YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Shao'an Lin,Dongming Lu

DOI: https://doi.org/10.1109/CACWD.2004.1349002

2004-01-01

Abstract:Virtual enterprise is a mode of enterprise organization and management. An efficient supporting platform brings a great deal of convenience to its operation. Based on the analysis of its characteristics and life cycle, this paper brings forward the main problems in realizing a supporting platform for virtual enterprise and discusses the corresponding solutions. Considering the inherent advantages of Web services, it presents a supporting platform based on Web services. Furthermore, the functional hierarchy model and the architecture of the platform are described in detail. Several key technologies are also discussed. Finally, This work presents an application example of this platform, and then evaluates the platform and draws a conclusion.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Bargav Jayaraman,Hannah Li,David Evans

DOI: https://doi.org/10.48550/arXiv.1706.03370

2017-10-10

Abstract:The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single point-of-failure that could have disastrous consequences, so CAs go to great lengths to attempt to protect and control the use of their private keys. Nevertheless, keys are sometimes compromised and may be misused accidentally or intentionally by insiders. We propose splitting a CA's private key among multiple parties, and producing signatures using a generic secure multi-party computation protocol that never exposes the actual signing key. This could be used by a single CA to reduce the risk that its signing key would be compromised or misused. It could also enable new models for certificate generation, where multiple CAs would need to agree and cooperate before a new certificate can be generated, or even where certificate generation would require cooperation between a CA and the certificate recipient (subject). Although more efficient solutions are possible with custom protocols, we demonstrate the feasibility of implementing a decentralized CA using a generic two-party secure computation protocol with an evaluation of a prototype implementation that uses secure two-party computation to generate certificates signed using ECDSA on curve secp192k1.

Cryptography and Security

Bo Zhou,Zhi-jun He,Jing-fan Tang

DOI: https://doi.org/10.1109/CIT.2005.61

2005-01-01

Abstract:With the development of web services related technologies, the enterprise business systems can be encapsulated through web services. The service oriented architecture can be adopted for the enterprise business processes. Specific interfaces are introduced between the web services of different enterprises for data exchanging to achieve the cross-enterprise systems integration. Different enterprises can be organized into virtual enterprise through web services to share resources and achieve win-win. This paper introduces an adaptive model of virtual enterprise based on dynamic composition of web services (DCWS-VE). A service execution plan will be dynamically built to aim at the target of the virtual enterprise through the composition of web services. The development and deployment of web services is separated to support the dynamically deploying and binding of the web service at run time. The members in the virtual enterprise will be located through the dynamic web service discovery based on DAML+OIL logic reasoning, and selected through the dynamic web services negotiation with multi- steps protocol to organize the virtual enterprise at run time. Electronic contract is adopted in the organizing process of virtual enterprise to achieve the stable running.

LI Lingfeng,TAN Jianrong,QI Guoning,JIAN Zhengfeng

DOI: https://doi.org/10.3321/j.issn:1004-132x.2001.z1.044

2001-01-01

Abstract:Part information online access system facilitates the members of a virtual enterprise to share data agilely and instantaneously. This paper presents the architecture that support sharing data and service between departments in an enterprise, or between enterprises. The components, such as data maintenance, publishing, search, presentation, user management, administration of the part information online access system are introduced. The part classification method, the data model for part information, the user scenario and the supplier scenario are described.

Yue Fu,Rong Du,Dagang Li

DOI: https://doi.org/10.1007/978-3-030-00018-9_25

2018-01-01

Abstract:Under some applications, identity-authentication must be involved into block-chain systems. However, the introduction of traditional PKI mechanism in block-chain systems is not proper for 3 reasons: (1) a centralized certification authority (CA) represents a single point of failure in the network; (2) the numbers and locations of nodes vary in time; (3) it introduces additional centralized factors in the block-chain system that is already decentralized. For the sake of decentralization multi-CA scenario is considered to distribute CA-functionality to nodes. Further, armed with secret sharing scheme, a practical distributed CA-based PKI scheme is proposed that is well-associated with existed mechanisms (such as POW) in the original system. Finally, solutions of verification and multi-level assigning issues are constructed via verifiable secret sharing and multilevel secret sharing tools.

Tiaojun Xiao

2002-01-01

Abstract:Virtual Enterprise(VE) is a promising scheme for future enterprise and the enterprise information infrastructure is one of the key technologies. The papers introduced the infrastructure to support cooperative environment in VE,analyzed the life cycle of VE and enterprise full-integrated solution employed. Based on the solution, a fundamental architecture with functional layers was investigated and the software architecture based on WWW and CORBA was designed.

