Technological infrastructure for PKI and digital certification

Secure E-Commerce and VPN technology is only possible with the use of appropriate security systems such as encryption, digital signatures, digital certificates, public/private key pairs, non-repudiation, and time-stamping. A PKI comprises a system of certificates, certificate authorities, subjects, relying partners, registration authorities, and key repositories that provide for safe and reliable E-business. This paper discusses these key technologies focusing particularly on recent standardisation as well as looking at some of the criticism and challenges to its widespread operation in the industry.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Tim Polk,et al.  Internet X.509 Public Key Infrastructure Representation of Elliptic Curve Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet X.509 Public Key Infrastructure Certificates , 1999 .

[3]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[4]  Carlisle M. Adams,et al.  Internet X.509 Certificate Request Message Format , 1999, RFC.

[5]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[6]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[7]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[8]  Jim Schaad,et al.  Certificate Management Messages over CMS , 2000, RFC.

[9]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[10]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[11]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) , 2001, RFC.

[12]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 , 1999, RFC.

[13]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates , 1999, RFC.

[14]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[15]  David W. Chadwick Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv3 , 2002 .

[16]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[17]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[18]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure LDAPv2 Schema , 1999, RFC.

[19]  Paul E. Hoffman,et al.  Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP , 1999, RFC.