specification , 1987, RFC.

[11] Carlisle M. Adams,et al. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[12] Paul V. Mockapetris,et al. Domain names - concepts and facilities , 1987, RFC.