陈刚,金芝,陆汝钤

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.z1.039

2002-01-01

Abstract:A virtual enterprise( VE)is a temporary alliance of enterprises that come together to share skills or core competence and resources in order to better respond to business opportunities. In order to offer their own services and to utilize the services of others in VE, it naturally demands the information sharing and interactions across organizational boundaries of enterprises. This paper presents a comprehensive methodology for building the distributed enterprises system that guarantees effectivity of coordinating and cooperating in the alliance of enterprise (i.e. virtual enterprise) .It introduces the main concepts underlying virtual enterprise and virtual enterprise model(VEM) .Then, it goes into details about the problem of defining a suitable VEM to effectively support coordination activities in the enterprises cooperation network(ECN).

Jian Chen,Fei Lu,Yuanzhe Liu,Sheng Peng,Zhiming Cai,Fu Mo

DOI: https://doi.org/10.1016/j.ijcip.2024.100661

IF: 3.683

2024-01-25

International Journal of Critical Infrastructure Protection

Abstract:With an increasing demand for authenticated data exchange between jurisdictions, ensuring the privacy and security of data interactions is crucial for national security, public health, and economic vitality, becoming a fundamental national infrastructure. Current solutions can be categorized into two types: fully decentralized autonomous systems based on blockchains or centralized solutions that rely on authoritative centers such as certification authorities (CAs). In reality, a balance needs to be struck between guaranteed authority and privacy independence. A certain authority is needed as an authorization guarantee, and decentralization is required to ensure privacy and the independence of the authority. This paper proposes a novel scheme, CT-MA-ABE (Cross-Trust Multiple Authorization Attribute-Based Encryption), to address these issues by implementing MA-ABE for cross-border institutional authorization interactions, utilize blockchain certification authority (BCA) for credibility and encryption-based authorization to protect attribute data privacy. This solution integrates the role of 'notary' in cross-border interactions, addressing the supervision problem in fully decentralized approaches while also considering the trust issue in centralized systems. This paper also introduces the Universal Certificate Authority Pool (UCAP), an innovative hybrid federated authorization method, creatively utilizing the implied authorization conditions of attributes to create a flexible and transitive authorization mechanism based on attribute relationships and extensions, enhancing privacy protection and improving the speed of authorization matrix calculation. The successful deployment of the system between the legal jurisdictions in South China, Zhuhai and Macau as a critical infrastructure component for securing data interactions further demonstrates its effectiveness as a reliable and secure solution.

engineering, multidisciplinary,computer science, information systems

Zi-Yuan Liu,Yi-Fan Tseng,Raylin Tso,Peter Shaojui Wang,Qin-Wen Su

DOI: https://doi.org/10.1016/j.jisa.2022.103176

IF: 4.96

2022-06-01

Journal of Information Security and Applications

Abstract:In public key infrastructure, a certificate, issued by a certificate authority (CA), is used to guarantee the connection between a user and her/his public key. In order to improve the efficiency, the concept of implicit certificate protocol is introduced by Girault and Gönther. In the existing implicit certificate protocol, a user must issue a certificate request to the CA for each key pair. However, in certain applications (e.g., IoT, sensor networks, and cryptocurrency), a user (or a device) will have multiple public/private key pairs that are related to the same identity. Therefore, the communication cost will be linearly related to the number of key pairs the user has. Furthermore, the storage cost of a large number of certificates is not an ideal property in practice. In this paper, to address the above issues, we proposed two schemes from the most widely used elliptic curve Qu–Vanstone implicit certificate scheme (ECQV). In our first scheme, called M-ECQV I, an ECQV certificate holder, who obtains an ECQV certificate issued by the certificate authority, can further issue multiple credentials with the same identity as ECQV certificate holder and the corresponding key pairs from the ECQV certificate. In our second scheme, called M-ECQV II, it not only supports the comparable functionality of M-ECQV I, but the verifier can ensure that the credentials are only used by the ECQV certificate holder (i.e., these credential are "self-use") to be suitable to different scenarios. In addition, the security models are well-defined and the rigorous security proofs are also given. Experimental results show that our schemes not only greatly improve the performance, but also reduce the storage cost.

computer science, information systems

Haijian ZHOU,Ping LUO,Daoshun WANG,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.025

2008-01-01

Abstract:Public key infrastructures (PKI) achieve authentication and key exchange by utilizing public key cryptography; however, the system's centralized models tend to be the bottleneck in the network. To improve PKI efficiency, a caching authentication model was developed. The model takes advantage of symmetric root key caching and public key certificates caching, with the caching authentication extended to among the certification authorities (CA) to increase re-usage of cached information. An improved certificate revocation list (CRL) look-up mechanism is introduced to enhance CRL look-up efficiency. Performance analyses show that, compared with the common X.509 protocol, the CA caching authentication effectively reduces the CRL look-up times and network communications in the authentication procedures. The authentication model eases bottlenecks for PKI frameworks, while guaranteeing authentication security and integrity.

