Building an Open Toolkit of Digital Certificate Validation for Mobile Web Services

Mobile devices can both consume and provide services. They act indeed as a peer, according to the OMA mobile Web services specification. It is a move from simple data sharing to full deliver of application services down to mobile devices. The use of digital certificates to ensure the provision of services is suitable because devices can belong to different trust domains without having previously an established relationship. Besides, by interoperability issues, the use of PKI continues to grow and move into diverse environments. However, applications making use of such certificates are burdened with the overhead of constructing and validating the certification paths. These processes can become more complex and costly than fixed-infrastructure networks due to the wireless communications and restricted processing and power capabilities. The IETF PKIX WG has specified different mechanisms for delegating the certificate validation and making lighter the status information obtaining. However, these are not supported currently by mobile devices. For these reasons, we propose to develop an open toolkit for X.509 public key certificate validating based on OpenSSL. This toolkit is being developed and tested successfully in PDAs.

[1]  Russ Housley,et al.  Delegated Path Validation and Delegated Path Discovery Protocol Requirements , 2001, RFC.

[2]  Ryan Hurst,et al.  The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments , 2007, RFC.

[3]  David Cooper,et al.  Server-Based Certificate Validation Protocol (SCVP) , 2007, RFC.

[4]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[5]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[6]  Peter Gutmann,et al.  Internet X.509 Public Key Infrastructure Operational Protocols: Certificate Store Access via HTTP , 2006, RFC.

[7]  Carlisle M. Adams,et al.  Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols , 2001, RFC.

[8]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[9]  Andrés Marín López,et al.  Enhancing access control for mobile devices with an agnostic trust negotiation decision engine , 2007, PWC.

[10]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[11]  Andrés Marín López,et al.  Developing a model for trust management in pervasive devices , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW'06).

[12]  René Mayrhofer Towards an Open Source Toolkit for Ubiquitous Device Authentication , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).