Biao Li,Kaiyu Dai,Shensheng Zhang

DOI: https://doi.org/10.1109/WECWIS.2001.933927

2001-01-01

Abstract:Certificate authority is the core component of public key infrastructure. However, the traditional structure of CA is either hierarchical or reticular, unsuitable for the security requirements of the new trends in enterprise cooperation, namely the virtual enterprise (VE). In this paper a new idea, the virtual certificate authority (VCA), is proposed, as well as its implementation. The goal of VCA is to provide a certificate service over virtual enterprises while keeping the CA of each participant intact as much as possible. Unlike PEM, PGP, and BCA, by using the secret sharing scheme, virtual CA avoids the need for TTP and supports the virtual enterprise's feature of dynamical construction and destruction

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Shao'an Lin,Dongming Lu

DOI: https://doi.org/10.1109/CACWD.2004.1349002

2004-01-01

Abstract:Virtual enterprise is a mode of enterprise organization and management. An efficient supporting platform brings a great deal of convenience to its operation. Based on the analysis of its characteristics and life cycle, this paper brings forward the main problems in realizing a supporting platform for virtual enterprise and discusses the corresponding solutions. Considering the inherent advantages of Web services, it presents a supporting platform based on Web services. Furthermore, the functional hierarchy model and the architecture of the platform are described in detail. Several key technologies are also discussed. Finally, This work presents an application example of this platform, and then evaluates the platform and draws a conclusion.

Yan Zhuang,Dan Xu,Kailong Zhang,Jingui Pan,Jiming Chen

DOI: https://doi.org/10.1109/iccs.2008.4737241

2008-01-01

Abstract:Collaborative virtual environment (CVE) is a multi-user virtual environment that supports distributed collaboration. The two main issues that CVE is facing are how to improve system scalability and quality of service. Combining Active routing and content-based publish/subscribe and taking bi-directional shared multicast tree as the communication structure of Interest Management, Active interest management (AIM) can effectively improve system scalability. However, due to the lack of network monitoring, it can only provide same services, and consequently cannot guarantee services and alleviate system workload when it gets saturated. In this paper, we propose a QoS-based Adaptive Access control (QAAC) approach which includes dynamic system delay maintenance, active router verification and host low start. By QAAC, we dynamically control the access of hosts based on network status to improve services and scalability in AIM. Finally, experiment results show that this approach can stabilize network traffic, reduce system load and provide better collaboration services.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

Qingrui Xu,Jin Chen,Bin Guo

DOI: https://doi.org/10.1109/IEMC.1996.547911

1996-01-01

Abstract:In Western view, Vitural Enterprise (VE) is the attempt to be more competitive in timing. But in China, VE is mainly used to bridge the capability-gap between R&D, manufacturing and marketing. Because ERCs are a brand new style of scientific research organization as well as a new type Vitural 'Enterprise' in China, there are inevitably some problems in establishment and operation of ERCs. This paper, based on the extensive case study on the ERCs in China, one in America and Cooperative Research Center in Australia, with the expectation to explore the effective establishment and management mode of ERCs in China.

Bargav Jayaraman,Hannah Li,David Evans

DOI: https://doi.org/10.48550/arXiv.1706.03370

2017-10-10

Abstract:The security of TLS depends on trust in certificate authorities, and that trust stems from their ability to protect and control the use of a private signing key. The signing key is the key asset of a certificate authority (CA), and its value is based on trust in the corresponding public key which is primarily distributed by browser vendors. Compromise of a CA private key represents a single point-of-failure that could have disastrous consequences, so CAs go to great lengths to attempt to protect and control the use of their private keys. Nevertheless, keys are sometimes compromised and may be misused accidentally or intentionally by insiders. We propose splitting a CA's private key among multiple parties, and producing signatures using a generic secure multi-party computation protocol that never exposes the actual signing key. This could be used by a single CA to reduce the risk that its signing key would be compromised or misused. It could also enable new models for certificate generation, where multiple CAs would need to agree and cooperate before a new certificate can be generated, or even where certificate generation would require cooperation between a CA and the certificate recipient (subject). Although more efficient solutions are possible with custom protocols, we demonstrate the feasibility of implementing a decentralized CA using a generic two-party secure computation protocol with an evaluation of a prototype implementation that uses secure two-party computation to generate certificates signed using ECDSA on curve secp192k1.