CHEN Wei,CAO Jun-wei,QIAN Han

2013-01-01

Abstract:Virtual organization based secure accessing and sharing in desktop clouds CHEN Wei, CAO Jun-wei, QIAN Han (1. Research Institute of Information Technology, Tsinghua University, Beijing 100084, China; 2. Tsinghua National Laboratory for Information Science and Technology, Beijing 100084, China; 3. Department of Automation, Tsinghua University, Beijing 100084, China) Abstract: A desktop cloud is an implementation of hosted virtual desktops using cloud computing technology. Desktop clouds are one of the most popular applications for cloud computing. In this work, mechanisms for secure accessing and sharing of virtual desktops are investigated in details. The public key infrastructure (PKI) is utilized to create virtual organizations (VO). Within a VO, virtual machines are created, remote desktops are accessed and shared. PKI provides security mechanism and multiple users can share a virtual machine via VO trust management. In order to make remote channels secure, OpenVPN is adopted to build a private network, authenticating users and encrypting communications.

Qiang Li

DOI: https://doi.org/10.3390/fi15010025

2023-01-04

Future Internet

Abstract:Cellular vehicle to everything (C-V2X) is a technology to achieve vehicle networking, which can improve traffic efficiency and traffic safety. As a special network, the C-V2X system faces many security risks. The vehicle to vehicle (V2V) communication transmits traffic condition data, driving path data, user driving habits data, and so on. It is necessary to ensure the opposite equipment is registered C-V2X equipment (installed in the vehicle), and the data transmitted between the equipment is secure. This paper proposes a V2V identity authentication and key agreement scheme based on identity-based cryptograph (IBC). The C-V2X equipment use its vehicle identification (VID) as its public key. The key management center (KMC) generates a private key for the C-V2X equipment according to its VID. The C-V2X equipment transmit secret data encrypted with the opposite equipment public key to the other equipment, they authenticate each other through a challenge response protocol based on identity-based cryptography, and they negotiate the working key used to encrypt the communication data. The scheme can secure the V2V communication with low computational cost and simple architecture and meet the lightweight and efficient communication requirements of the C-V2X system.

Albert Wasef,Yixin Jiang,Xuemin Shen

DOI: https://doi.org/10.1109/GLOCOM.2008.ECP.129

2008-01-01

Abstract:In this paper, we propose an Efficient Certificate Management scheme for Vehicular networks (ECMV). The proposed scheme offers a flexible interoperability for certificate management in different administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate anywhere at anytime. In addition, an efficient time-limited certificate revocation for OBUs is introduced. It is demonstrated that the ECMV scheme can decrease the complexity of certificate management, and achieves excellent security and efficiency for vehicular communications.

Tao Li,Jianrong Tan,Lingfeng Li,Jiayin Gu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.02.001

2001-01-01

Abstract:Virtual Enterprise(VE) has been used in articulating the mode of 21st manufacturing enterprises.Plan reengineering within Virtual Enterprise alliances,Virtual Enterprise is based on the global enterprises＇ resource and realizes flexibility in the alliances.The most important problem of agile manufacturing enterprises is How to constitute the Virtual Enterprise rapidly.On account of Internet＇s development,the basis of realizing Virtual Enterprise is provided.This paper presents an project of Virtual Enterprise constitution which is Virtual Enterprise Service Agent.The application framework of VESA and business processing are also presented.

Thomas Hardjono,Alexander Lipton,Alex Pentland

DOI: https://doi.org/10.48550/arXiv.1909.08607

2019-09-18

Cryptography and Security

Abstract:The recent FATF Recommendations defines virtual assets and virtual assets service providers (VASP), and requires under the Travel Rule that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers. In this paper we discuss the notion of key ownership evidence as a core part of originator and beneficiary information required by the FATF Recommendation. We discuss approaches to securely communicate the originator and beneficiary information between VASPs, and review existing standards for public key certificates as applied to VASPs and virtual asset transfers. We propose the notion of a trust network of VASPs in which originator and beneficiary information, including key ownership information, can be exchanged securely while observing individual privacy requirements.

XU Feng,QI Yuguo,HUANG Hao,WANG Zhijian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.05.046

2006-01-01

Abstract:This article analyses the demand of private enterprise CA(certificate authority),demonstrates the feasibility of setting up CA inside enterprises through designing and implementation of a PKI system,and puts forward a detailed method to hide complexity of PKI system.