W. Ford and M. S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, 2Ed. Prentice Hall, 2002.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....digital certificate will be revoked by the issuing TTP. This will be an indication to any prospective buyers that this seller doesn t behave honestly. On the other hand, if a buyer fails to submit payment upon receipt of product, the TTP can revoke Please refer to Schneier [26] Ford and Baum [11] for a thorough description of the public key cryptography and digital signatures. In practice, CAs can offer a range of certificates, graded according to the level of inquiry used to confirm the identity of the subject of the certificate. For example, VeriSign offers four classes of digital ....

W. Ford, M.S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice -Hall, New Jersey, 1997.

....cation consider a digital identity to be a public key. This public key would be a unique identi er for the party (person, computer machine, computer process, etc) and thus represents its digital identity. A widely used standard endorsing this approach is the X. 509 public key infrastructure [106, 92]. One major diculty in this approach is how one assigns the public keys to the parties; in particular, one usually wants a party s public key to be somehow tied to its identity: rather than being just a number, it would be more convenient if it included the name of party for instance. SPKI SDSI ....

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall PTR, second edition, 2000.

....involved. From the point of view of access modalities, m commerce services can be characterized as subscribed or un subscribed. Subscribed services, most of those are nowadays offered by the carriers themselves, are often personalized for the specific user and have a stronger security level [2][9]. The bigger disadvantage of this approach is that the activation of the subscription may be a complex process, that often cannot be accomplished through the same device used for the transaction, i.e. may require a wired connection, or a direct interaction with the supplier of the service. ....

W. Ford, M.S. Baum (2001), Secure electronic commerce: building the infrastructure for digital signatures and encryption. Prentice Hall

....bene ts. 3 SPKI SDSI NAMES 6 3.5 Certi cates. SPKI SDSI has two types of certi cates, or certs : name certs, which provide a de nition for a local name, and authorization certs, or auth certs, which confer authorization on a key or a name. Compared to X. 509 public key infrastructure schemes [15], our name cert is comparable to an ID certi cate, and to some forms of attribute certi cates , while our auth cert is comparable to an attribute certi cate that conveys authorization. However, the details and semantics di er signi cantly, and the reader should not interpret these comments ....

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice-Hall, 1997.

....and digitally signs packets to ensure the correct identification of their responsible party. The authentication process safely verifies the correspondence between principal identities and keys. Most authentication solutions delegate key lifecycle management to Public Key Infrastructures (PKIs) [9]. Authentication also ascertains the paternity of active packets by associating them with either their principal or their responsible role. A role models a collection of rights and duties that characterizes a particular position within an organization. A role based model facilitates the ....

....in packet headers. ANEP packets can be transmitted directly over the link layer, or they can be encapsulated within an existing network protocol such as IP. The current security support in ANEP is limited to the provision of one way authentication with X. 509 and SPKI self signed certificates [9]. All the network layer security approaches in the PN area have proposed specific extensions to the ANEP header to provide and manage security issues in a more general way. 3.1.1 Secure Active Network Environment SANE provides a layered security architecture to ensure the correct behavior of ....

[Article contains additional citation context not shown here]

Ford, W., Baum, M.S.: Secure Electronic Commerce - Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall (1997)

....PKIs discussed is original. All of the . in Action subsections are original. The discussion of basic cryptography in Chapter 2 is distilled from [St95] although all the figures are original. The discussion of the importance of having separate signature and encryption keys is adopted from [FoBa]. Most of Chapter 3, especially the ten basic characteristics, is original. Most of the italicized terms defined are common to the field, although the phrase CRL time granularity problem is original. Many of the definitions, as well as figures 5, 6 and 7, are adapted from [FoBa] Chapter 4 ....

....adopted from [FoBa] Most of Chapter 3, especially the ten basic characteristics, is original. Most of the italicized terms defined are common to the field, although the phrase CRL time granularity problem is original. Many of the definitions, as well as figures 5, 6 and 7, are adapted from [FoBa]. Chapter 4 is original. The description of PGP in Chapter 5 is derived from [Zimm] The critique of the PGP PKI is original. Chapter 6 s discussion of the X.509 and PEM standards is derived from [FoBa] and [RFC1422] including all the figures. The discussion of the implications of object ....

[Article contains additional citation context not shown here]

Ford, W. and Baum, M. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall, 1997.

.... Page 2 of 14 INTRODUCTION The use of public key cryptography for encryption and digital signatures requires the existence of a public key infrastructure (PKI) A PKI typically consists of one or several certification authorities (CAs) that issue and revoke certificates for users or other CAs (Ford and Baum, 1997). Since the term certificate was first introduced by Loren M. Kohnfelder to refer to a digitally signed record that consists of a name and a public key, binding a public key to a globally unique name has been assumed to be the primary purpose of a certificate (Kohnfelder, 1978) In fact, this ....

