IDUP and SPKM: developing public-key-based APIs and mechanisms for communication security services

In this paper we discuss progress in the development of application program interfaces (APIs) and mechanisms which provide a comprehensive set of security services to application developers. The APIs, though similar, are designed for distinct environments: the session API (“GSS”) is aimed at the on-line real-time messaging environment; the store-and-forward API (“IDUP”) is particularly suited to electronic-mail types of environments (where messages are secured independently of any an-line communication with intended recipients of those messages). Both APIs are designed to be easy to use, yet with appropriate public-key-based mechanisms (such as SPKM and PIM) include many necessary services for communication security, such as data origin authentication, data confidentiality, data integrity, and support for non-repudiation. A full key management and certification infrastructure can be provided by implementations of these APIs/mechanisms in a way which is completely transparent to the calling application thus ensuring maximum flexibility and scalability to future environments