Title :
Secure in-band update of trusted certificates
Author :
Hayes, Capt James M
Author_Institution :
Office of INFOSEC Res. & Technol., MD, USA
Abstract :
The certificate authority (CA) is the central trust point in a public key infrastructure (PKI). Great care should be taken by users when they make a decision to trust a CA. Unfortunately, the average user will rely on the software to provide an appropriate security warning when something has gone wrong and therefore may not give much thought to the decision when performing such a security operation. The updating of a CA certificate is an issue that needs to be accomplished in a secure manner with little or no intervention by a user. Techniques are now in use that can allow for update of a CA´s certificate. The Secure Electronic Transaction´s (SET) root certificate update method is just one example, but in a specialized case. This paper discusses a practical solution that potentially any CA could use to provide a secure in-band update of a CA´s X.509 v3 certificate into a user´s personal security environment (PSE). A method is also discussed that Java programmers can use for update of self-signed X.509 v1 personal certificates in Java keystores as well
Keywords :
Java; object-oriented programming; public key cryptography; Java; Secure Electronic Transaction; X.509; certificate authority; personal security environment; public key infrastructure; root certificate update method; secure in-band update; trusted certificates; Application software; Authentication; Availability; Control systems; Electronic mail; Fingerprint recognition; Internet; Personnel; Public key; Quality of service;
Conference_Titel :
Enabling Technologies: Infrastructure for Collaborative Enterprises, 1999. (WET ICE '99) Proceedings. IEEE 8th International Workshops on
Conference_Location :
Stanford, CA
Print_ISBN :
0-7695-0365-9
DOI :
10.1109/ENABL.1999.805194
