Bridge certification authorities: connecting B2B public key infrastructure with PAK and zero-knowledge proof
暂无分享,去创建一个
Businesses are deploying Public Key Infrastructures (PKIs) to support internal business processes, implement virtual private networks, and secure corporate assets. The ability to establish business relations inside the company as well as with other companies in a secure way is important for the operability of business in today's world; corporate PKIs may implement different architectures, security policies, and cryptographic suites in order to accomplish this goal. But communication beyond the PKI is established with other companies based on a trust relationship (B2B), which brings vulnerability provided by PKIs from different companies. A flexible mechanism is needed to link these corporate PKIs and translate corporate relationships with security mechanisms and policies. This is accomplished through a Password Authentication Protocol (PAK), which provides means to authenticate or validate users across Bridge Certification Authorities (BCA), where certificates authorities (CA) are limited and cannot reach over to the other side of the BCA. In such a way, PAK can guarantee authentication of end points without modifying the original PKI structure of companies and offer flexibility in the process of implementation. Additional to this, there are several other issues that must be solved; such as the ability to connect different company PKI without compromising any sensible information that might cause a conflict of commercial interests and still guarantee a certain level of security through an accreditation and validation of the parties in order to be certain with whom we are doing business. In order to achieve accreditation and validation of PKIs and not expose any sensible information that could compromise either parties, we also based our work on a zero-knowledge security protocol, letting each PKI continue with their security policies without having to adjust to specific needs, achieving a better security level of commercial transactions through such hardening process.
[1] Yacov Yacobi,et al. Privacy and Authentication on a Portable Communications System , 1993, IEEE J. Sel. Areas Commun..
[2] Sarvar Patel,et al. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.
[3] Liu Jianwei,et al. A user authentication protocol for digital mobile communication network , 1995, Proceedings of 6th International Symposium on Personal, Indoor and Mobile Radio Communications.