....authorization information about its owner. This information can be encoded in one of the X.509v3 standard or extension fields. Note, however, that there are at least two important reasons why caution should be taken in using X. 509v3 public key certificates for conveying authorization information (Ford and Baum, 1997): Page 7 of 14 . First, the authority that is most appropriate for verifying the identity of a person associated with a public key may not be appropriate for certifying the corresponding authorization information. For example, in a company the corporate security or personnel department may be ....

[Article contains additional citation context not shown here]

Ford, W., Baum, M.S. (1997), Secure Electronic Commerce: Building the Infrastructure for Digital Signatures & Encryption, Prentice Hall PTR, Upper Saddle River, NJ, (USA).

....describes their benefits. 3.5 Certificates. SPKI SDSI has two types of certificates, or certs : name certs, which provide a definition for a local name, and authorization certs, or auth certs, which confer authorization on a key or a name. Compared to X. 509 public key infrastructure schemes [12], our name cert is comparable to an ID certificate, and to some forms of attribute certificates , while our auth cert is comparable to an attribute certificate that conveys authorization. However, the details and semantics differ significantly, and the reader should not interpret these ....

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice-Hall, 1997.

....However, there are two major drawbacks: it is difficult to revoke or update any existing public key and it is difficult to add new public key for new user. Since an estimated 7,000 government agencies would exchange documents, we need a different approach. Public key infrastructures (PKI) [11] are comprised of supporting services that are needed for using public key technologies on a large scale. A public key certification system works by having a certification authority (CA) for generating and managing public key certificates. Each certificate [12] contains a public key value and ....

Warrick Ford and Michael S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, 1997.

.... ya dando servicios relacionados, e iniciativas a nivel nacional en distintos pa ises (como el Programa de Infraestructura de Llave P ublica de NIST en EUA, y el de Europa) Algunos de estos sistemas y compa n ias son, PGP, PEM, Entrust, Verisign, SDSI de MIT, y buenas referencias relacionadas [11, 9]. Recordemos que en un criptosistema de llave p ublica un usuario, digamos Alicia, genera una pareja de llaves privada y p ublica, K priv A y K pub A , guardando en secreto la primera, que le sirve para encriptar o firmar mensajes, y anunciando p ublicamente la segunda, que sirve para enviarle ....

Warwick Ford, Michael S. Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, 1997.

....validation by allowing verifiers to postpone the verification of a cached certificate s revocation state until the certificate is to be used. Also, lost CRLs are reliably retrieved only when a certificate verification is needed. While a push mechanism for CRL delivery is mentioned in [Pro94, FB97] we are not aware of any existing design that uses the push mechanism with provable correctness. As verifiers passively receive CRLs immediately following publication, the effects of CRL request implosion may be decreased or eliminated. In the normal case, the CRLs will arrive shortly after ....

W. Ford and M. Baum. Secure Electronic Commerce : Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall, Englewood Cliffs, New Jersey, 1997.

....processed at the time of their publication, cached certificates not revoked by the last published CRL will never be marked dirty and may continue to be used. In this case, we use CRL publication as a form of cache invalidation message. While a push mechanism for CRL delivery is mentioned in [9] [10], we are not aware of any existing design that uses the push mechanism with provable correctness. Where IP multicast is not available, several known techniques for providing scalable data distribution may be used to provide push delivery. While push delivery may improve the performance of windowed ....

W. Ford and M. Baum, Secure Electronic Commerce : Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, Englewood Cliffs, New Jersey, 1997.

....describes their benefits. 3.5 Certificates. SPKI SDSI has two types of certificates, or certs : name certs, which provide a definition for a local name, and authorization certs, or auth certs, which confer authorization on a key or a name. Compared to X. 509 public key infrastructure schemes [12], our name cert is comparable to an ID certificate, and to some forms of attribute certificates , while our auth cert is comparable to an attribute certificate that conveys authorization. However, the details and semantics differ significantly, and the reader should not interpret these ....

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice-Hall, 1997.

No context found.

W. Ford and M. S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, 2Ed. Prentice Hall, 2002.

No context found.

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice Hall, 2002.

No context found.

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice-Hall, 2002.

No context found.

W. Ford and M. S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice Hall, 2002.

No context found.

Warwick Ford, and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall PTR, 1997, page 251.

No context found.

Ford W., Baum M. , Secure Electronic Commerce -- Building Infrastruture for Digital Signatues and Encryption, Prentice Hall, 1997.

No context found.

Warwick Ford and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice Hall, 2002.

No context found.

W. Ford and M. S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Second Ed. Prentice Hall, 2002.

No context found.

W. Ford and M.S. Baum. Secure Electronic Commerce --- Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall PTR, second edition, 2001.

No context found.

Warwick Ford, and Michael S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall PTR, 1997.

No context found.

Ford, Warwick and Baum, "Secure Electronic Commerce : Building the Infrastructure for Digital Signatures and Encryption", Prentice hall, 1997

No context found.

Warwick Ford and Michael S. Baud. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption. Prentice Hall, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC