Graded Trust of Certificates and Its Management with Extended Path Validation

DOI 情報処理学会 Web Site 参考文献9件

この論文をさがす

抄録

In modern information service architectures, many servers are involved in service building, in which servers must rely on the information provided by other servers thereby creating a trust. This trust relation is central to building services in distributed environments, and is closely related to information security. Almost every standard on information security is concerned with the internal control of an organization, and particularly with authentication. In this paper, we focus on a trust model of certificate authentication. Conventionally, a trust model of certificates is defined as a validation of chains of certificates. However, today, this trust model does not function well because of the fragmentation problem caused by complexities of paths and by fine a requirement at security levels. In this paper, we propose “dynamic path validation” together with another trust model of PKI for controlling this situation. First, we propose Policy Authority. Policy Authority assigns a level of compliance (LoC) to CAs in its trust domain. LoC is evaluated in terms of the certificate common criteria of Policy Authority. Moreover, it controls the path building with considerations of LoC. Therefore, we can flexibly evaluate levels of CP/CPS's in a single server. In a typical bridge model, we need as many bridge CAs as the number of required levels of CP/CPS's. In our framework, instead, we can do the same task in a single server, by which we can save costs of maintaining lists of trust anchors at multiple levels.

収録刊行物

参考文献 (9)*注記

もっと見る

関連プロジェクト

もっと見る

キーワード

詳細情報 詳細情報について

問題の指摘

ページトップへ