Cryptography and Security

Bo Zhou,Zhi-jun He,Jing-fan Tang

DOI: https://doi.org/10.1109/CIT.2005.61

2005-01-01

Abstract:With the development of web services related technologies, the enterprise business systems can be encapsulated through web services. The service oriented architecture can be adopted for the enterprise business processes. Specific interfaces are introduced between the web services of different enterprises for data exchanging to achieve the cross-enterprise systems integration. Different enterprises can be organized into virtual enterprise through web services to share resources and achieve win-win. This paper introduces an adaptive model of virtual enterprise based on dynamic composition of web services (DCWS-VE). A service execution plan will be dynamically built to aim at the target of the virtual enterprise through the composition of web services. The development and deployment of web services is separated to support the dynamically deploying and binding of the web service at run time. The members in the virtual enterprise will be located through the dynamic web service discovery based on DAML+OIL logic reasoning, and selected through the dynamic web services negotiation with multi- steps protocol to organize the virtual enterprise at run time. Electronic contract is adopted in the organizing process of virtual enterprise to achieve the stable running.

Xiaowei Li,Hongxiang Sun,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664413

2012-01-01

Abstract:Numerous virtual machines have been designed to make full use of the adequate resources and facilitate people's lives. In turn, it results in the necessity of communication between the virtual machines. As we know, the data of communication between the virtual machines which located on the different hosts, could potentially be altered or intercepted during transport. To solve the problem, we design and operation of the transparent encryption-decryption communication mechanism (TEDCM) in the privilege virtual machine, the result suggests that the TEDCM in our paper is a good choice to solve the problem of information leakage.

LI Lingfeng,TAN Jianrong,QI Guoning,JIAN Zhengfeng

DOI: https://doi.org/10.3321/j.issn:1004-132x.2001.z1.044

2001-01-01

Abstract:Part information online access system facilitates the members of a virtual enterprise to share data agilely and instantaneously. This paper presents the architecture that support sharing data and service between departments in an enterprise, or between enterprises. The components, such as data maintenance, publishing, search, presentation, user management, administration of the part information online access system are introduced. The part classification method, the data model for part information, the user scenario and the supplier scenario are described.

关勇,余少华,戴一奇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.20.011

2004-01-01

Abstract:This paper presents the concept of multi-collaborative certificate validation agent to centralize processing these activities , designs a uniform message format to hide the variety of difference about current certificate validation protocol and gives a series of message communications mechanism,which is more valuable to be refered.

Albert Wasef,Yixin Jiang,Xuemin Shen

DOI: https://doi.org/10.1109/TVT.2009.2028893

2010-01-01

Abstract:In this paper, we propose an efficient distributed-certificate-service (DCS) scheme for vehicular networks. The proposed scheme offers flexible interoperability for certificate service in heterogeneous administrative authorities and an efficient way for any onboard units (OBUs) to update its certificate from the available infrastructure roadside units (RSUs) in a timely manner. In addition, the DCS scheme introduces an aggregate batch-verification technique for authenticating certificate-based signatures, which significantly decreases the verification overhead. Security analysis and performance evaluation demonstrate that the DCS scheme can reduce the complexity of certificate management and achieve excellent security and efficiency for vehicular communications.

Zhiwei Gao,Ping Luo,Zhimin Gu,Hongjun Liu

DOI: https://doi.org/10.1109/mue.2007.33

2007-01-01

Abstract:Establishing trust on certificates across multiple domains requires an efficient certification path discovery algorithm. In this work, we propose and implement a model based on rigorous binary tree algorithm for efficient certification path discovery. Our model has four advantages. First, there is no any bottleneck problem when establishing a certification path. Second, its authentication path is short with no more than two entities intervened. Third, not need to inquire about a certificate revolution list. Fourth, it's easy to extend and suitable for large-scale network.

XU Feng,QI Yuguo,HUANG Hao,WANG Zhijian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.05.046

2006-01-01

Abstract:This article analyses the demand of private enterprise CA(certificate authority),demonstrates the feasibility of setting up CA inside enterprises through designing and implementation of a PKI system,and puts forward a detailed method to hide complexity of PKI system.

Zi-Yuan Liu,Yi-Fan Tseng,Raylin Tso,Peter Shaojui Wang,Qin-Wen Su

DOI: https://doi.org/10.1016/j.jisa.2022.103176

IF: 4.96

2022-06-01

Journal of Information Security and Applications

Abstract:In public key infrastructure, a certificate, issued by a certificate authority (CA), is used to guarantee the connection between a user and her/his public key. In order to improve the efficiency, the concept of implicit certificate protocol is introduced by Girault and Gönther. In the existing implicit certificate protocol, a user must issue a certificate request to the CA for each key pair. However, in certain applications (e.g., IoT, sensor networks, and cryptocurrency), a user (or a device) will have multiple public/private key pairs that are related to the same identity. Therefore, the communication cost will be linearly related to the number of key pairs the user has. Furthermore, the storage cost of a large number of certificates is not an ideal property in practice. In this paper, to address the above issues, we proposed two schemes from the most widely used elliptic curve Qu–Vanstone implicit certificate scheme (ECQV). In our first scheme, called M-ECQV I, an ECQV certificate holder, who obtains an ECQV certificate issued by the certificate authority, can further issue multiple credentials with the same identity as ECQV certificate holder and the corresponding key pairs from the ECQV certificate. In our second scheme, called M-ECQV II, it not only supports the comparable functionality of M-ECQV I, but the verifier can ensure that the credentials are only used by the ECQV certificate holder (i.e., these credential are "self-use") to be suitable to different scenarios. In addition, the security models are well-defined and the rigorous security proofs are also given. Experimental results show that our schemes not only greatly improve the performance, but also reduce the storage cost.

computer science, information systems

Kai Lei,Zhongjie Wang

DOI: https://doi.org/10.1109/iccse.2012.6295245

2012-01-01

Abstract:Content-Centric Networking (CCN) is a predominant substitute of the current TCP/IP networking and it is proposed to be the next generation Internet foundation. The evident characteristic of this network architecture is caching and indexing contents by the inner nodes - the routers, so as to reduce the redundant transmission and thereby shorten the distance between user and content. In this paper, we propose and implement a user authentication scheme over CCN. We adopt the trust model based on certificate authority (CA) to provide the service of binding certificate with user's identity, and help user determine the authenticity and reliability of the publisher of the network content. Also the specialized CA we designed for CCN takes advantage of the decentralization characteristic and cache mechanism of CCN to distribute the certificates and certificate revocation list (CRL) into the network, and it reduces the load of the CA central server when retrieving and verifying certificates. Besides, we propose a timeline-based method to segment the CRL with certificate issue date, thereby making the retrieval of CRL more effective.

Yue Fu,Rong Du,Dagang Li

DOI: https://doi.org/10.1007/978-3-030-00018-9_25

2018-01-01

Abstract:Under some applications, identity-authentication must be involved into block-chain systems. However, the introduction of traditional PKI mechanism in block-chain systems is not proper for 3 reasons: (1) a centralized certification authority (CA) represents a single point of failure in the network; (2) the numbers and locations of nodes vary in time; (3) it introduces additional centralized factors in the block-chain system that is already decentralized. For the sake of decentralization multi-CA scenario is considered to distribute CA-functionality to nodes. Further, armed with secret sharing scheme, a practical distributed CA-based PKI scheme is proposed that is well-associated with existed mechanisms (such as POW) in the original system. Finally, solutions of verification and multi-level assigning issues are constructed via verifiable secret sharing and multilevel secret sharing tools.

Albert Wasef,Yixin Jiang,Xuemin Shen

DOI: https://doi.org/10.1109/GLOCOM.2008.ECP.129

2008-01-01

Abstract:In this paper, we propose an Efficient Certificate Management scheme for Vehicular networks (ECMV). The proposed scheme offers a flexible interoperability for certificate management in different administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate anywhere at anytime. In addition, an efficient time-limited certificate revocation for OBUs is introduced. It is demonstrated that the ECMV scheme can decrease the complexity of certificate management, and achieves excellent security and efficiency for vehicular communications.