Abstract: What is disclosed is a system and method that allows a secondary certificate authority to rely on one or more existing primary certificate authorities to establish identity of a user and provide identity certificates. The secondary certificate authority applies business rules to those identity certificates to establish a community of privilege, and then issues and maintains new privilege certificates without issuing new private keys or smart cards. The new privilege certificates bind the original identity, the sponsor, i.e., the primary certificate authority, and the privilege. The new privilege certificates can be used on a Public Key Infrastructures (PKI) transaction basis, for example, to grant access to unclassified and Multi-Level Secure (MLS) resources without further reference to the existing primary certificate authorities.

Abstract: An improved certificate issuing system may comprise a certificate translation engine for translating incoming certificates and certificate requests from a first format into a second format. A certificate issuing engine may then operate on incoming requests in the common format. The issuing engine can issue certificates to clients according to its certificate issuing policy. The policy may be expressed as data in a policy expression language that can be consumed at runtime, which provides for flexible and efficient changing of issuing policy. Issued certificates can be translated back into a format that is consumed by the requesting client. Such translation can be performed by the translation engine prior to delivery of certificates to requesting clients.

Abstract: Techniques for establishing implicit trust of authorship certification are provided. A message's domain is validated in response to a valid domain certificate. A message's author is validated in response to an author identification, which is acquired from the message and which is supplied to a domain service of the author. The domain service is implicitly trusted based on the domain being validated via the domain certificate. The domain service uses the author's identification to traverse to a specific location within the domain that houses an author certificate for the author. The author certificate is compared against a message certificate that accompanies the message in order to establish trust with the author and the author's message.

Abstract: Introduction Certification establishes a standard of competency in specific area and job roles (Montante & Khan, 2001). This helps industry to determine that employees meet the required credentials for different jobs roles thus requiring less training during the initial employment period. Hence, some job criteria require individuals to be certified in order to be considered for employment. To the certified individual, certification provides a greater sense of confidence in their abilities and a measure of professional expertise and understanding of the job role and products used in that role. It is for these reasons that certification is be coming increasingly popular and in high demand. Many training companies are providing certification-training classes at high costs all across the globe. Unlike traditional academic degrees, some certificates are specific to narrow fields or even to individual products. The aim is to provide targeted skills that have immediate applicability in the workplace. Cisco, Microsoft, Sun, Novel, Oracle, and other vendors offer certification programs for their own products and related job roles. Third-party companies around the world provide certificate-training classes for these vendors and, increasingly, offer certifications of their own that are venders neutral. Academic institutions, from vocational and technical schools to large universities, are beginning to provide similar training in their curricula to prepare students for certification in special areas (Peterson, Morneau, & Saad, 2003). This paper presents ideas for making changes to the existing IS curricula so that courses would help students prepare for certifications in areas such as Networks, Java programming, Hardware and Software, and Internet Technology. Certification Consensus There appears to be a consensus in the community about the importance of certification (Tripp, 2002; Cantor, 2002). In a 2001 IEEE Computer Society survey of software engineering professionals, more than 70% of the respondents agreed that certification would fill a need for improving the software engineering profession and that a software engineering certification program could be used to improve the engineering workforce. More than 67% agreed that certification helps assess an individual's software engineering knowledge and skills. While the role of certification is primarily for the public benefit, individual practitioners may also benefit. The participants in this survey were given a list of eight possible benefits of certification and asked to pick up to three that would best describe the benefits to an individual software engineering practitioner. More than 80% of respondents felt that certification provides recognized evidence of professional capability. Two-thirds felt that certification helps assess an individual's software engineering knowledge and skills, while 44 percent felt that it leads to greater professional recognition. Individuals may also seek certification for personal benefits such as increased opportunity for upward mobility, better ability to compete in the job market, and increased professional credibility, although these benefits were much lower rated by respondents. In the same survey, respondents identified the benefits of certification to an employer hiring a practitioner. The highest ranking was given to the statement that certification provides confidence in a standard set of knowledge areas with which the individual will be familiar. Employers may also view certification as a means for improving job performance and rewarding employees. Employers may also find that training certified employees take less time. Although the survey targeted software engineering certification the same argument is true for any other IT certification. Motivation to Include IT Certification in IS Curricula Certification can be defined as an indicator or confirmation of a person's adequate knowledge and skills in a specified occupation or a particular specialty in that occupation. …

Abstract: This paper extends the work described in "An Approach to the Formalisation of a Certification Policy", 7th International Symposium on System and Information Security (SSI 2005) by developing the preliminary formalisation process. It addresses the issue of rating the trustworthiness level of entities holding certificates issued by otherwise unconnected certification authorities by defining a set of criteria that have to apply to the certificate policy (CP) that rules their certificates. A semantic meaning of these criteria is given in this paper.

Abstract: Interoperability between PKIs (Public Key Infrastructure) is a major issue in several electronic commerce scenarios. A Relying Party (RP), in particular in an international setting, should not unduly put restrictions on selection of Certificate Authorities (CA) by its counterparts. Rather, the RP should be able to accept certificates issued by any relevant CA. Such acceptance implies not only the ability to validate certificates, but also an assessment of the risk related to acceptance of a certificate for the purpose at hand. We analyse common PKI trust models with respect to risk management, and argue that an independent, trusted Validation Authority (VA) may be a better approach for this task. A VA as suggested by this paper will also remove the need for complicated certificate path processing.

Abstract: Distributed systems could be more secure with distributed trust model based on PKI (public-key infrastructure). The format of certificate may be different among different PKI systems. Those differences may disturb some applications performing verification of the certificate chain. In this paper, how those differences work during mutual verifications is analyzed with the new concept "certificate-format-compatibility". Moreover, a new distributed trust model based on bridge CA (certificate authority) with high compatibility is designed out. Using this trust model, the mutual connections between entities in different trust domains would not be affected by the different certificate formats.

Abstract: Provided is an apparatus and method for issuing a certificate by receiving in real-time a user's consent in an online or offline environment. The apparatus includes: a database unit storing and managing a list of certificates requiring a user's consent and personal information containing the identity and a contact point of the user of the certificates; a determiner, when issuance of a certificate is requested, receiving identity information of an applicant and determining whether the certificate requested by the applicant is listed in the certificate list stored in the database unit; and a consent inquiry unit, when the requested certificate is listed in the certificate list, transmitting the identity information of the applicant and the name of the certificate to a contact point of the user of the certificate, which is stored in the database unit, and inquiring whether the user consents to the certificate issuance.

Abstract: This paper re-examines the problem of information asymmetry in the digital certificates market (Backhouse et al, 2003) It aims to discuss how market mechanisms such as rating systems may be more efficient than regulatory interventions in resolving the Lemons problem in this market In this research, we discuss the concept of rating systems in the economics literature, and explore their value as signaling devices for overcoming asymmetries of information and promoting trust between certification authorities and relying parties To operationalize this concept, we further suggest the use of semantic analysis as a method to signal the operational risk associated with each certificate authority We also provide an example of how semantic analysis may be used as a technique to rate the operational risk of certificate authorities The paper contributes to the current efforts seeking to resolve problems of trust in the digital certificate market, and provides some conceptual ideas for further research in this area

Abstract: Now,The PKI technology is a feasible project of solving the safe problem effectively.The article discusses the PKI's nucleus-CA,and expounds the corporation-rate CA's design way,and carefully recounts the CA's en- semble structure and device model.

Abstract: We consider a system where each user has a public key and a private key. In this system, a certificate is a data item that is issued by one user u and contains the public key of another user v. A third user w that knows the public key of u can verify that this certificate has not been corrupted (by an adversary) since it was issued by u, and so can accept the public key in the certificate as the correct public key of v. User w can use this accepted public key of v in two ways. First, w can securely communicate with v. Second, w can obtain more public keys of other users, as it used the public key of u to obtain the public key of v. However, the safety of the second use is questionable if u, the issuer of the certificate, has concluded that it cannot trust v enough to accept a public key merely because v accepts it. To solve this problem, we propose that each certificate should have a "rating". The rating of a certificate describes how much trust the issuer puts on the subject concerning key acceptance. We present an algorithm for computing a subgraph G.dst(src) of a certificate graph G, for a user src to find the correct public key of another user dst in G. The time complexity of this algorithm is 0(e), where e is the number of certificates in the system. This algorithm meets the lower bound of the worst case complexity.

Abstract: The deficiencies of traditional PKI are discussed.From the viewpoint of trust management,an implementation model for PKI authentication for across-certificates is presented on the base of framework of authenticating digital across-certificates.This model includes architecture for risk-based trust management,method to compute trust value of end certificate and the algorithm,and policy to trust a certificate.

Abstract: Because of the open, distributed and dynamic character of Peer-to-Peer(P2P), the security problem has become more difficult. It is significant to accomplish reasonable access control to resource in network. This paper proposes a trust management mode based on subjective trust value among entities for establishing initial trust relationship among entities and supporting authorization considering entities trust value. To accomplish certificate revocation, the authors provide revocation information publishing algorithm HYBRID and a method based on Bloom Filter vector to judge certificate validity. Experiments show the good performance of the proposed approaches.

Abstract: A server, method and/or computer-readable medium system for secure communication includes a certificate authority for generating certificates signed by the certificate authority and associated public and private keys for a client. The server further includes a directory of client attributes and client virtual attributes. At least one of the client virtual attributes is for, when receiving a query for a client that cannot be located in the directory, requesting the certificate authority to dynamically generate a certificate and associated public and private key for the client, and for storing the dynamically generated certificate and public key as a client attribute in the directory.

Abstract: Public key infrastructure has been proposed as a promising foundation for verifying the authenticity of communicating parties and transferring trust over the internet. One of the key issues in public key infrastructure is how to manage certificate revocations. Various technical solutions dealing with key revocation have been proposed. However, to the best of our best knowledge, no rigorous efforts have been made to understand the behavior of certificate revocation requests based on empirical data. Furthermore, there is no study on the managerial aspect of Certificate Revocation Release. In this study, based on the empirical data collected from VeriSign, we prove that a revocation system will become stable after a period of time. We show that different certificate authorities should take different strategies for releasing different types of certificate revocations. We also provide the exact steps by which certificate authorities can follow to derive optimal releasing strategies.

Abstract: Current trust structures suffer from a scaling problem, and some may have security problems Even given the topological simplification of bridge Certification Authorities, as cross certificate meshes grow in size and complexity, the number of possible routes between domains increases very quickly, and the time required for path building can increase beyond a tolerable delay for real-time operation This paper proposes a new modified bridge CA (BCA) In certification path process, the new BCA is trivial complexity than original one, but more efficient than unstructured mesh trust model And it also owns some other features Such as more security, less expensive cost based on existing PKI trust model and some etc For improving the performance of certification path process of the new model, we suggest an independent mechanism to automatically discovery and verify these certificate paths among these domains